hxxps://github[.]com/Da2dalus/The-MALWARE-Repo

Resubmissions

28/02/2025, 03:08

250228-dmxswsyvdy 10

28/02/2025, 03:05

250228-dlbt2aytgy 10

28/02/2025, 03:03

250228-dj7tpaytey 9

Analysis

max time kernel
61s
max time network
64s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250217-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250217-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
28/02/2025, 03:03

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://github.com/Da2dalus/The-MALWARE-Repo

Score

9^/10

bootkit discovery persistence ransomware upx

Malware Config

Signatures

Renames multiple (161) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Downloads MZ/PE file 2 IoCs

flow	pid	Process
55	4040	chrome.exe
55	4040	chrome.exe

Executes dropped EXE 5 IoCs

pid	Process
1316	Fantom.exe
2472	RedBoot.exe
3644	protect.exe
3824	assembler.exe
2732	overwrite.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
53	raw.githubusercontent.com
54	raw.githubusercontent.com
55	raw.githubusercontent.com

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	overwrite.exe

AutoIT Executable 2 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/files/0x000a000000027dc3-503.dat	autoit_exe
behavioral1/memory/2472-678-0x0000000000EC0000-0x000000000114E000-memory.dmp	autoit_exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0008000000027dbc-464.dat	upx
behavioral1/memory/2472-478-0x0000000000EC0000-0x000000000114E000-memory.dmp	upx
behavioral1/memory/2472-678-0x0000000000EC0000-0x000000000114E000-memory.dmp	upx

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RedBoot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	protect.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	assembler.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	overwrite.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Fantom.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "88"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133851854235111038"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1364	chrome.exe
1364	chrome.exe
3644	protect.exe
3644	protect.exe
3644	protect.exe
3644	protect.exe
3644	protect.exe
3644	protect.exe
3644	protect.exe
3644	protect.exe
3644	protect.exe
3644	protect.exe
3644	protect.exe
3644	protect.exe
3644	protect.exe
3644	protect.exe
3644	protect.exe
3644	protect.exe
3644	protect.exe
3644	protect.exe
3644	protect.exe
3644	protect.exe
3644	protect.exe
3644	protect.exe
3644	protect.exe
3644	protect.exe
3644	protect.exe
3644	protect.exe
3644	protect.exe
3644	protect.exe
3644	protect.exe
3644	protect.exe
3644	protect.exe
3644	protect.exe
3644	protect.exe
3644	protect.exe
3644	protect.exe
3644	protect.exe
3644	protect.exe
3644	protect.exe
3644	protect.exe
3644	protect.exe
3644	protect.exe
3644	protect.exe
3644	protect.exe
3644	protect.exe
3644	protect.exe
3644	protect.exe
3644	protect.exe
3644	protect.exe
3644	protect.exe
3644	protect.exe
3644	protect.exe
3644	protect.exe
3644	protect.exe
3644	protect.exe
3644	protect.exe
3644	protect.exe
3644	protect.exe
3644	protect.exe
3644	protect.exe
3644	protect.exe
3644	protect.exe
3644	protect.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1364	chrome.exe
1364	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeDebugPrivilege	1316	Fantom.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe
Token: SeCreatePagefilePrivilege	1364	chrome.exe
Token: SeShutdownPrivilege	1364	chrome.exe

Suspicious use of FindShellTrayWindow 50 IoCs

pid	Process
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe
1364	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2472	RedBoot.exe
3644	protect.exe
2712	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1364 wrote to memory of 3680	1364	chrome.exe	84
PID 1364 wrote to memory of 3680	1364	chrome.exe	84
PID 1364 wrote to memory of 2072	1364	chrome.exe	85
PID 1364 wrote to memory of 2072	1364	chrome.exe	85
PID 1364 wrote to memory of 2072	1364	chrome.exe	85
PID 1364 wrote to memory of 2072	1364	chrome.exe	85
PID 1364 wrote to memory of 2072	1364	chrome.exe	85
PID 1364 wrote to memory of 2072	1364	chrome.exe	85
PID 1364 wrote to memory of 2072	1364	chrome.exe	85
PID 1364 wrote to memory of 2072	1364	chrome.exe	85
PID 1364 wrote to memory of 2072	1364	chrome.exe	85
PID 1364 wrote to memory of 2072	1364	chrome.exe	85
PID 1364 wrote to memory of 2072	1364	chrome.exe	85
PID 1364 wrote to memory of 2072	1364	chrome.exe	85
PID 1364 wrote to memory of 2072	1364	chrome.exe	85
PID 1364 wrote to memory of 2072	1364	chrome.exe	85
PID 1364 wrote to memory of 2072	1364	chrome.exe	85
PID 1364 wrote to memory of 2072	1364	chrome.exe	85
PID 1364 wrote to memory of 2072	1364	chrome.exe	85
PID 1364 wrote to memory of 2072	1364	chrome.exe	85
PID 1364 wrote to memory of 2072	1364	chrome.exe	85
PID 1364 wrote to memory of 2072	1364	chrome.exe	85
PID 1364 wrote to memory of 2072	1364	chrome.exe	85
PID 1364 wrote to memory of 2072	1364	chrome.exe	85
PID 1364 wrote to memory of 2072	1364	chrome.exe	85
PID 1364 wrote to memory of 2072	1364	chrome.exe	85
PID 1364 wrote to memory of 2072	1364	chrome.exe	85
PID 1364 wrote to memory of 2072	1364	chrome.exe	85
PID 1364 wrote to memory of 2072	1364	chrome.exe	85
PID 1364 wrote to memory of 2072	1364	chrome.exe	85
PID 1364 wrote to memory of 2072	1364	chrome.exe	85
PID 1364 wrote to memory of 2072	1364	chrome.exe	85
PID 1364 wrote to memory of 4040	1364	chrome.exe	86
PID 1364 wrote to memory of 4040	1364	chrome.exe	86
PID 1364 wrote to memory of 1256	1364	chrome.exe	87
PID 1364 wrote to memory of 1256	1364	chrome.exe	87
PID 1364 wrote to memory of 1256	1364	chrome.exe	87
PID 1364 wrote to memory of 1256	1364	chrome.exe	87
PID 1364 wrote to memory of 1256	1364	chrome.exe	87
PID 1364 wrote to memory of 1256	1364	chrome.exe	87
PID 1364 wrote to memory of 1256	1364	chrome.exe	87
PID 1364 wrote to memory of 1256	1364	chrome.exe	87
PID 1364 wrote to memory of 1256	1364	chrome.exe	87
PID 1364 wrote to memory of 1256	1364	chrome.exe	87
PID 1364 wrote to memory of 1256	1364	chrome.exe	87
PID 1364 wrote to memory of 1256	1364	chrome.exe	87
PID 1364 wrote to memory of 1256	1364	chrome.exe	87
PID 1364 wrote to memory of 1256	1364	chrome.exe	87
PID 1364 wrote to memory of 1256	1364	chrome.exe	87
PID 1364 wrote to memory of 1256	1364	chrome.exe	87
PID 1364 wrote to memory of 1256	1364	chrome.exe	87
PID 1364 wrote to memory of 1256	1364	chrome.exe	87
PID 1364 wrote to memory of 1256	1364	chrome.exe	87
PID 1364 wrote to memory of 1256	1364	chrome.exe	87
PID 1364 wrote to memory of 1256	1364	chrome.exe	87
PID 1364 wrote to memory of 1256	1364	chrome.exe	87
PID 1364 wrote to memory of 1256	1364	chrome.exe	87
PID 1364 wrote to memory of 1256	1364	chrome.exe	87
PID 1364 wrote to memory of 1256	1364	chrome.exe	87
PID 1364 wrote to memory of 1256	1364	chrome.exe	87
PID 1364 wrote to memory of 1256	1364	chrome.exe	87
PID 1364 wrote to memory of 1256	1364	chrome.exe	87
PID 1364 wrote to memory of 1256	1364	chrome.exe	87
PID 1364 wrote to memory of 1256	1364	chrome.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Da2dalus/The-MALWARE-Repo
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffca930cc40,0x7ffca930cc4c,0x7ffca930cc58
  2⤵
  PID:3680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2120,i,3326323478823362246,5709023667222567840,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2024 /prefetch:2
  2⤵
  PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1896,i,3326323478823362246,5709023667222567840,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  PID:4040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1976,i,3326323478823362246,5709023667222567840,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1924 /prefetch:8
  2⤵
  PID:1256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,3326323478823362246,5709023667222567840,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:3884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,3326323478823362246,5709023667222567840,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4496,i,3326323478823362246,5709023667222567840,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4792 /prefetch:8
  2⤵
  PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5164,i,3326323478823362246,5709023667222567840,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5128 /prefetch:8
  2⤵
  PID:2368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5208,i,3326323478823362246,5709023667222567840,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5324 /prefetch:8
  2⤵
  PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5480,i,3326323478823362246,5709023667222567840,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5180 /prefetch:8
  2⤵
  PID:628
- C:\Users\Admin\Downloads\Fantom.exe
  "C:\Users\Admin\Downloads\Fantom.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:1316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5152,i,3326323478823362246,5709023667222567840,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4960 /prefetch:8
  2⤵
  PID:1332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5436,i,3326323478823362246,5709023667222567840,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4944 /prefetch:8
  2⤵
  PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5604,i,3326323478823362246,5709023667222567840,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5616 /prefetch:8
  2⤵
  PID:4776
- C:\Users\Admin\Downloads\RedBoot.exe
  "C:\Users\Admin\Downloads\RedBoot.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2472
- - C:\Users\Admin\74437433\protect.exe
    "C:\Users\Admin\74437433\protect.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:3644
- - C:\Users\Admin\74437433\assembler.exe
    "C:\Users\Admin\74437433\assembler.exe" -f bin "C:\Users\Admin\74437433\boot.asm" -o "C:\Users\Admin\74437433\boot.bin"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:3824
- - C:\Users\Admin\74437433\overwrite.exe
    "C:\Users\Admin\74437433\overwrite.exe" "C:\Users\Admin\74437433\boot.bin"
    3⤵
    - Executes dropped EXE
    - Writes to the Master Boot Record (MBR)
    - System Location Discovery: System Language Discovery
    PID:2732

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4496

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3000

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
PID:4088

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3a36855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:2712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\74437433\assembler.exe

Filesize
589KB

MD5
7e3cea1f686207563c8369f64ea28e5b

SHA1
a1736fd61555841396b0406d5c9ca55c4b6cdf41

SHA256
2a5305369edb9c2d7354b2f210e91129e4b8c546b0adf883951ea7bf7ee0f2b2

SHA512
4629bc32094bdb030e6c9be247068e7295599203284cb95921c98fcbe3ac60286670be7e5ee9f0374a4017286c7af9db211bd831e3ea871d31a509d7bbc1d6a3

Download Submit
C:\Users\Admin\74437433\boot.asm

Filesize
825B

MD5
def1219cfb1c0a899e5c4ea32fe29f70

SHA1
88aedde59832576480dfc7cd3ee6f54a132588a8

SHA256
91e74c438099172b057bedf693d877bd08677d5f2173763986be4974c0970581

SHA512
1e735d588cb1bb42324eaff1b9190ec6a8254f419d1ba4a13d03716ff5c102a335532b573a5befb08da90586e5670617066564ef9872f8c415b9a480836df423

Download Submit
C:\Users\Admin\74437433\boot.bin

Filesize
512B

MD5
90053233e561c8bf7a7b14eda0fa0e84

SHA1
16a7138387f7a3366b7da350c598f71de3e1cde2

SHA256
a760d8bc77ad8c0c839d4ef162ce44d5897af6fa84e0cc05ecc0747759ea76c2

SHA512
63fda509cd02fd9d1374435f95515bc74f1ca8a9650b87d2299f8eee3a1c5a41b1cb8a4e1360c75f876f1dae193fdf4a96eba244683308f34d64d7ce37af2bb4

Download Submit
C:\Users\Admin\74437433\overwrite.exe

Filesize
288KB

MD5
bc160318a6e8dadb664408fb539cd04b

SHA1
4b5eb324eebe3f84e623179a8e2c3743ccf32763

SHA256
f2bc5886b0f189976a367a69da8745bf66842f9bba89f8d208790db3dad0c7d2

SHA512
51bc090f2821c57d94cfe4399b1f372a68d2811ea0b87d1ac1d6cf8ae39b167038ac21c471b168f1d19c6b213762024abb7e9e5ca311b246b46af0888289e46c

Download Submit
C:\Users\Admin\74437433\protect.exe

Filesize
837KB

MD5
fd414666a5b2122c3d9e3e380cf225ed

SHA1
de139747b42a807efa8a2dcc1a8304f9a29b862d

SHA256
e61a8382f7293e40cb993ddcbcaa53a4e5f07a3d6b6a1bfe5377a1a74a8dcac6

SHA512
9ab2163d7deff29c202ed88dba36d5b28f6c67e647a0cadb3d03cc725796e19e5f298c04b1c8523d1d1ee4307e1a5d6f8156fa4021627d6ca1bbd0830695ae05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\61b4f60f-432b-4e40-8bf4-a09bb22d3d88.tmp

Filesize
9KB

MD5
d9ff8dfdad6b6961ab223ffce506aa5a

SHA1
4b66ab812c8acab0eece13bd0d08abbd7b9afafd

SHA256
444f9614eff0fc2707cdb42a5be65a9c838287d5f4f53b457c1215c1352ecda8

SHA512
1c077fcaf318535f9ef057c7b2b2478ecf7113d3769a0bed8623302afc984d8f9d62de2831d71b3410838b0ad5f2a3e11d081355364ef29ed4bbcfa35836ffb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
e079be5eb322b44f30784d95dccac847

SHA1
e90a4f9d9d034e596f0696ac74e24a5600b094b4

SHA256
6284c9ec4b02f4a864f9cffcb0d211a75247816b086a3a20e56b0420068c7341

SHA512
4ccc380f60a344bc65bf2565bf53aa71fc20382b8ebea79b197e9c38e3171274036642c5ffedd577543d3819bef906d89b432c1e25482f4a192f889bf1a2d813

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
2ca307ca06910d635862c61f129652a3

SHA1
03e336e7317d2cfaab33395ac6fbe1c83a8c5329

SHA256
174236008047ac5476560b1077e2d2dc585ee6cea65007b25539e962bda6cc96

SHA512
765c1b62711ae9829a1c2c664899d64d6ee1569bf37613ce89ba72811db602fe87ce9fd6a66c01a720fe3e120b58b52468b65225e3133796a0a6a0f5385cb10e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b2f2cc7440ee9f52bb0a6d7628e55775

SHA1
c21c069691d89ada2ea98e2c11d59828615ff376

SHA256
eae35c594d77b6fbd6f602220cbb5801274044bdc875f060e4c3189e684240c8

SHA512
5abb8cc6fe22a91e72ca09907efbed79b046ef1bfc32a0e56dfb704ae377b4da0c1de512f2609f4f53b7bb68822fb5d440ad060f53ab260d3032657425958b67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
21087b3c7575330f21858de439296ff0

SHA1
f8d9dcbbfd682df6c79158edb82994644d0815f2

SHA256
45d2b120103e98665eee9ec880d985e02181d945cf9dced447df77987510c01f

SHA512
4ac6d4bb1a6c78570d11e5253d11b290f5a0ebcac028a677c0a1b01fe8cebe00ba80c749ebef4d9b9f7981e485ac5b69792aa0bc48e7dfb8b9d2d9ea4da9fcc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
45f1f3e083de4c89eb165e02a2cf752b

SHA1
c02c52866cc90ad861227a7a9f371ac5cd390b34

SHA256
ead83e848252dd34524decd2c792bda41c91b4f0ad24207e7b95c264680133bc

SHA512
ab7e9970b08c64a74fd59991aeb558c8611d1315b5e85001e98832515c30deca3192b7e30c00d1a57b1dd0dc1588ac91cb1100ba83ecb2c01413ea4cdd131991

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
83cbbd12fb04ba20d1b0ea5b383c62e3

SHA1
b6a6afbe07047e8c6c319af2b781e374cff87be0

SHA256
a5b42a768e44e8aa1aaf774b10611e663dcc6498769e69727d6158dea86b964e

SHA512
98159a434bc2224fe8fcf15945e86164b83f863a13147d8bd7ace0c42b7e28d22607475ac39dc80b1d9ca3754837ae1a8d7770abaa4795b34fae3cfc420fbf14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
578caa62b75cac107e89bd5f3026d1e0

SHA1
655daff15aa0e6e25eb0f7e972228daef1b1f847

SHA256
b61851ae96a6fa4b7faf446a5a8fab1d0c424b63db805d48d148af598ed82ec6

SHA512
9ddf97868bf333652f53509aa384c3718886e1d024478e5569a02096f7a3df3615d283645143566b87bc3b2c7e98f0dda97fc348ec554bd2e91c495d4f572b00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b0915aa53bb1760ffb21a0edc950674f

SHA1
b93087bad25821a010ecab87a5fafea76e82a3b4

SHA256
d650c670bafb91941622bcbc97aa472c730c131020b25507162c615f9a75a423

SHA512
e1feb09333a73267dd6ed9a55cefff813ef2a1d8e124c58d64dc993cc4b8f22a610daa003a77a46fdee4e264c04d4bc472d3786be58834f5859292bc2496f720

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
087f4fea7abfdb450d9a3984812fbcf3

SHA1
50b32e631e16dda45b46a164a74080b01c955346

SHA256
a11ef5f1a219636728958c30f75b6fdcd1c23e9a3d6687638383ffec3bd0e85c

SHA512
7243a2e95fdecab33a70b0c0d9dc4d74b7fa11a111b603da442facd6e24d5d6c13cadd5323a5b9623c8a74f3de4b1257f311f9f0a3780087be079ccbc64b8302

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a12a3b1dca92c1c5ca0621b01c96c6bd

SHA1
99ae473ba2207f7e27be65d982d17f9587e8e687

SHA256
0264df47c6f96b5dbaabf455cf268447a791bfa47f75786d9b50b8625ed67ecc

SHA512
3472d032a5c4746a525a9e9d47dded4daad4b9de9d8dc7e4eba31a51584be8cdf9494d9df6fd2cdfe129d9a6e24b1fff757e2dde1f90ed4af93baf86e59e7156

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
eee058a06ee3431f8f6c3f79c692348e

SHA1
53f77973bd537e67181ea9bf0c6c9fb54a18748b

SHA256
312ec382fa4786d381c0ec6b2315eecdf38e0fab74a768dfddf13e714a689510

SHA512
c73a6bf50570008cd2e29ea79a379af1d0dd491af1ea4999613060a631b62602587cbce6bed59d905000f0f70ac2ac0f3a83db81bd377e647b1bea5f5db8ce4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
123KB

MD5
6f2ca16be7f00ef31315ec061c134251

SHA1
f5b3ce2fedd94e12071ed6529ffd12c91d5b1e54

SHA256
e5921d9d7ebc7de2750d554a52d68072ff1c7883cb17e163ba0d06f0285646c8

SHA512
38a2ab17c4189a2c50de913eeb168a0dd3045b956ab28a222d23e86475d9d97b0d1100d6efee691ecc30da1eafb07cdc817455163a5e4a7324e76624824b41a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
123KB

MD5
85d2a8b28ac301cb4488899965e8a9b6

SHA1
d691a892c11d456b5640383b687b57daec5a7c91

SHA256
8cd7c185f27fd3df784d16fb0caea6547ba79ad5f4877859437e26163589bad1

SHA512
faf6c78f4f34cb0410ad512f5066c055781e12564a1520f6b3df2f067a10948710f223a69784fab2555a3492a669dc5559f489ecefb338b4a33b189577b20c0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
123KB

MD5
eef5d6df904e0b8dffe155042b30b0f1

SHA1
5c3737c12ce7f3ae3147497c27ff593632cc410f

SHA256
ad2d859f3a6647a47ad4b2bd749183ceb38c991d73c18e169aaa41b83124679a

SHA512
fdd0a54abbba2070f125ae43e9a61714712df1a52b65dfdd2e84fd6454d5fbb00f450fa3fea0a0bb589a5aa5dc5b98912c48b10f9d9a824f44f58c517cab4c4d

Download Submit
C:\Users\Admin\Downloads\RedBoot.exe

Filesize
1.2MB

MD5
e0340f456f76993fc047bc715dfdae6a

SHA1
d47f6f7e553c4bc44a2fe88c2054de901390b2d7

SHA256
1001a8c7f33185217e6e1bdbb8dba9780d475da944684fb4bf1fc04809525887

SHA512
cac10c675d81630eefca49b2ac4cc83f3eb29115ee28a560db4d6c33f70bf24980e48bb48ce20375349736e3e6b23a1ca504b9367917328853fffc5539626bbc

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 670541.crdownload

Filesize
261KB

MD5
7d80230df68ccba871815d68f016c282

SHA1
e10874c6108a26ceedfc84f50881824462b5b6b6

SHA256
f4234a501edcd30d3bc15c983692c9450383b73bdd310059405c5e3a43cc730b

SHA512
64d02b3e7ed82a64aaac1f74c34d6b6e6feaac665ca9c08911b93eddcec66595687024ec576e74ea09a1193ace3923969c75de8733859835fef45335cf265540

Download Submit
memory/1316-289-0x0000000002490000-0x00000000024BB000-memory.dmp

Filesize
172KB

Download
memory/1316-364-0x0000000004D00000-0x00000000052A6000-memory.dmp

Filesize
5.6MB

Download
memory/1316-273-0x0000000002490000-0x00000000024BB000-memory.dmp

Filesize
172KB

Download
memory/1316-271-0x0000000002490000-0x00000000024BB000-memory.dmp

Filesize
172KB

Download
memory/1316-269-0x0000000002490000-0x00000000024BB000-memory.dmp

Filesize
172KB

Download
memory/1316-267-0x00000000752A0000-0x0000000075A51000-memory.dmp

Filesize
7.7MB

Download
memory/1316-264-0x0000000002490000-0x00000000024BB000-memory.dmp

Filesize
172KB

Download
memory/1316-262-0x0000000002490000-0x00000000024BB000-memory.dmp

Filesize
172KB

Download
memory/1316-260-0x0000000002490000-0x00000000024BB000-memory.dmp

Filesize
172KB

Download
memory/1316-258-0x0000000002490000-0x00000000024BB000-memory.dmp

Filesize
172KB

Download
memory/1316-256-0x0000000002490000-0x00000000024BB000-memory.dmp

Filesize
172KB

Download
memory/1316-254-0x0000000002490000-0x00000000024BB000-memory.dmp

Filesize
172KB

Download
memory/1316-252-0x0000000002490000-0x00000000024BB000-memory.dmp

Filesize
172KB

Download
memory/1316-248-0x0000000002490000-0x00000000024BB000-memory.dmp

Filesize
172KB

Download
memory/1316-246-0x0000000002490000-0x00000000024BB000-memory.dmp

Filesize
172KB

Download
memory/1316-244-0x0000000002490000-0x00000000024BB000-memory.dmp

Filesize
172KB

Download
memory/1316-242-0x0000000002490000-0x00000000024BB000-memory.dmp

Filesize
172KB

Download
memory/1316-240-0x0000000002490000-0x00000000024BB000-memory.dmp

Filesize
172KB

Download
memory/1316-237-0x0000000002490000-0x00000000024BB000-memory.dmp

Filesize
172KB

Download
memory/1316-293-0x0000000002490000-0x00000000024BB000-memory.dmp

Filesize
172KB

Download
memory/1316-266-0x0000000002490000-0x00000000024BB000-memory.dmp

Filesize
172KB

Download
memory/1316-250-0x0000000002490000-0x00000000024BB000-memory.dmp

Filesize
172KB

Download
memory/1316-238-0x0000000002490000-0x00000000024BB000-memory.dmp

Filesize
172KB

Download
memory/1316-275-0x0000000002490000-0x00000000024BB000-memory.dmp

Filesize
172KB

Download
memory/1316-365-0x0000000004B60000-0x0000000004BF2000-memory.dmp

Filesize
584KB

Download
memory/1316-363-0x00000000752A0000-0x0000000075A51000-memory.dmp

Filesize
7.7MB

Download
memory/1316-366-0x00000000752A0000-0x0000000075A51000-memory.dmp

Filesize
7.7MB

Download
memory/1316-362-0x00000000752A0000-0x0000000075A51000-memory.dmp

Filesize
7.7MB

Download
memory/1316-367-0x0000000004CB0000-0x0000000004CBA000-memory.dmp

Filesize
40KB

Download
memory/1316-277-0x0000000002490000-0x00000000024BB000-memory.dmp

Filesize
172KB

Download
memory/1316-279-0x0000000002490000-0x00000000024BB000-memory.dmp

Filesize
172KB

Download
memory/1316-281-0x0000000002490000-0x00000000024BB000-memory.dmp

Filesize
172KB

Download
memory/1316-428-0x00000000752AE000-0x00000000752AF000-memory.dmp

Filesize
4KB

Download
memory/1316-429-0x00000000752A0000-0x0000000075A51000-memory.dmp

Filesize
7.7MB

Download
memory/1316-283-0x0000000002490000-0x00000000024BB000-memory.dmp

Filesize
172KB

Download
memory/1316-285-0x0000000002490000-0x00000000024BB000-memory.dmp

Filesize
172KB

Download
memory/1316-287-0x0000000002490000-0x00000000024BB000-memory.dmp

Filesize
172KB

Download
memory/1316-291-0x0000000002490000-0x00000000024BB000-memory.dmp

Filesize
172KB

Download
memory/1316-233-0x00000000752AE000-0x00000000752AF000-memory.dmp

Filesize
4KB

Download
memory/1316-297-0x0000000002490000-0x00000000024BB000-memory.dmp

Filesize
172KB

Download
memory/1316-299-0x0000000002490000-0x00000000024BB000-memory.dmp

Filesize
172KB

Download
memory/1316-301-0x0000000002490000-0x00000000024BB000-memory.dmp

Filesize
172KB

Download
memory/1316-295-0x0000000002490000-0x00000000024BB000-memory.dmp

Filesize
172KB

Download
memory/1316-236-0x00000000752A0000-0x0000000075A51000-memory.dmp

Filesize
7.7MB

Download
memory/1316-234-0x00000000022E0000-0x0000000002312000-memory.dmp

Filesize
200KB

Download
memory/1316-235-0x0000000002490000-0x00000000024C2000-memory.dmp

Filesize
200KB

Download
memory/2472-678-0x0000000000EC0000-0x000000000114E000-memory.dmp

Filesize
2.6MB

Download
memory/2472-478-0x0000000000EC0000-0x000000000114E000-memory.dmp

Filesize
2.6MB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads