6c499a4af1f9348ab6ffdcf49eabb0999f2d60976cca109cb4812747c5b7e1db

Resubmissions

22/07/2024, 19:36

240722-yblayathqf 6

22/07/2024, 19:33

240722-x9gjzatgnd 4

22/07/2024, 19:29

240722-x7n62atfpf 6

Analysis

max time kernel
119s
max time network
123s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
22/07/2024, 19:36

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

accesibility_window_abc.png
Size

457B
MD5

bea6c589482c2d3823e16178a9e3eb64
SHA1

e19805c08e403f06b7579626fcb6e34166dc9d5d
SHA256

6c499a4af1f9348ab6ffdcf49eabb0999f2d60976cca109cb4812747c5b7e1db
SHA512

892fb6079d12a8b86872ffcdb2dc309993400ec82e99eac275e1e1ae1a402bfdfaf39fb171dafcd0d4579d020d55208281392eb186d02d897b73fe5a22182489

Score

6^/10

Malware Config

Signatures

Enumerates connected drives 3 TTPs 48 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\j:	SearchIndexer.exe
File opened (read-only)	\??\U:	SearchIndexer.exe
File opened (read-only)	\??\E:	SearchIndexer.exe
File opened (read-only)	\??\B:	SearchIndexer.exe
File opened (read-only)	\??\g:	SearchIndexer.exe
File opened (read-only)	\??\i:	SearchIndexer.exe
File opened (read-only)	\??\I:	SearchIndexer.exe
File opened (read-only)	\??\K:	SearchIndexer.exe
File opened (read-only)	\??\m:	SearchIndexer.exe
File opened (read-only)	\??\n:	SearchIndexer.exe
File opened (read-only)	\??\b:	SearchIndexer.exe
File opened (read-only)	\??\Q:	SearchIndexer.exe
File opened (read-only)	\??\r:	SearchIndexer.exe
File opened (read-only)	\??\T:	SearchIndexer.exe
File opened (read-only)	\??\v:	SearchIndexer.exe
File opened (read-only)	\??\w:	SearchIndexer.exe
File opened (read-only)	\??\X:	SearchIndexer.exe
File opened (read-only)	\??\Z:	SearchIndexer.exe
File opened (read-only)	\??\P:	SearchIndexer.exe
File opened (read-only)	\??\R:	SearchIndexer.exe
File opened (read-only)	\??\y:	SearchIndexer.exe
File opened (read-only)	\??\p:	SearchIndexer.exe
File opened (read-only)	\??\o:	SearchIndexer.exe
File opened (read-only)	\??\u:	SearchIndexer.exe
File opened (read-only)	\??\l:	SearchIndexer.exe
File opened (read-only)	\??\h:	SearchIndexer.exe
File opened (read-only)	\??\k:	SearchIndexer.exe
File opened (read-only)	\??\N:	SearchIndexer.exe
File opened (read-only)	\??\O:	SearchIndexer.exe
File opened (read-only)	\??\q:	SearchIndexer.exe
File opened (read-only)	\??\W:	SearchIndexer.exe
File opened (read-only)	\??\F:	SearchIndexer.exe
File opened (read-only)	\??\A:	SearchIndexer.exe
File opened (read-only)	\??\H:	SearchIndexer.exe
File opened (read-only)	\??\M:	SearchIndexer.exe
File opened (read-only)	\??\S:	SearchIndexer.exe
File opened (read-only)	\??\x:	SearchIndexer.exe
File opened (read-only)	\??\z:	SearchIndexer.exe
File opened (read-only)	\??\a:	SearchIndexer.exe
File opened (read-only)	\??\J:	SearchIndexer.exe
File opened (read-only)	\??\L:	SearchIndexer.exe
File opened (read-only)	\??\s:	SearchIndexer.exe
File opened (read-only)	\??\Y:	SearchIndexer.exe
File opened (read-only)	\??\G:	SearchIndexer.exe
File opened (read-only)	\??\e:	SearchIndexer.exe
File opened (read-only)	\??\t:	SearchIndexer.exe
File opened (read-only)	\??\V:	SearchIndexer.exe
File opened (read-only)	\??\D:	SearchIndexer.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-123 = "Microsoft Word Document"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-125 = "Microsoft Word Template"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\mshta.exe,-6412 = "HTML Application"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-175 = "Microsoft PowerPoint Slide Show"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-114 = "OpenDocument Spreadsheet"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\windows.storage.dll,-10152 = "File folder"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DVR-MS	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\MPEG2Demultiplexer	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9934 = "AVCHD Video"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	SearchFilterHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{AEB16279-B750-48F1-8586-97956060175A} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000007a95d8db6edcda01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-140 = "Microsoft OneNote Section"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{3DBEE9A1-C471-4B95-BBCA-F39310064458} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000091e7a8db6edcda01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-101 = "Microsoft Excel Worksheet"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	SearchFilterHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133661506776700253"	chrome.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{A38B883C-1682-497E-97B0-0A3A9E801682} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000001b501be6edcda01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Default DirectSound Device	SearchFilterHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00	LogonUI.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\ieframe.dll,-912 = "HTML Document"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DVR-MS\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2	SearchProtocolHost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-142 = "Microsoft OneNote Table Of Contents"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-103 = "Microsoft Excel Macro-Enabled Worksheet"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2T\OpenWithList	SearchProtocolHost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432"	LogonUI.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-121 = "Microsoft Word 97 - 2003 Template"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9932 = "MP4 Video"	SearchProtocolHost.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\MPEG2Demultiplexer	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit\{4EFE2452-168A-11D1-BC76-00C04FB9453B}\Default MidiOut Device	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\ieframe.dll,-24585 = "Cascading Style Sheet Document"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-131 = "Rich Text Format"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-124 = "Microsoft Word Macro-Enabled Document"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-120 = "Microsoft Word 97 - 2003 Document"	SearchProtocolHost.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3996	chrome.exe
3996	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe
Token: SeShutdownPrivilege	3996	chrome.exe
Token: SeCreatePagefilePrivilege	3996	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5080	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3996 wrote to memory of 1580	3996	chrome.exe	91
PID 3996 wrote to memory of 1580	3996	chrome.exe	91
PID 3996 wrote to memory of 2092	3996	chrome.exe	92
PID 3996 wrote to memory of 2092	3996	chrome.exe	92
PID 3996 wrote to memory of 2092	3996	chrome.exe	92
PID 3996 wrote to memory of 2092	3996	chrome.exe	92
PID 3996 wrote to memory of 2092	3996	chrome.exe	92
PID 3996 wrote to memory of 2092	3996	chrome.exe	92
PID 3996 wrote to memory of 2092	3996	chrome.exe	92
PID 3996 wrote to memory of 2092	3996	chrome.exe	92
PID 3996 wrote to memory of 2092	3996	chrome.exe	92
PID 3996 wrote to memory of 2092	3996	chrome.exe	92
PID 3996 wrote to memory of 2092	3996	chrome.exe	92
PID 3996 wrote to memory of 2092	3996	chrome.exe	92
PID 3996 wrote to memory of 2092	3996	chrome.exe	92
PID 3996 wrote to memory of 2092	3996	chrome.exe	92
PID 3996 wrote to memory of 2092	3996	chrome.exe	92
PID 3996 wrote to memory of 2092	3996	chrome.exe	92
PID 3996 wrote to memory of 2092	3996	chrome.exe	92
PID 3996 wrote to memory of 2092	3996	chrome.exe	92
PID 3996 wrote to memory of 2092	3996	chrome.exe	92
PID 3996 wrote to memory of 2092	3996	chrome.exe	92
PID 3996 wrote to memory of 2092	3996	chrome.exe	92
PID 3996 wrote to memory of 2092	3996	chrome.exe	92
PID 3996 wrote to memory of 2092	3996	chrome.exe	92
PID 3996 wrote to memory of 2092	3996	chrome.exe	92
PID 3996 wrote to memory of 2092	3996	chrome.exe	92
PID 3996 wrote to memory of 2092	3996	chrome.exe	92
PID 3996 wrote to memory of 2092	3996	chrome.exe	92
PID 3996 wrote to memory of 2092	3996	chrome.exe	92
PID 3996 wrote to memory of 2092	3996	chrome.exe	92
PID 3996 wrote to memory of 2092	3996	chrome.exe	92
PID 3996 wrote to memory of 2468	3996	chrome.exe	93
PID 3996 wrote to memory of 2468	3996	chrome.exe	93
PID 3996 wrote to memory of 32	3996	chrome.exe	94
PID 3996 wrote to memory of 32	3996	chrome.exe	94
PID 3996 wrote to memory of 32	3996	chrome.exe	94
PID 3996 wrote to memory of 32	3996	chrome.exe	94
PID 3996 wrote to memory of 32	3996	chrome.exe	94
PID 3996 wrote to memory of 32	3996	chrome.exe	94
PID 3996 wrote to memory of 32	3996	chrome.exe	94
PID 3996 wrote to memory of 32	3996	chrome.exe	94
PID 3996 wrote to memory of 32	3996	chrome.exe	94
PID 3996 wrote to memory of 32	3996	chrome.exe	94
PID 3996 wrote to memory of 32	3996	chrome.exe	94
PID 3996 wrote to memory of 32	3996	chrome.exe	94
PID 3996 wrote to memory of 32	3996	chrome.exe	94
PID 3996 wrote to memory of 32	3996	chrome.exe	94
PID 3996 wrote to memory of 32	3996	chrome.exe	94
PID 3996 wrote to memory of 32	3996	chrome.exe	94
PID 3996 wrote to memory of 32	3996	chrome.exe	94
PID 3996 wrote to memory of 32	3996	chrome.exe	94
PID 3996 wrote to memory of 32	3996	chrome.exe	94
PID 3996 wrote to memory of 32	3996	chrome.exe	94
PID 3996 wrote to memory of 32	3996	chrome.exe	94
PID 3996 wrote to memory of 32	3996	chrome.exe	94
PID 3996 wrote to memory of 32	3996	chrome.exe	94
PID 3996 wrote to memory of 32	3996	chrome.exe	94
PID 3996 wrote to memory of 32	3996	chrome.exe	94
PID 3996 wrote to memory of 32	3996	chrome.exe	94
PID 3996 wrote to memory of 32	3996	chrome.exe	94
PID 3996 wrote to memory of 32	3996	chrome.exe	94
PID 3996 wrote to memory of 32	3996	chrome.exe	94
PID 3996 wrote to memory of 32	3996	chrome.exe	94

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\accesibility_window_abc.png
1⤵
PID:4104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f8e3cc40,0x7ff8f8e3cc4c,0x7ff8f8e3cc58
  2⤵
  PID:1580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1780,i,7221471253528770867,9555413637253877949,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1776 /prefetch:2
  2⤵
  PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2032,i,7221471253528770867,9555413637253877949,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2100 /prefetch:3
  2⤵
  PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2188,i,7221471253528770867,9555413637253877949,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2164 /prefetch:8
  2⤵
  PID:32
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3084,i,7221471253528770867,9555413637253877949,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:3084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3152,i,7221471253528770867,9555413637253877949,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:3736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3848,i,7221471253528770867,9555413637253877949,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3624 /prefetch:1
  2⤵
  PID:328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4656,i,7221471253528770867,9555413637253877949,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4732 /prefetch:8
  2⤵
  PID:3752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4864,i,7221471253528770867,9555413637253877949,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4884 /prefetch:8
  2⤵
  PID:932

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:2392

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4840

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3088

C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
1⤵
- Enumerates connected drives
PID:4640
- C:\Windows\System32\SearchProtocolHost.exe
  "C:\Windows\System32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
  2⤵
  - Modifies data under HKEY_USERS
  PID:3688
- C:\Windows\system32\SearchFilterHost.exe
  "C:\Windows\system32\SearchFilterHost.exe" 828 2636 2624 812 {0E5DCEC5-7795-4E38-9621-94DFD9F9A421}
  2⤵
  - Modifies data under HKEY_USERS
  PID:1324
- C:\Windows\system32\SearchFilterHost.exe
  "C:\Windows\system32\SearchFilterHost.exe" 828 2736 2728 812 {85EE815A-7738-4808-A14A-3AD87E32A3BF}
  2⤵
  - Modifies data under HKEY_USERS
  PID:1040

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa39be055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:5080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
cbf59643952be2481ba4e55b663e52a1

SHA1
1676e6fb95a14213d51068fcc460b39834db9aad

SHA256
4d5eb83fe3ff4804fb83c4411a90b8c2501da93692462d0c4ed06690c78d2543

SHA512
fe6d88dfd388b1c211af8621f7dfa02086740812382ee9a1dfcf4f478b1ad4a8bb47fc60849b1bfcf7a41851598c1e8b84756f1c53d7304e71e7ece77659fd10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
52cb2d458dd1b36f1af645225f133778

SHA1
adc310831d37ff61ccfc7a0cabe4cb46544e7c48

SHA256
ae03961c7820131fb353f83fd1e80abee91645d96a2ce621f9dd303e18e34fe3

SHA512
52bc6a92ede5b174d1769b1f45e1844c72f2e13483acbc5ce81d17987dd2e439d3ba14759f3486e5eb9e26123706eee37fb17d957ae3b33f8f33b957f92c6d8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
a580e3890c8812121e1d1b21ba0075b8

SHA1
da6ac5d650132ceb622fbbba102cdf3686403940

SHA256
0f43c392ccadaf0bffc3a1cc441ca893de1d902869b19bd1098bb51fa34a45fc

SHA512
ae39a772e9b42be671a7bf23f02a8dbc81e3e2be9bf051a7fda4abe3bc5d741cb714f7f687165138d99e08ee41d0b26b793c5e9f2f7f23da098d3afa26aa3b7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
01535afcd39b5cdd7469ed2a37132e97

SHA1
0bdad6c81467b56fdd115f0f2669fc6c5f9585fd

SHA256
dab7357bab8d30802a009b581e1c76842dbe7746a6dd0a198fe436794f249035

SHA512
13b71f80b0a220b975551be8ce5f690bf5fef84baafbd57a3e0b0562adedc40ce25c3377ec32465f72a74fb8c8f748a36db227e84ea10026a687d38bf3136319

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ae684dd754c2f37573e86b3083052a1d

SHA1
ed6dcc751ed69d90aa58a3b1407b8e833f81b70e

SHA256
dd349f954255f3de5929ee9419ba1759e4729d0d74ece8045f0443e677825a1a

SHA512
9b1cfd6b6709afee8c301dcff30c00f6101135cced5cb02dae679c27cd03e9223ae48c9ae958c1c7cdd3cdf86d49e977f05df6a7b46d13e5208d7f47a237cddf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2c0f9fea412be4c7f5ccdc46dc44efbc

SHA1
91e5e47af4287bf21316fd149b49f3fd8b902420

SHA256
c8ccb612ffd3f2eddd420d6174d6a4fe661a9c1c3298b5fb96e4bd5b7bbc23d2

SHA512
036926b6a4d3cb2986a938bd8fefe29155a4d09ea2a228f756a863d2a5184a8326ca80a10bea530f25d8a1aed64e3b03418fc38896f08d89dbc4a484f748a519

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
f539b0ad53122ba5943ded74cbd5c1b6

SHA1
cf41621e950f9453c8ab0daea319cf60bcd57fa1

SHA256
cfbafa252bcf4da383762c72d114b6df1d37b133a840c35646cb912ee84c4ec4

SHA512
355ae9b781367bbf062d93943bb64712f2726d55ff7d657a2b2bfeb7da4cbad35e157348cabcbb94743dff4c14d9e7a8ed0d2262e0983c445b186c67d375d85d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
25d50644837b5bc724bb2e3112f0e23e

SHA1
3b6f6099c0778b070e0dab9780471527ad918023

SHA256
101dfbcb3394e5a4ab11d77043a43d415774ac90dd23e6dec746adda1f88df91

SHA512
5cb8ffd2968c9e62857a6e7ec1cd0bb82c50d4af3e66e2edee1f968561bf0dc0caf0b5e2657ee3e9ab13bbadb6e4c5c431f8e918cfefa53fb2598b84ce5a2345

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f3b08a5dfb333a9f2ea91ac870f6bf04

SHA1
041a0c051292ae46099a1f02123aef913d80d787

SHA256
6e740cb23abe10cda5d898b538fef86d7df62133c90eecc112668438a0694b75

SHA512
0571a8edd43cb282653edf448be3b0e2ae8c8830d5369859f22afc4252c69de1c000d26f0bad2778c57f69e8559b431e7da6254bc80e180f82276ed14fde89f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
ca85f4ebd97ac21cb7cb6d025fa82f1f

SHA1
6ba601d846bf11edd53303dfd6d5867ec6fa4fef

SHA256
5a9f973a1ae59ea116c859050d0260a5c0f69de2277dfce91ca5906ec6910d1f

SHA512
3e1b70fbc274bc9d77d8547289b83b0d8a68b9b53668a772552c15867b73e9b4a6911e59f40ca18690f872632da64cdeebe5c262585a9a9a5c747fb789449e59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
57a5473692e3d6bb34ef7909ebd688b5

SHA1
0d7efafdb7db9ae86e0ed60d18211b033ae8a428

SHA256
383ae9088b946f2c8c750cd3fa910152a0e1f93b762bfa7644e1dc5e5dc50dda

SHA512
934afddf950b5f2604ff9783deae37d3182de7e9b01b136f8e5d0c3a93801e4c0fd4d22fbf436490963f67b9496c46dc481fb2a09bb9a6ac260f636777f96f54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
185KB

MD5
0074806cb72a2b17b75f3ca90df529a9

SHA1
408b89e708222f27fdee3e9f9f539d643257e271

SHA256
fc99ff1b32653e71722f6e0d6d3cee481a9d6b8dca246229937dbc5b1f0c93c3

SHA512
5e6f75cf8136d214c1adedee93169eb19447830fa9bbdcbaf9c00c48a174d157050298eaa90bf02f7b6c53d98465310c8464b6f2afcfd964c56ab97ed5595dc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
185KB

MD5
d1ae70859d51218ddc4f6f365570994e

SHA1
50fe592ad3c0975814a83b0e5a210069050a7994

SHA256
1377269622dd2c61f73d6f79be44152839c69bf3ace925908836776e7ccdc825

SHA512
7280fc5b682d5690c2a156399c7277263af3787b3b2d7de5d4a6da9c859f22a0f7686fa062a191515b36c4d7d10076ab326bda493b472aedba1de90d9a0cb10d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
185KB

MD5
5633f4830c8cbdaceed61327c1ac712c

SHA1
30c84da730bcf32fbc2af2030d968619b3a84ca9

SHA256
212f873f861f6c154a693d7238bf63af2ec050571f23ffaa6f83ba7bc25cab06

SHA512
5f63c16d6c44b9504de22661675df6a141949829178effd9c59866919d21a773af90ccb0c4ceea1e7c5fd4b1da0619a3c2bbea311fad00db3c0284eb756094f6

Download Submit
memory/1324-156-0x00000154C76E0000-0x00000154C76F0000-memory.dmp

Filesize
64KB

Download
memory/1324-157-0x00000154C76E0000-0x00000154C76F0000-memory.dmp

Filesize
64KB

Download
memory/1324-150-0x00000154C76E0000-0x00000154C76F0000-memory.dmp

Filesize
64KB

Download
memory/1324-151-0x00000154C76E0000-0x00000154C76F0000-memory.dmp

Filesize
64KB

Download
memory/1324-152-0x00000154C76E0000-0x00000154C76F0000-memory.dmp

Filesize
64KB

Download
memory/1324-155-0x00000154C76E0000-0x00000154C76F0000-memory.dmp

Filesize
64KB

Download
memory/1324-154-0x00000154C76E0000-0x00000154C76F0000-memory.dmp

Filesize
64KB

Download
memory/1324-153-0x00000154C76E0000-0x00000154C76F0000-memory.dmp

Filesize
64KB

Download
memory/1324-174-0x00000154C76E0000-0x00000154C76F0000-memory.dmp

Filesize
64KB

Download
memory/1324-160-0x00000154C76E0000-0x00000154C76F0000-memory.dmp

Filesize
64KB

Download
memory/1324-161-0x00000154C76E0000-0x00000154C76F0000-memory.dmp

Filesize
64KB

Download
memory/1324-163-0x00000154C76E0000-0x00000154C76F0000-memory.dmp

Filesize
64KB

Download
memory/1324-165-0x00000154C76E0000-0x00000154C76F0000-memory.dmp

Filesize
64KB

Download
memory/1324-164-0x00000154C76E0000-0x00000154C76F0000-memory.dmp

Filesize
64KB

Download
memory/1324-162-0x00000154C76E0000-0x00000154C76F0000-memory.dmp

Filesize
64KB

Download
memory/1324-159-0x00000154C76E0000-0x00000154C76F0000-memory.dmp

Filesize
64KB

Download
memory/1324-158-0x00000154C76E0000-0x00000154C76F0000-memory.dmp

Filesize
64KB

Download
memory/1324-177-0x00000154C76E0000-0x00000154C76F0000-memory.dmp

Filesize
64KB

Download
memory/1324-166-0x00000154C76E0000-0x00000154C76F0000-memory.dmp

Filesize
64KB

Download
memory/1324-167-0x00000154C76E0000-0x00000154C76F0000-memory.dmp

Filesize
64KB

Download
memory/1324-168-0x00000154C76E0000-0x00000154C76F0000-memory.dmp

Filesize
64KB

Download
memory/1324-171-0x00000154C76E0000-0x00000154C76F0000-memory.dmp

Filesize
64KB

Download
memory/1324-170-0x00000154C76E0000-0x00000154C76F0000-memory.dmp

Filesize
64KB

Download
memory/1324-169-0x00000154C76E0000-0x00000154C76F0000-memory.dmp

Filesize
64KB

Download
memory/1324-172-0x00000154C76E0000-0x00000154C76F0000-memory.dmp

Filesize
64KB

Download
memory/1324-173-0x00000154C76E0000-0x00000154C76F0000-memory.dmp

Filesize
64KB

Download
memory/1324-175-0x00000154C76E0000-0x00000154C76F0000-memory.dmp

Filesize
64KB

Download
memory/1324-176-0x00000154C76E0000-0x00000154C76F0000-memory.dmp

Filesize
64KB

Download
memory/1324-178-0x00000154C76E0000-0x00000154C76F0000-memory.dmp

Filesize
64KB

Download
memory/1324-179-0x00000154C76E0000-0x00000154C76F0000-memory.dmp

Filesize
64KB

Download
memory/4640-96-0x00000184B0800000-0x00000184B0808000-memory.dmp

Filesize
32KB

Download
memory/4640-93-0x00000184B0110000-0x00000184B0118000-memory.dmp

Filesize
32KB

Download
memory/4640-61-0x00000184ABB20000-0x00000184ABB30000-memory.dmp

Filesize
64KB

Download
memory/4640-77-0x00000184ABD50000-0x00000184ABD60000-memory.dmp

Filesize
64KB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads