e886cc52075d23ecb4b1a2ec30bec472450e69dc2d8dce68effc532caa7835be

Analysis

max time kernel
149s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13/10/2024, 18:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Loader.exe
Size

15.0MB
MD5

cd7ed5e3b69830ccfb98dff6c21769d2
SHA1

798bda71d2d523f045163ffd90ef1dc1caf09074
SHA256

e886cc52075d23ecb4b1a2ec30bec472450e69dc2d8dce68effc532caa7835be
SHA512

906b544649193dc871b7cf6c7d9ead624416b117c187501bd60cbb966de803274af6d1d1c2039b39e718b6f697f21e33f56db31ac4e008a2f1a66f6e1ccd658a
SSDEEP

393216:VeYnTZIL41D1QAqWs+sNzMmqNmz8VOazLjH27VC0Bio:VnnTZOO1QL+sNzBqNOXazLb2ZpMo

Score

5^/10

Malware Config

Signatures

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
2188	Loader.exe
2188	Loader.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2188	Loader.exe
2188	Loader.exe
2188	Loader.exe
2188	Loader.exe
2188	Loader.exe
2188	Loader.exe
2188	Loader.exe
2188	Loader.exe
2188	Loader.exe
2188	Loader.exe
2188	Loader.exe
2188	Loader.exe
2188	Loader.exe
2188	Loader.exe
2188	Loader.exe
2188	Loader.exe
2188	Loader.exe
2188	Loader.exe
2188	Loader.exe
2188	Loader.exe
2188	Loader.exe
2188	Loader.exe
2188	Loader.exe
2188	Loader.exe
2188	Loader.exe
2188	Loader.exe
2188	Loader.exe
2188	Loader.exe
2188	Loader.exe
2188	Loader.exe
2188	Loader.exe
2188	Loader.exe
2188	Loader.exe
2188	Loader.exe
2188	Loader.exe
2188	Loader.exe
2188	Loader.exe
2188	Loader.exe
2188	Loader.exe
2188	Loader.exe
2188	Loader.exe
2188	Loader.exe
2188	Loader.exe
2188	Loader.exe
2188	Loader.exe
2188	Loader.exe
2188	Loader.exe
2188	Loader.exe
2188	Loader.exe
2188	Loader.exe
2188	Loader.exe
2188	Loader.exe
2188	Loader.exe
2188	Loader.exe
2188	Loader.exe
2188	Loader.exe
2188	Loader.exe
2188	Loader.exe
2188	Loader.exe
2188	Loader.exe
2188	Loader.exe
2188	Loader.exe
2188	Loader.exe
2188	Loader.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
2188	Loader.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 2680	2188	Loader.exe	31
PID 2188 wrote to memory of 2680	2188	Loader.exe	31
PID 2188 wrote to memory of 2680	2188	Loader.exe	31
PID 2188 wrote to memory of 2796	2188	Loader.exe	32
PID 2188 wrote to memory of 2796	2188	Loader.exe	32
PID 2188 wrote to memory of 2796	2188	Loader.exe	32
PID 2188 wrote to memory of 2392	2188	Loader.exe	33
PID 2188 wrote to memory of 2392	2188	Loader.exe	33
PID 2188 wrote to memory of 2392	2188	Loader.exe	33
PID 2188 wrote to memory of 2792	2188	Loader.exe	34
PID 2188 wrote to memory of 2792	2188	Loader.exe	34
PID 2188 wrote to memory of 2792	2188	Loader.exe	34
PID 2188 wrote to memory of 2716	2188	Loader.exe	35
PID 2188 wrote to memory of 2716	2188	Loader.exe	35
PID 2188 wrote to memory of 2716	2188	Loader.exe	35
PID 2188 wrote to memory of 2764	2188	Loader.exe	36
PID 2188 wrote to memory of 2764	2188	Loader.exe	36
PID 2188 wrote to memory of 2764	2188	Loader.exe	36
PID 2188 wrote to memory of 2580	2188	Loader.exe	37
PID 2188 wrote to memory of 2580	2188	Loader.exe	37
PID 2188 wrote to memory of 2580	2188	Loader.exe	37
PID 2188 wrote to memory of 2884	2188	Loader.exe	38
PID 2188 wrote to memory of 2884	2188	Loader.exe	38
PID 2188 wrote to memory of 2884	2188	Loader.exe	38
PID 2188 wrote to memory of 2692	2188	Loader.exe	39
PID 2188 wrote to memory of 2692	2188	Loader.exe	39
PID 2188 wrote to memory of 2692	2188	Loader.exe	39
PID 2188 wrote to memory of 2720	2188	Loader.exe	40
PID 2188 wrote to memory of 2720	2188	Loader.exe	40
PID 2188 wrote to memory of 2720	2188	Loader.exe	40
PID 2188 wrote to memory of 2844	2188	Loader.exe	41
PID 2188 wrote to memory of 2844	2188	Loader.exe	41
PID 2188 wrote to memory of 2844	2188	Loader.exe	41
PID 2188 wrote to memory of 2548	2188	Loader.exe	42
PID 2188 wrote to memory of 2548	2188	Loader.exe	42
PID 2188 wrote to memory of 2548	2188	Loader.exe	42
PID 2188 wrote to memory of 2572	2188	Loader.exe	43
PID 2188 wrote to memory of 2572	2188	Loader.exe	43
PID 2188 wrote to memory of 2572	2188	Loader.exe	43
PID 2188 wrote to memory of 2616	2188	Loader.exe	44
PID 2188 wrote to memory of 2616	2188	Loader.exe	44
PID 2188 wrote to memory of 2616	2188	Loader.exe	44
PID 2188 wrote to memory of 2676	2188	Loader.exe	45
PID 2188 wrote to memory of 2676	2188	Loader.exe	45
PID 2188 wrote to memory of 2676	2188	Loader.exe	45
PID 2188 wrote to memory of 3024	2188	Loader.exe	46
PID 2188 wrote to memory of 3024	2188	Loader.exe	46
PID 2188 wrote to memory of 3024	2188	Loader.exe	46
PID 2188 wrote to memory of 3028	2188	Loader.exe	47
PID 2188 wrote to memory of 3028	2188	Loader.exe	47
PID 2188 wrote to memory of 3028	2188	Loader.exe	47
PID 2188 wrote to memory of 848	2188	Loader.exe	48
PID 2188 wrote to memory of 848	2188	Loader.exe	48
PID 2188 wrote to memory of 848	2188	Loader.exe	48
PID 2188 wrote to memory of 1732	2188	Loader.exe	49
PID 2188 wrote to memory of 1732	2188	Loader.exe	49
PID 2188 wrote to memory of 1732	2188	Loader.exe	49
PID 2188 wrote to memory of 1532	2188	Loader.exe	50
PID 2188 wrote to memory of 1532	2188	Loader.exe	50
PID 2188 wrote to memory of 1532	2188	Loader.exe	50
PID 2188 wrote to memory of 1360	2188	Loader.exe	51
PID 2188 wrote to memory of 1360	2188	Loader.exe	51
PID 2188 wrote to memory of 1360	2188	Loader.exe	51
PID 2188 wrote to memory of 576	2188	Loader.exe	52

C:\Users\Admin\AppData\Local\Temp\Loader.exe
"C:\Users\Admin\AppData\Local\Temp\Loader.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2680
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2796
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2392
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2792
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2716
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2764
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2580
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2884
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2692
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2720
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2844
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2548
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2572
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2616
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2676
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:3024
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:3028
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:848
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:1732
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:1532
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:1360
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:576
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2880
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2912
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2900
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2924
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:3016
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:3048
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2256
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2232
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2372
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:1580
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2540
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2788
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:288
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:1408
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:1756
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:600
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2440
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:1496
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2620
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:1244
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:1516
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2348
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:1132
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:1548
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:872
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2640
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:1012
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:1636
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:1416
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:1396
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:264
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:1956
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2812
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2976
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2972
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2808
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2168
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2024
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:1364
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2248
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2264
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:1256
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2096
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2236
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2080
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2124
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:448
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:984
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:1320
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2528
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2732
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2508
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:908
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:920
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:936
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:1324
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:784
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:764
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2952
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2940
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:1544
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:776
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:1752
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:3012
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:1720
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:1264
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:640
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:1328
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:1196
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2300
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:3064
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:1624
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:844
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:1996
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2484
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2428
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:1976
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2388
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2320
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:1784
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:1964
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:1968
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2480
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:996
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:900
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:1820
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2456
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2288
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2244
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:1596
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:1760
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2752
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2780
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2684
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2804
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2956
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2680
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2796
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2856
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:1572
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2792
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:896
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2928
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2764
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2580
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2884
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2692
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2668
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2608
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:1560
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2596
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2584
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:2628
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:1912
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:3028
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:848
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:1732
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:3040
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c CLS
  2⤵
  PID:1952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2188-0-0x000000013FEC1000-0x000000014074B000-memory.dmp

Filesize
8.5MB

Download
memory/2188-1-0x00000000770D0000-0x00000000770D2000-memory.dmp

Filesize
8KB

Download
memory/2188-10-0x00000000770E0000-0x00000000770E2000-memory.dmp

Filesize
8KB

Download
memory/2188-8-0x00000000770E0000-0x00000000770E2000-memory.dmp

Filesize
8KB

Download
memory/2188-6-0x00000000770E0000-0x00000000770E2000-memory.dmp

Filesize
8KB

Download
memory/2188-5-0x00000000770D0000-0x00000000770D2000-memory.dmp

Filesize
8KB

Download
memory/2188-3-0x00000000770D0000-0x00000000770D2000-memory.dmp

Filesize
8KB

Download
memory/2188-15-0x000000013FC80000-0x000000014164B000-memory.dmp

Filesize
25.8MB

Download
memory/2188-14-0x000000013FC80000-0x000000014164B000-memory.dmp

Filesize
25.8MB

Download
memory/2188-16-0x000000013FEC1000-0x000000014074B000-memory.dmp

Filesize
8.5MB

Download