hxxps://download[.]cnet[.]com/download/anti-trojan-elite/3000-2239_4-10268398[.]html

Analysis

max time kernel
71s
max time network
76s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23/07/2024, 00:43

Sharing

Copy URL Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://download.cnet.com/download/anti-trojan-elite/3000-2239_4-10268398.html

Score

8^/10

discovery upx

Malware Config

Signatures

Downloads MZ/PE file

ACProtect 1.3x - 1.4x DLL software 3 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x000700000002354d-799.dat	acprotect
behavioral1/files/0x000700000002354a-804.dat	acprotect
behavioral1/files/0x000700000002354b-808.dat	acprotect

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	rtesetup.tmp

Executes dropped EXE 3 IoCs

pid	Process
3680	rtesetup.exe
1132	rtesetup.tmp
5180	TJEnder.exe

Loads dropped DLL 15 IoCs

pid	Process
5180	TJEnder.exe
5180	TJEnder.exe
5180	TJEnder.exe
5180	TJEnder.exe
5180	TJEnder.exe
5180	TJEnder.exe
5180	TJEnder.exe
5180	TJEnder.exe
5180	TJEnder.exe
5180	TJEnder.exe
5180	TJEnder.exe
5180	TJEnder.exe
5180	TJEnder.exe
5180	TJEnder.exe
5180	TJEnder.exe

UPX packed file 10 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000700000002354d-799.dat	upx
behavioral1/files/0x000700000002354a-804.dat	upx
behavioral1/files/0x000700000002354b-808.dat	upx
behavioral1/memory/5180-816-0x0000000000AD0000-0x0000000000B02000-memory.dmp	upx
behavioral1/memory/5180-825-0x0000000000AD0000-0x0000000000B02000-memory.dmp	upx
behavioral1/memory/5180-824-0x0000000010200000-0x0000000010269000-memory.dmp	upx
behavioral1/memory/5180-823-0x000000005F400000-0x000000005F4F5000-memory.dmp	upx
behavioral1/memory/5180-846-0x0000000010200000-0x0000000010269000-memory.dmp	upx
behavioral1/memory/5180-845-0x000000005F400000-0x000000005F4F5000-memory.dmp	upx
behavioral1/memory/5180-844-0x0000000000AD0000-0x0000000000B02000-memory.dmp	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Anti Trojan Elite\is-HEJ55.tmp	rtesetup.tmp
File created	C:\Program Files (x86)\Anti Trojan Elite\is-U4PLG.tmp	rtesetup.tmp
File created	C:\Program Files (x86)\Anti Trojan Elite\is-ERNEL.tmp	rtesetup.tmp
File created	C:\Program Files (x86)\Anti Trojan Elite\is-S0CBV.tmp	rtesetup.tmp
File created	C:\Program Files (x86)\Anti Trojan Elite\Help\is-ED9NV.tmp	rtesetup.tmp
File created	C:\Program Files (x86)\Anti Trojan Elite\is-K6ESA.tmp	rtesetup.tmp
File created	C:\Program Files (x86)\Anti Trojan Elite\is-GNEMH.tmp	rtesetup.tmp
File created	C:\Program Files (x86)\Anti Trojan Elite\is-Q9JMI.tmp	rtesetup.tmp
File created	C:\Program Files (x86)\Anti Trojan Elite\is-CLOGK.tmp	rtesetup.tmp
File created	C:\Program Files (x86)\Anti Trojan Elite\is-NMJQO.tmp	rtesetup.tmp
File created	C:\Program Files (x86)\Anti Trojan Elite\regpage\is-65RNO.tmp	rtesetup.tmp
File created	C:\Program Files (x86)\Anti Trojan Elite\regpage\images\is-3NSR7.tmp	rtesetup.tmp
File created	C:\Program Files (x86)\Anti Trojan Elite\is-7HS31.tmp	rtesetup.tmp
File created	C:\Program Files (x86)\Anti Trojan Elite\is-L915F.tmp	rtesetup.tmp
File created	C:\Program Files (x86)\Anti Trojan Elite\is-ESL4T.tmp	rtesetup.tmp
File created	C:\Program Files (x86)\Anti Trojan Elite\is-OJM73.tmp	rtesetup.tmp
File created	C:\Program Files (x86)\Anti Trojan Elite\is-FSDA7.tmp	rtesetup.tmp
File created	C:\Program Files (x86)\Anti Trojan Elite\is-C6HP9.tmp	rtesetup.tmp
File created	C:\Program Files (x86)\Anti Trojan Elite\is-5M1TE.tmp	rtesetup.tmp
File created	C:\Program Files (x86)\Anti Trojan Elite\is-TC6F4.tmp	rtesetup.tmp
File created	C:\Program Files (x86)\Anti Trojan Elite\is-JOP93.tmp	rtesetup.tmp
File created	C:\Program Files (x86)\Anti Trojan Elite\is-QFI0D.tmp	rtesetup.tmp
File opened for modification	C:\Program Files (x86)\Anti Trojan Elite\unins000.dat	rtesetup.tmp
File created	C:\Program Files (x86)\Anti Trojan Elite\is-I2CSB.tmp	rtesetup.tmp
File created	C:\Program Files (x86)\Anti Trojan Elite\is-7DAMO.tmp	rtesetup.tmp
File created	C:\Program Files (x86)\Anti Trojan Elite\is-AM10O.tmp	rtesetup.tmp
File created	C:\Program Files (x86)\Anti Trojan Elite\is-O5FT9.tmp	rtesetup.tmp
File created	C:\Program Files (x86)\Anti Trojan Elite\is-MU0K0.tmp	rtesetup.tmp
File created	C:\Program Files (x86)\Anti Trojan Elite\is-2H3Q8.tmp	rtesetup.tmp
File created	C:\Program Files (x86)\Anti Trojan Elite\is-POPBJ.tmp	rtesetup.tmp
File created	C:\Program Files (x86)\Anti Trojan Elite\is-3VPR6.tmp	rtesetup.tmp
File created	C:\Program Files (x86)\Anti Trojan Elite\is-MVINB.tmp	rtesetup.tmp
File created	C:\Program Files (x86)\Anti Trojan Elite\is-L61K3.tmp	rtesetup.tmp
File created	C:\Program Files (x86)\Anti Trojan Elite\is-RTBBQ.tmp	rtesetup.tmp
File created	C:\Program Files (x86)\Anti Trojan Elite\is-N7V00.tmp	rtesetup.tmp
File created	C:\Program Files (x86)\Anti Trojan Elite\is-ER80L.tmp	rtesetup.tmp
File created	C:\Program Files (x86)\Anti Trojan Elite\is-P1BCO.tmp	rtesetup.tmp
File created	C:\Program Files (x86)\Anti Trojan Elite\is-LAJTS.tmp	rtesetup.tmp
File created	C:\Program Files (x86)\Anti Trojan Elite\is-RTJ29.tmp	rtesetup.tmp
File created	C:\Program Files (x86)\Anti Trojan Elite\is-7UNFF.tmp	rtesetup.tmp
File created	C:\Program Files (x86)\Anti Trojan Elite\is-F5QS2.tmp	rtesetup.tmp
File created	C:\Program Files (x86)\Anti Trojan Elite\is-L9574.tmp	rtesetup.tmp
File created	C:\Program Files (x86)\Anti Trojan Elite\is-M8VBC.tmp	rtesetup.tmp
File created	C:\Program Files (x86)\Anti Trojan Elite\is-EIMEV.tmp	rtesetup.tmp
File created	C:\Program Files (x86)\Anti Trojan Elite\Help\is-90IGB.tmp	rtesetup.tmp
File created	C:\Program Files (x86)\Anti Trojan Elite\languages\is-U8L0B.tmp	rtesetup.tmp
File created	C:\Program Files (x86)\Anti Trojan Elite\regpage\is-GV91B.tmp	rtesetup.tmp
File created	C:\Program Files (x86)\Anti Trojan Elite\is-8IP9N.tmp	rtesetup.tmp
File created	C:\Program Files (x86)\Anti Trojan Elite\is-K5VKP.tmp	rtesetup.tmp
File created	C:\Program Files (x86)\Anti Trojan Elite\is-BM890.tmp	rtesetup.tmp
File created	C:\Program Files (x86)\Anti Trojan Elite\is-LOPIR.tmp	rtesetup.tmp
File created	C:\Program Files (x86)\Anti Trojan Elite\is-88QDP.tmp	rtesetup.tmp
File created	C:\Program Files (x86)\Anti Trojan Elite\is-QF0RI.tmp	rtesetup.tmp
File created	C:\Program Files (x86)\Anti Trojan Elite\is-95EG4.tmp	rtesetup.tmp
File created	C:\Program Files (x86)\Anti Trojan Elite\is-APMJL.tmp	rtesetup.tmp
File created	C:\Program Files (x86)\Anti Trojan Elite\is-M4570.tmp	rtesetup.tmp
File created	C:\Program Files (x86)\Anti Trojan Elite\is-UEKN4.tmp	rtesetup.tmp
File created	C:\Program Files (x86)\Anti Trojan Elite\is-UA2LG.tmp	rtesetup.tmp
File created	C:\Program Files (x86)\Anti Trojan Elite\languages\is-74UVA.tmp	rtesetup.tmp
File created	C:\Program Files (x86)\Anti Trojan Elite\regpage\images\is-K34TF.tmp	rtesetup.tmp
File created	C:\Program Files (x86)\Anti Trojan Elite\is-HJESM.tmp	rtesetup.tmp
File created	C:\Program Files (x86)\Anti Trojan Elite\is-8RAT4.tmp	rtesetup.tmp
File created	C:\Program Files (x86)\Anti Trojan Elite\is-SEV80.tmp	rtesetup.tmp
File created	C:\Program Files (x86)\Anti Trojan Elite\is-0K080.tmp	rtesetup.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 15 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "74"	LogonUI.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\Shell\Scan with Anti Trojan Elite	rtesetup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\Shell\Scan with Anti Trojan Elite\Command	rtesetup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shell\Scan with Anti Trojan Elite\Command\ = "\"C:\\Program Files (x86)\\Anti Trojan Elite\\TjEnder.exe\""	rtesetup.tmp

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 740365.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4260	msedge.exe
4260	msedge.exe
3252	msedge.exe
3252	msedge.exe
3284	identity_helper.exe
3284	identity_helper.exe
532	msedge.exe
532	msedge.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
660	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3680	rtesetup.exe

Suspicious use of FindShellTrayWindow 42 IoCs

pid	Process
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
1132	rtesetup.tmp

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3912	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3252 wrote to memory of 1968	3252	msedge.exe	84
PID 3252 wrote to memory of 1968	3252	msedge.exe	84
PID 3252 wrote to memory of 5084	3252	msedge.exe	85
PID 3252 wrote to memory of 5084	3252	msedge.exe	85
PID 3252 wrote to memory of 5084	3252	msedge.exe	85
PID 3252 wrote to memory of 5084	3252	msedge.exe	85
PID 3252 wrote to memory of 5084	3252	msedge.exe	85
PID 3252 wrote to memory of 5084	3252	msedge.exe	85
PID 3252 wrote to memory of 5084	3252	msedge.exe	85
PID 3252 wrote to memory of 5084	3252	msedge.exe	85
PID 3252 wrote to memory of 5084	3252	msedge.exe	85
PID 3252 wrote to memory of 5084	3252	msedge.exe	85
PID 3252 wrote to memory of 5084	3252	msedge.exe	85
PID 3252 wrote to memory of 5084	3252	msedge.exe	85
PID 3252 wrote to memory of 5084	3252	msedge.exe	85
PID 3252 wrote to memory of 5084	3252	msedge.exe	85
PID 3252 wrote to memory of 5084	3252	msedge.exe	85
PID 3252 wrote to memory of 5084	3252	msedge.exe	85
PID 3252 wrote to memory of 5084	3252	msedge.exe	85
PID 3252 wrote to memory of 5084	3252	msedge.exe	85
PID 3252 wrote to memory of 5084	3252	msedge.exe	85
PID 3252 wrote to memory of 5084	3252	msedge.exe	85
PID 3252 wrote to memory of 5084	3252	msedge.exe	85
PID 3252 wrote to memory of 5084	3252	msedge.exe	85
PID 3252 wrote to memory of 5084	3252	msedge.exe	85
PID 3252 wrote to memory of 5084	3252	msedge.exe	85
PID 3252 wrote to memory of 5084	3252	msedge.exe	85
PID 3252 wrote to memory of 5084	3252	msedge.exe	85
PID 3252 wrote to memory of 5084	3252	msedge.exe	85
PID 3252 wrote to memory of 5084	3252	msedge.exe	85
PID 3252 wrote to memory of 5084	3252	msedge.exe	85
PID 3252 wrote to memory of 5084	3252	msedge.exe	85
PID 3252 wrote to memory of 5084	3252	msedge.exe	85
PID 3252 wrote to memory of 5084	3252	msedge.exe	85
PID 3252 wrote to memory of 5084	3252	msedge.exe	85
PID 3252 wrote to memory of 5084	3252	msedge.exe	85
PID 3252 wrote to memory of 5084	3252	msedge.exe	85
PID 3252 wrote to memory of 5084	3252	msedge.exe	85
PID 3252 wrote to memory of 5084	3252	msedge.exe	85
PID 3252 wrote to memory of 5084	3252	msedge.exe	85
PID 3252 wrote to memory of 5084	3252	msedge.exe	85
PID 3252 wrote to memory of 5084	3252	msedge.exe	85
PID 3252 wrote to memory of 4260	3252	msedge.exe	86
PID 3252 wrote to memory of 4260	3252	msedge.exe	86
PID 3252 wrote to memory of 2208	3252	msedge.exe	87
PID 3252 wrote to memory of 2208	3252	msedge.exe	87
PID 3252 wrote to memory of 2208	3252	msedge.exe	87
PID 3252 wrote to memory of 2208	3252	msedge.exe	87
PID 3252 wrote to memory of 2208	3252	msedge.exe	87
PID 3252 wrote to memory of 2208	3252	msedge.exe	87
PID 3252 wrote to memory of 2208	3252	msedge.exe	87
PID 3252 wrote to memory of 2208	3252	msedge.exe	87
PID 3252 wrote to memory of 2208	3252	msedge.exe	87
PID 3252 wrote to memory of 2208	3252	msedge.exe	87
PID 3252 wrote to memory of 2208	3252	msedge.exe	87
PID 3252 wrote to memory of 2208	3252	msedge.exe	87
PID 3252 wrote to memory of 2208	3252	msedge.exe	87
PID 3252 wrote to memory of 2208	3252	msedge.exe	87
PID 3252 wrote to memory of 2208	3252	msedge.exe	87
PID 3252 wrote to memory of 2208	3252	msedge.exe	87
PID 3252 wrote to memory of 2208	3252	msedge.exe	87
PID 3252 wrote to memory of 2208	3252	msedge.exe	87
PID 3252 wrote to memory of 2208	3252	msedge.exe	87
PID 3252 wrote to memory of 2208	3252	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://download.cnet.com/download/anti-trojan-elite/3000-2239_4-10268398.html
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8a63f46f8,0x7ff8a63f4708,0x7ff8a63f4718
  2⤵
  PID:1968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,8796192177544405486,12959633920348387764,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2232,8796192177544405486,12959633920348387764,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2232,8796192177544405486,12959633920348387764,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
  2⤵
  PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,8796192177544405486,12959633920348387764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,8796192177544405486,12959633920348387764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,8796192177544405486,12959633920348387764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,8796192177544405486,12959633920348387764,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3600 /prefetch:8
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,8796192177544405486,12959633920348387764,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3600 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,8796192177544405486,12959633920348387764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,8796192177544405486,12959633920348387764,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,8796192177544405486,12959633920348387764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,8796192177544405486,12959633920348387764,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:1112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2232,8796192177544405486,12959633920348387764,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5520 /prefetch:8
  2⤵
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,8796192177544405486,12959633920348387764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2232,8796192177544405486,12959633920348387764,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6200 /prefetch:8
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,8796192177544405486,12959633920348387764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2232,8796192177544405486,12959633920348387764,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6220 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:532
- C:\Users\Admin\Downloads\rtesetup.exe
  "C:\Users\Admin\Downloads\rtesetup.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:3680
- - C:\Users\Admin\AppData\Local\Temp\is-3C8MD.tmp\rtesetup.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-3C8MD.tmp\rtesetup.tmp" /SL5="$F0220,6112520,54272,C:\Users\Admin\Downloads\rtesetup.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Drops file in Program Files directory
    - Modifies registry class
    - Suspicious use of FindShellTrayWindow
    PID:1132
  - - C:\Program Files (x86)\Anti Trojan Elite\TJEnder.exe
      "C:\Program Files (x86)\Anti Trojan Elite\TJEnder.exe" -*Install
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:5180

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4792

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2812

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa397c055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:3912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Anti Trojan Elite\Helper.DLL

Filesize
68KB

MD5
cdeeddef3652de49fdc29f250e068598

SHA1
cbd40846eab35afd2f63931cd6f38c86d6c37e6b

SHA256
224c8f137de79002cb2062bd7bf2f377e071c3870db9072f5afc77cee52e8268

SHA512
4f196ef4223f5a04edc2cf1c6e6cca95d899012610d0febd3a4329e90c700bec280720b03a3d7dc9f942bb5bb1ce669cd62a650061c5f2d182bab8817531bb69

Download Submit
C:\Program Files (x86)\Anti Trojan Elite\MFC42D.DLL

Filesize
272KB

MD5
23ee7cebd0de66d1df8d311ab0a87a8a

SHA1
9ac2b39631a49cd331ae10a62cb34daae11db4cd

SHA256
cfb9750da87de43088c09c5ee15b4cbeab3be2b5afde01915ee90e45110dd61d

SHA512
0a3fd0af0018899d0c069773aba0426c5eeb9f52ab8a8bbd2909a417a77fcb14a6a4bf850a32c07d29fe8fdc1defcca1a497e933afe8b51a4b5bc0c8ec487f39

Download Submit
C:\Program Files (x86)\Anti Trojan Elite\MLGU.DLL

Filesize
70KB

MD5
39732b89c4a7e1c1871ff4b7797f0ee4

SHA1
5195d55061764e531f45bc1511e0c98602fbaabd

SHA256
66607e8b7631c01936da619e10596fb03b7dec140a90cf69bac78d0ff5e4b6b8

SHA512
9d9fab3f1df257bb663ac6ee5f86900ee6eda64477e494100156ae5c674e8db104070bf1f3d3c6d16f0739ddf3ad562e605d3b83f1c3996c525c3cc339ee3837

Download Submit
C:\Program Files (x86)\Anti Trojan Elite\MSVCRTD.DLL

Filesize
137KB

MD5
ccb056468ad6ad94bb3c4ca87af05205

SHA1
f7e3453b399e3bd12757b4f95293db51c7c5eb69

SHA256
7cc3bf4df8a759ad338a0f22177ffe79b46db3996e8084fb0d4abe48dee3a2ec

SHA512
f87fcfd35ae65b3fe2e29fbe2161c8984d7804d70ade32916cd6d990f7fbc4ff6546cab5b0a62ba167160cfe2e393ad8158cf6e72f87fb194760e69a45ce5fd6

Download Submit
C:\Program Files (x86)\Anti Trojan Elite\SysLoader.dll

Filesize
64KB

MD5
2b4c92acb4482501ce40583244645b52

SHA1
c117128503af7fd5776e237e536894f9608450e0

SHA256
dc6f441d726f4b03d7287735d76fc68bf97d3c518d1432b339698e2f7101979f

SHA512
7c39997993c2ac427dc7726b35d4dd72096569962f716d7363ffbe0e95bded9e33967271020dfd6afdc2d7f12d80120d19efd6187d2ba5806f3fc7824bc1bdba

Download Submit
C:\Program Files (x86)\Anti Trojan Elite\TJEnder.exe

Filesize
3.9MB

MD5
d6a24e68eb0864a11fa45e07ed0042fb

SHA1
8f17637a3b4b9faba84b08ac171421b1d8b8e354

SHA256
4004366834f4722d3df5156e54ffcdabbe41b4b551536ddf1547779731fb1b70

SHA512
dc9a73c165db966a4be8fe5dfa0f1f33dedf609b43507382d69bb8b075d7d71c267da1286d7d2c4f2d54d9165622505719555a8ad26a6d126df241b41122f123

Download Submit
C:\Program Files (x86)\Anti Trojan Elite\borlndmm.DLL

Filesize
21KB

MD5
0cf6c24c611c58fe8b85da545dd68364

SHA1
b9b6dfef551b2880b7f1b6b53fa453df888de582

SHA256
1c7ff99399a59491c7c016681ef3be2890dce818c3d6ccf2f18d27f2eeb3ace9

SHA512
63770629bdea43d0676d39a069b76c991e76b539bf752dcd3d82220974e120c2dec27a55811984d6ae77be6b987c5a83420fd990e467f6fe5337864c57183830

Download Submit
C:\Program Files (x86)\Anti Trojan Elite\cc3260mt.dll

Filesize
1.4MB

MD5
0df3473346769c1c732222c2664e65fe

SHA1
b65e69d2b06ef1ef895fd600ec929c54b9cd8da6

SHA256
4b5eadc340492faa57df3571c7471f0528832f1e7c822191adb53d9e6be7662d

SHA512
e1e059fe8e8396c8c0f93b00ccff626a1850d4f5e750ce6405023e8d7acebbeff3f9e52f7fafa229bf050435964ad6d12f5de85dbbe0e207e83e2307e9e1c284

Download Submit
C:\Program Files (x86)\Anti Trojan Elite\trojanscan.dll

Filesize
60KB

MD5
54e91a0b298f2d2667536cc83627d1b2

SHA1
16b989d13d7044f0b4dd88e5c943d55e8a64f6e3

SHA256
c4ac832dc4c2343b4fe61199ae759ff2a4a30279f0486da828fbf5bd7ae4e1c8

SHA512
6f3f1d0d697b890eed0d4e8d178d91726d73373a16e1c40e7a41f44eb31bcf1b5e81a37d5f0f147e8c01d416e796eff81a686371fd98cd2bff0b9bf0035abfcb

Download Submit
C:\Program Files (x86)\Anti Trojan Elite\unrar.Dll

Filesize
154KB

MD5
e63d2649dce54cc0bcbc8110fdf775b5

SHA1
4fa5092a86af098303c3967bdf97f58abfa0931d

SHA256
c27cc071ca6893ec496f50d0910de0e6772e2f8e6ce37fec066bfeccb99c06e9

SHA512
c7b1f244b516917bfda2f1122e29a7cc8b877d90a308cffeefb8f34ff38b59b0fcbcf6ba07ad7842099d94ca4ff616fe10b19529be8fca536f074ef777781700

Download Submit
C:\Program Files (x86)\Anti Trojan Elite\unrarscan.Dll

Filesize
28KB

MD5
5af8be32b6adc185509c1aed17741590

SHA1
4e418aaf842a53a39c3be3ecdb0819dccb200250

SHA256
4dfa606d356e1ba799121684fcf58043d608db980a64b3329ae9989cd9da1ad2

SHA512
4c4f434fdb3e72424b5658bb7d59ba810845fa8459e3527c6b2d54849837c3304b18bb0136d0d79deab9b1a2f3e0c3d2998af3b1f5de4457a009b938cf69c1d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\01bf7c86-38bf-4074-8793-9afaa3f93cf2.tmp

Filesize
11KB

MD5
71ccf7d067bd301076759e20b8e297bc

SHA1
a5c829cd4f9eeaa5c95c2f6b846ff57b8263bdd6

SHA256
e0513b50fa36a16bea2e3a8f618bf1749665d33bdafa065fe8198199e638ad69

SHA512
62e76bbd28a5e7e57ef0a6a185bfb726ca39d27164506f34b10778e93d5f503948a44eeb7619ba92373fe82104da236bde9f362d099521aa68ec7b1bba0930fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2f842025e22e522658c640cfc7edc529

SHA1
4c2b24b02709acdd159f1b9bbeb396e52af27033

SHA256
1191573f2a7c12f0b9b8460e06dc36ca5386305eb8c883ebbbc8eb15f4d8e23e

SHA512
6e4393fd43984722229020ef662fc5981f253de31f13f30fadd6660bbc9ededcbfd163f132f6adaf42d435873322a5d0d3eea60060cf0e7f2e256262632c5d05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
54aadd2d8ec66e446f1edb466b99ba8d

SHA1
a94f02b035dc918d8d9a46e6886413f15be5bff0

SHA256
1971045943002ef01930add9ba1a96a92ddc10d6c581ce29e33c38c2120b130e

SHA512
7e077f903463da60b5587aed4f5352060df400ebda713b602b88c15cb2f91076531ea07546a9352df772656065e0bf27bd285905a60f036a5c5951076d35e994

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
7131e5206d5897885b3ccfcb39c4d35d

SHA1
89bccbb08c3ce283deb828a6d4fcde7812f722ed

SHA256
1e4ad8ad608ed88bf16d752d979dd2d8be31a6d7045d7b56c4202e8ae932c976

SHA512
bdb8f8258eb3731d33b9f06d7be3a9da2fb442f47ae6d0d4da2040ef3dc241903145198fe69efbb98b2c21ae3431614e0fc35952cfcedcde447011172c3d4c2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b3e88c17ddf10bd922ef1dab54b00ad1

SHA1
19b0d4c1b55177253e24702513a3fe0265db213e

SHA256
1ffb648bb138d0c95f41682d291e26ef80fbbcc91fa0cce3438a27960378bb61

SHA512
d9b7a7906f627f524e14d97b76b7ca8eda173e0f827f40fe2ddf76718ebd6e153e29fe4323e54dee5e7d25606f28ab09783e3e6f520521c0b386b454766a3287

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
31d651cb1ebff19c70770324c2389ca6

SHA1
600dcdeb5870effe9f29db05ffc0eab62ff6126a

SHA256
f291f46d094b685371a1cda21f5210c6c0cf2c4df204c2466a0ff14883717909

SHA512
1cfef4a0ed092f69485677eafebc3316fa8a247e0249b256221b063f860b2e038f4638921d78db9e89e4ecb281a4f644df984a5a858868619ab415ad46e80f18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
062a1bfb717a84b2b6cde771c21f1cc4

SHA1
65a02dd551313b14a76afa7c3d27294d60fc59d1

SHA256
272babcd21385de3c43802dedf2b3c87acb6c4c48fa17725c214d1ca6fd20d70

SHA512
ced6711a8bf3eec5efd569d91259a4ff35df88f042b8f209e6c351e8bbe9ea34b111587d7e798c06a78bc9e23dc2c56a228e48371befb7103509faf8e024b99a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f23f.TMP

Filesize
1KB

MD5
fc9fa2efcdbbbb04601210c07306e927

SHA1
2e7624e0d349a2d9e0d852b7c6768959607c1e73

SHA256
0425e5ac4864d382e9cedfae54baa74f3ee27238029c71796cf01bce85103aa1

SHA512
4e0bccef87fb9fd19c18be2b90963df7697ba43f55a0511b42d4568d8c8a159768ae1690b68866da0c2467c1c7463264b631d07f3e75bacf2e64a13fc09e03b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\bda347da-f0d1-4ce9-8912-4663b83eec6f.tmp

Filesize
1KB

MD5
4da976245dc44c521b2e592b27daeefc

SHA1
235066fe2049914b7cdf66ee1ed4649e513a2788

SHA256
b69d5f7208bf84f3a8604bf95c9271f813656ef2011e80e851e5ecec81fc0d93

SHA512
e3fb9f0eb96ded28ccc7104a4338b21a340b7f3c7a78d5e7bc018cf289f98ec3f5ff4162becadce5283fa7794f227cc54ea963a80b92a8590d86727564cf4f8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
decc42dc10617a2fdd6e01338cc23473

SHA1
fc185a4515b9fd03461b8f95ce5d9f9fcbed4b3e

SHA256
e6af5a33e4f62b06748b0a2117dfa15698e1f295d6090636d9bcaeb8779f81e5

SHA512
47fa4eeed8e33d088c605b4964bef31c38a91686da8878e1ed1ced9a70c99ce84a8710437dd356b11483f9bcbb99af9c364a4332a618a3ad2320404045c82ce2

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-3C8MD.tmp\rtesetup.tmp

Filesize
683KB

MD5
ce4e0ff83ac2a3256fd5c220562294a1

SHA1
72429c43cc4ed0a184a9c7b208902005489ff49a

SHA256
130ec61d37b76fa26a4c7ebcf210467c5be3ae2ace7346546c65f093478bb06b

SHA512
b375a78ca9b8e30ba665d3934716e5d3ac5737d8cf05a562f59c8b142923e3a79f1c44b55e995bd43fd0a9056a122cbe332d33947f626fa2d5bfb9f2e1824e98

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 740365.crdownload

Filesize
6.1MB

MD5
52b27d9c89c8c2fce9be618114a65cc9

SHA1
02dee7306570df80ad98884215b0c94317a8b9f0

SHA256
64320dd1e8bf88568f90d6f5a4eb30a9e7c4d594e2498ab0fc46ef4e9834e7c1

SHA512
1fe08527fa65f0c7259300b36bc501f351125d63ea22d9556f4aa0b7f6ca444260b4ace9d4ccfa35929950853bc5409cd1f208ef1c7f503365a2d07aea23907b

Download Submit
memory/1132-279-0x0000000000400000-0x00000000004BA000-memory.dmp

Filesize
744KB

Download
memory/1132-848-0x0000000000400000-0x00000000004BA000-memory.dmp

Filesize
744KB

Download
memory/1132-266-0x0000000000400000-0x00000000004BA000-memory.dmp

Filesize
744KB

Download
memory/1132-852-0x0000000000400000-0x00000000004BA000-memory.dmp

Filesize
744KB

Download
memory/3680-231-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/3680-265-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/3680-853-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/5180-845-0x000000005F400000-0x000000005F4F5000-memory.dmp

Filesize
980KB

Download
memory/5180-842-0x0000000032600000-0x0000000032776000-memory.dmp

Filesize
1.5MB

Download
memory/5180-822-0x0000000000F20000-0x0000000000F51000-memory.dmp

Filesize
196KB

Download
memory/5180-831-0x0000000002A50000-0x0000000002A62000-memory.dmp

Filesize
72KB

Download
memory/5180-837-0x0000000000400000-0x0000000000861000-memory.dmp

Filesize
4.4MB

Download
memory/5180-846-0x0000000010200000-0x0000000010269000-memory.dmp

Filesize
420KB

Download
memory/5180-823-0x000000005F400000-0x000000005F4F5000-memory.dmp

Filesize
980KB

Download
memory/5180-812-0x0000000000D80000-0x0000000000E11000-memory.dmp

Filesize
580KB

Download
memory/5180-844-0x0000000000AD0000-0x0000000000B02000-memory.dmp

Filesize
200KB

Download
memory/5180-843-0x0000000000F20000-0x0000000000F51000-memory.dmp

Filesize
196KB

Download
memory/5180-841-0x0000000001190000-0x000000000119B000-memory.dmp

Filesize
44KB

Download
memory/5180-816-0x0000000000AD0000-0x0000000000B02000-memory.dmp

Filesize
200KB

Download
memory/5180-825-0x0000000000AD0000-0x0000000000B02000-memory.dmp

Filesize
200KB

Download
memory/5180-824-0x0000000010200000-0x0000000010269000-memory.dmp

Filesize
420KB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads