redline | c957609147be9600ae8ecf2a977bfd8ae9eb1a8dfa0c4f303be0636ebd518156

Resubmissions

29-06-2024 12:53

240629-p4n3vs1bnp 10

29-06-2024 12:49

240629-p2sm9sxgjf 10

Analysis

max time kernel
195s
max time network
196s
platform
windows11-21h2_x64
resource
win11-20240611-en
resource tags

arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
submitted
29-06-2024 12:53

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

modest-menu.exe
Size

512KB
MD5

95615078a0eb33b1c7bcaa420550c44e
SHA1

9009ebd7a01c84a4637d06fd16be33cbb8dc2b61
SHA256

c957609147be9600ae8ecf2a977bfd8ae9eb1a8dfa0c4f303be0636ebd518156
SHA512

bff7428847a5d57d6a6229aa5442384b07df2d6a3ce0bf9d9a859232106845d3c3764a5d9dd1c2d7d16dda4f414636039f513d097947975538e9a5c2544e6d02
SSDEEP

12288:kKFfKsLIh/4h7TqZFjLb6A4OgyVUrFuma1HwTAT36Z/xZWb/GG:k8iP/EPqZFvb6A4xuGMTKWO

Score

10^/10

redline @mass1vexdd discovery infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

@mass1vexdd

94.228.166.68:80

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline
RedLine payload 1 IoCs

Processes:

resource yara_rule

behavioral1/memory/1420-1-0x0000000000400000-0x0000000000450000-memory.dmp family_redline
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Suspicious use of SetThreadContext 1 IoCs

Processes:

modest-menu.exe

description pid process target process

PID 4608 set thread context of 1420 4608 modest-menu.exe RegAsm.exe
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3380 4608 WerFault.exe modest-menu.exe

resource	yara_rule
behavioral1/memory/1420-1-0x0000000000400000-0x0000000000450000-memory.dmp	family_redline

description	pid	process	target process
PID 4608 set thread context of 1420	4608	modest-menu.exe	RegAsm.exe

pid	pid_target	process	target process
3380	4608	WerFault.exe	modest-menu.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

Taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	Taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Taskmgr.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 17 IoCs

Processes:

LogonUI.exechrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133641393007342847"	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "225"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360"	LogonUI.exe

Modifies registry class 1 IoCs

Processes:

Taskmgr.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings Taskmgr.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2394516847-3409208829-2230326962-1000_Classes\Local Settings	Taskmgr.exe

Suspicious behavior: EnumeratesProcesses 57 IoCs

Processes:

RegAsm.exeTaskmgr.exechrome.exe

pid	process
1420	RegAsm.exe
1420	RegAsm.exe
1420	RegAsm.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
400	chrome.exe
400	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

Taskmgr.exe

pid process

1232 Taskmgr.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

chrome.exe

pid process

400 chrome.exe
400 chrome.exe
400 chrome.exe
400 chrome.exe
400 chrome.exe
400 chrome.exe
400 chrome.exe

pid	process
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe
400	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

RegAsm.exeTaskmgr.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	1420	RegAsm.exe
Token: SeDebugPrivilege	1232	Taskmgr.exe
Token: SeSystemProfilePrivilege	1232	Taskmgr.exe
Token: SeCreateGlobalPrivilege	1232	Taskmgr.exe
Token: 33	1232	Taskmgr.exe
Token: SeIncBasePriorityPrivilege	1232	Taskmgr.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe
Token: SeShutdownPrivilege	400	chrome.exe
Token: SeCreatePagefilePrivilege	400	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

Taskmgr.exe

pid	process
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

Taskmgr.exe

pid	process
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe
1232	Taskmgr.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

LogonUI.exe

pid process

3592 LogonUI.exe

pid	process
3592	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

modest-menu.exechrome.exe

description	pid	process	target process
PID 4608 wrote to memory of 1420	4608	modest-menu.exe	RegAsm.exe
PID 4608 wrote to memory of 1420	4608	modest-menu.exe	RegAsm.exe
PID 4608 wrote to memory of 1420	4608	modest-menu.exe	RegAsm.exe
PID 4608 wrote to memory of 1420	4608	modest-menu.exe	RegAsm.exe
PID 4608 wrote to memory of 1420	4608	modest-menu.exe	RegAsm.exe
PID 4608 wrote to memory of 1420	4608	modest-menu.exe	RegAsm.exe
PID 4608 wrote to memory of 1420	4608	modest-menu.exe	RegAsm.exe
PID 4608 wrote to memory of 1420	4608	modest-menu.exe	RegAsm.exe
PID 400 wrote to memory of 976	400	chrome.exe	chrome.exe
PID 400 wrote to memory of 976	400	chrome.exe	chrome.exe
PID 400 wrote to memory of 2232	400	chrome.exe	chrome.exe
PID 400 wrote to memory of 2232	400	chrome.exe	chrome.exe
PID 400 wrote to memory of 2232	400	chrome.exe	chrome.exe
PID 400 wrote to memory of 2232	400	chrome.exe	chrome.exe
PID 400 wrote to memory of 2232	400	chrome.exe	chrome.exe
PID 400 wrote to memory of 2232	400	chrome.exe	chrome.exe
PID 400 wrote to memory of 2232	400	chrome.exe	chrome.exe
PID 400 wrote to memory of 2232	400	chrome.exe	chrome.exe
PID 400 wrote to memory of 2232	400	chrome.exe	chrome.exe
PID 400 wrote to memory of 2232	400	chrome.exe	chrome.exe
PID 400 wrote to memory of 2232	400	chrome.exe	chrome.exe
PID 400 wrote to memory of 2232	400	chrome.exe	chrome.exe
PID 400 wrote to memory of 2232	400	chrome.exe	chrome.exe
PID 400 wrote to memory of 2232	400	chrome.exe	chrome.exe
PID 400 wrote to memory of 2232	400	chrome.exe	chrome.exe
PID 400 wrote to memory of 2232	400	chrome.exe	chrome.exe
PID 400 wrote to memory of 2232	400	chrome.exe	chrome.exe
PID 400 wrote to memory of 2232	400	chrome.exe	chrome.exe
PID 400 wrote to memory of 2232	400	chrome.exe	chrome.exe
PID 400 wrote to memory of 2232	400	chrome.exe	chrome.exe
PID 400 wrote to memory of 2232	400	chrome.exe	chrome.exe
PID 400 wrote to memory of 2232	400	chrome.exe	chrome.exe
PID 400 wrote to memory of 2232	400	chrome.exe	chrome.exe
PID 400 wrote to memory of 2232	400	chrome.exe	chrome.exe
PID 400 wrote to memory of 2232	400	chrome.exe	chrome.exe
PID 400 wrote to memory of 2232	400	chrome.exe	chrome.exe
PID 400 wrote to memory of 2232	400	chrome.exe	chrome.exe
PID 400 wrote to memory of 2232	400	chrome.exe	chrome.exe
PID 400 wrote to memory of 2232	400	chrome.exe	chrome.exe
PID 400 wrote to memory of 2232	400	chrome.exe	chrome.exe
PID 400 wrote to memory of 2232	400	chrome.exe	chrome.exe
PID 400 wrote to memory of 1396	400	chrome.exe	chrome.exe
PID 400 wrote to memory of 1396	400	chrome.exe	chrome.exe
PID 400 wrote to memory of 568	400	chrome.exe	chrome.exe
PID 400 wrote to memory of 568	400	chrome.exe	chrome.exe
PID 400 wrote to memory of 568	400	chrome.exe	chrome.exe
PID 400 wrote to memory of 568	400	chrome.exe	chrome.exe
PID 400 wrote to memory of 568	400	chrome.exe	chrome.exe
PID 400 wrote to memory of 568	400	chrome.exe	chrome.exe
PID 400 wrote to memory of 568	400	chrome.exe	chrome.exe
PID 400 wrote to memory of 568	400	chrome.exe	chrome.exe
PID 400 wrote to memory of 568	400	chrome.exe	chrome.exe
PID 400 wrote to memory of 568	400	chrome.exe	chrome.exe
PID 400 wrote to memory of 568	400	chrome.exe	chrome.exe
PID 400 wrote to memory of 568	400	chrome.exe	chrome.exe
PID 400 wrote to memory of 568	400	chrome.exe	chrome.exe
PID 400 wrote to memory of 568	400	chrome.exe	chrome.exe
PID 400 wrote to memory of 568	400	chrome.exe	chrome.exe
PID 400 wrote to memory of 568	400	chrome.exe	chrome.exe
PID 400 wrote to memory of 568	400	chrome.exe	chrome.exe
PID 400 wrote to memory of 568	400	chrome.exe	chrome.exe
PID 400 wrote to memory of 568	400	chrome.exe	chrome.exe
PID 400 wrote to memory of 568	400	chrome.exe	chrome.exe
PID 400 wrote to memory of 568	400	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\modest-menu.exe
"C:\Users\Admin\AppData\Local\Temp\modest-menu.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4608

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4608 -s 308
2⤵
- Program crash
PID:3380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 4608 -ip 4608
1⤵
PID:244

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3240

C:\Windows\System32\Taskmgr.exe
"C:\Windows\System32\Taskmgr.exe"
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe17f9ab58,0x7ffe17f9ab68,0x7ffe17f9ab78
2⤵
PID:976

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1572 --field-trial-handle=1796,i,10805621449896867413,17754938162935827132,131072 /prefetch:2
2⤵
PID:2232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1796,i,10805621449896867413,17754938162935827132,131072 /prefetch:8
2⤵
PID:1396

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2168 --field-trial-handle=1796,i,10805621449896867413,17754938162935827132,131072 /prefetch:8
2⤵
PID:568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3108 --field-trial-handle=1796,i,10805621449896867413,17754938162935827132,131072 /prefetch:1
2⤵
PID:1196

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3196 --field-trial-handle=1796,i,10805621449896867413,17754938162935827132,131072 /prefetch:1
2⤵
PID:4248

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4204 --field-trial-handle=1796,i,10805621449896867413,17754938162935827132,131072 /prefetch:1
2⤵
PID:4528

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4388 --field-trial-handle=1796,i,10805621449896867413,17754938162935827132,131072 /prefetch:8
2⤵
PID:3492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4520 --field-trial-handle=1796,i,10805621449896867413,17754938162935827132,131072 /prefetch:8
2⤵
PID:552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4640 --field-trial-handle=1796,i,10805621449896867413,17754938162935827132,131072 /prefetch:8
2⤵
PID:2736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4772 --field-trial-handle=1796,i,10805621449896867413,17754938162935827132,131072 /prefetch:8
2⤵
PID:236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4916 --field-trial-handle=1796,i,10805621449896867413,17754938162935827132,131072 /prefetch:8
2⤵
PID:3932

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
2⤵
PID:1868

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x250,0x254,0x258,0x22c,0x25c,0x7ff76c84ae48,0x7ff76c84ae58,0x7ff76c84ae68
3⤵
PID:3184

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4924 --field-trial-handle=1796,i,10805621449896867413,17754938162935827132,131072 /prefetch:1
2⤵
PID:1232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3412 --field-trial-handle=1796,i,10805621449896867413,17754938162935827132,131072 /prefetch:1
2⤵
PID:4944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4768 --field-trial-handle=1796,i,10805621449896867413,17754938162935827132,131072 /prefetch:1
2⤵
PID:1808

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4920 --field-trial-handle=1796,i,10805621449896867413,17754938162935827132,131072 /prefetch:1
2⤵
PID:4412

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3388 --field-trial-handle=1796,i,10805621449896867413,17754938162935827132,131072 /prefetch:8
2⤵
PID:4328

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2476

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa39d9855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:3592

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
3d1ffc9398c8853a27881373deff1a70

SHA1
90de7254ccb614d4c4e915c8a295bc0a13e67f9e

SHA256
6df90a5dca58ee38a0af4666a733fbda2255e37cacfe149d5586bafd929d43a2

SHA512
58bec98755469563ec897de879996433374f14d57b82cc87175702e1dae67bd2a1939943dacc8916688a33c67c2501b0bb5bf4465ae204ce25ac49d937955a74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
7e074342c2980a5230262afdfdfc545c

SHA1
d01e406a352a69722d201ce8553f483117f88989

SHA256
a785e274beef3fc919b9715792b05ba6a64e0c90daa9fd0343b12c5f9dd6f57f

SHA512
0d4118c69580016a1b3a7c26446d19091940660982c18c057c26ee0601204d926465c734937d74009b9f554c578a5e9b7e48277e57b3bd8a2433aec98f692cd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\21c3856f-83dd-47e6-8c5f-f50b9aa1f4f8.tmp
Filesize
4KB

MD5
28db484e43858c32d6462ad8d1bd88a0

SHA1
1219cc8f83a6bafe51edca37cae3096f21fd39c7

SHA256
7f39a06508dda56931d6bf4aa6e2989780205ac5602658b0855d53e217c1cf7b

SHA512
90ac939090447f8f1cfcf0ad51e107b0898f87fe840e0b0b7fcaf88f34cb8673b37df5e732d2cd69878a4f741b37c4d405bb21e395453f74efe71e40ed10de06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
e480e8f7f3f68cc8e599136b5b6709f9

SHA1
e9a8883aea53247f2f86f642c4e94a4bbbbaebbf

SHA256
e294ab51489b95a2292fbda6e29ca56645245aa98d74c198f515131d1dcddfd4

SHA512
a34394b3cd64f9e6dc50011837b89bebf5feb59dc5b4f6549a01c932a356e406a6367e8907c280eca05723dd5d2919472a002372abc5deaf71bbe46a20d9dd6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
692B

MD5
7361ad277abb952c240d71c6ec9afed1

SHA1
e31870b522bb46bec1077400be92f4fdbbff8fb0

SHA256
40797dc46f764ebc62982d887f288f234477c6bd6bbdb98cb5ad14a86baebdc6

SHA512
4a222b099ac27d715819d790353a6c9640c08e76a807772e0d29464b3350709e651738d6c1143e0da07e434108921322bcc948dba0a54f10a1fac1250b1edaeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
82386a0a5ab3ae8f994e93192be35d96

SHA1
5e513d06a329827ec32cd1b45799e91ec3826214

SHA256
d2923ef45d208eddb423b600ef451e97d3ee30743733f4594fcbc5f765f25aa3

SHA512
464c8fb473a32606754b4ae7480bd7175f27bc87b30c4a0213192839d85f7f9a9a7b9eb4acff804443ceaf3ffabcfd319b2dfaad35fd721cbfe100d6b87f3bd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
790d217e725ffb41fb8556c4f79ce1c2

SHA1
04f3858ebaf54820219710fc72ed55320772d5b3

SHA256
1479e65249a1cbfd73548f58a5679e649386cd7d77e5053408658eb934307f6c

SHA512
c9c8d8e34ce9cddcd1793f10a60fdfe0263672d4c30fe0749dc4274b29db53c3c11be0ec9b940f6ecb4c3dad40b2ebe2aeebb75c2c0e4e9aad17042f7f5ded53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
0b6906a714da7c2a5cd7598be25d8463

SHA1
19c355bfa74a8b00157ad02a4f5a97f705ae9b1c

SHA256
9be3b651c54941878de59f84f4924ca8992869a6bce96a71bde16e1f1b76f672

SHA512
f29389990d4c8f2482773d2ffd9db46e1dadff08addcf5a71cff33cc896368b81ba7ba5e3a4db0b8edfc0af724c18b69e453538853a7d632b7dd3847dafd7881

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
dad82b99023abae0e0d00eb4d7b6bc72

SHA1
5801b34ab06ea8aace76605b0dd531acb31c9197

SHA256
10485fa6c0cd6e480d1444b4a0312a3861393b4094a28fdfd69a1adf56b5e752

SHA512
c17186fbde03f86997e3b0e944e5da3a8d26e8fae4edf0ad37d85a48e946bfda4ed0d39168aa94f23e099af0b03354a05b3fff9f40b6d42eca842250532b54d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
2e7c2840f62ae3a313255ac2a45b9fd3

SHA1
bbcbab9f02bcf4855415a9ee1a6a30902ffb0593

SHA256
94b3449c4c2c6d2bbca0f19e0f0cd8a8710530fc33003d8d81867ef95ecf4ee0

SHA512
5fd0b1fa92878bc93e1137031c46b0b63a9097febbd5969c00c80d1d2c532b5e847e08a08353f0ac599e33d51ee266ea20d8ac79c32f6d4273e61c4a1ebf5989

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
7a0cd89d799c13784b6279bb02ef5769

SHA1
2ab05a91350c538df2e24b5b63e73a8175bfe67a

SHA256
642d7c97c8223b5d9192a91b7cb8fa2e65b9539dba405888ec317a9616afe6a0

SHA512
43da08523b7b49004032782365677b58315a5576cc1b05b91875f2e9be395edf3058c3bfba71a1fd6926beaf7c85791371c8b6a30e2246dcb8b92a0da494c4a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
c822c8159b680b7c60da2e066cdef60f

SHA1
9e631121b61f4e0fc478e6ffa4ee893dd5cd7742

SHA256
a36584d93e9bd2a9caf45862cfd2cfc8229386bacd924b0877ea817877f9f8e4

SHA512
7ef426d5ce6b1b86769dc9dabc7c51a6c29c4170990edef1e6f3718c3ceb2eef8e3a7241d377573aadc2f8f4a43f8ed0422f10b65cc34117bf5346a7df554468

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
5159a6395536161590b02cea0dfbfe0c

SHA1
2b8b3ea1356596d5a3caa92faaf12d664dbcdeac

SHA256
afe555bab0b78a5ee926c42d7d6b50d5421fdbaff2ae66effd06cc3175303a5f

SHA512
8aa8442bb8f7bfbaf75c511282dc77713b6d41a3f7aa562032689d61f5a4e1a41922a2bf2a1bdb9ba54c5ceaae2bc64afbf65879945d4fdacb7b1d457859cc33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
56B

MD5
94275bde03760c160b707ba8806ef545

SHA1
aad8d87b0796de7baca00ab000b2b12a26427859

SHA256
c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968

SHA512
2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe593dbb.TMP
Filesize
120B

MD5
6f0b0c8123b8219ff1b4419c08851201

SHA1
bddbc707da5783e89520421a16804eb5df3e9883

SHA256
0b877819c6d1607ef9342ff43ac3b521a8a7ebcb55d2ba10fbf137f4a198991a

SHA512
153f75805d8986770ed4c094bfcacd7bbf8f3548a6bb491523df9095de16f7571227eba12126181e9c81c8fd307ece9a172a625fb0e4ee1a944ab8960b580d6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
281KB

MD5
5827a5b4031224ae609b509e441707a9

SHA1
25e0bd56c07d1663c2a98885058967712d012a5a

SHA256
3ac7869aee0b76705147259abddca5f928ea66c54af249eb78fdb4b73b613fe9

SHA512
6cf0b66d59635bd6b99c8363f90260644ca0756cc357fb1b30ff142beb28b6a4e7dc4bdbada6de075f54e87ad8b6e5eeabc9350a2a74c551473e684d816314e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
88KB

MD5
79d5c502d27598e9b9b8152253aa80e1

SHA1
645f4f291f37f0107c1124c63c5ac637dba0287f

SHA256
d8e33ca6cd434f4d861afc1a447834de4aa56f755e24cde5d3f0ac527d2d9d67

SHA512
ecfdbf82c8075a2b7eb629385c492d9d3fdd3d9f06ed089e3a84d44978fae33ae7ee3b75210b4d77b78e727f72d2c80cb87eaf498e2b42b5b322b906f88bd5f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe597bed.TMP
Filesize
83KB

MD5
25322a5d0c5546a41c0a5640ecc06aa2

SHA1
a1126101a16f64a8edc9ba66215085200fbb5321

SHA256
59bd6c3ca26e1704c5bbd3fb79a5afe84e801b72144eb5a111e3cad8c45f36de

SHA512
27d3dd84455c8dbc96255c3e6963f8bf0c9da353d05b273bc22fcab0ae6f341113e08f1f5d293e43f6f53b83b90118d25b1d22edc8a726bb6e9f97cc2e8fff01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\a35145fe-35d1-4843-ae56-21713e64f9e1.tmp
Filesize
281KB

MD5
f5af612df5a0b93d2dbbcc5f74657828

SHA1
dae617a539075cf8d1b387436b288e1a037ccf20

SHA256
9a0976694bcec68a4888c5e9d68ad65f4e20ab7b263ec797562b8ee97b2a39e0

SHA512
678c19269d131c8f267cdb9758f553b08675a37cbd20ee589afcd2a60c256abfbdd1f9c146a4c3c83bb879b0053ca062df98a51ceb0f1b50d6fe5aae007ba636

Download Submit
C:\Windows\System32\sfru8t.exe
Filesize
7.2MB

MD5
f6d8913637f1d5d2dc846de70ce02dc5

SHA1
5fc9c6ab334db1f875fbc59a03f5506c478c6c3e

SHA256
4e72ca1baee2c7c0f50a42614d101159a9c653a8d6f7498f7bf9d7026c24c187

SHA512
21217a0a0eca58fc6058101aa69cf30d5dbe419c21fa7a160f44d8ebbcf5f4011203542c8f400a9bb8ee3826706417f2939c402f605817df597b7ff812b43036

Download Submit
\??\pipe\crashpad_400_XCAGCQFIWCFGOMYP
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1232-26-0x000001E13A3D0000-0x000001E13A3D1000-memory.dmp

Filesize
4KB

Download
memory/1232-18-0x000001E13A3D0000-0x000001E13A3D1000-memory.dmp

Filesize
4KB

Download
memory/1232-27-0x000001E13A3D0000-0x000001E13A3D1000-memory.dmp

Filesize
4KB

Download
memory/1232-25-0x000001E13A3D0000-0x000001E13A3D1000-memory.dmp

Filesize
4KB

Download
memory/1232-24-0x000001E13A3D0000-0x000001E13A3D1000-memory.dmp

Filesize
4KB

Download
memory/1232-28-0x000001E13A3D0000-0x000001E13A3D1000-memory.dmp

Filesize
4KB

Download
memory/1232-29-0x000001E13A3D0000-0x000001E13A3D1000-memory.dmp

Filesize
4KB

Download
memory/1232-30-0x000001E13A3D0000-0x000001E13A3D1000-memory.dmp

Filesize
4KB

Download
memory/1232-19-0x000001E13A3D0000-0x000001E13A3D1000-memory.dmp

Filesize
4KB

Download
memory/1232-20-0x000001E13A3D0000-0x000001E13A3D1000-memory.dmp

Filesize
4KB

Download
memory/1420-14-0x0000000009E20000-0x000000000A34C000-memory.dmp

Filesize
5.2MB

Download
memory/1420-8-0x00000000083C0000-0x00000000084CA000-memory.dmp

Filesize
1.0MB

Download
memory/1420-15-0x00000000098F0000-0x0000000009940000-memory.dmp

Filesize
320KB

Download
memory/1420-1-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/1420-13-0x0000000009720000-0x00000000098E2000-memory.dmp

Filesize
1.8MB

Download
memory/1420-12-0x00000000090E0000-0x0000000009146000-memory.dmp

Filesize
408KB

Download
memory/1420-11-0x00000000084D0000-0x000000000851C000-memory.dmp

Filesize
304KB

Download
memory/1420-10-0x0000000006B80000-0x0000000006BBC000-memory.dmp

Filesize
240KB

Download
memory/1420-9-0x0000000006B20000-0x0000000006B32000-memory.dmp

Filesize
72KB

Download
memory/1420-17-0x0000000074E10000-0x00000000755C1000-memory.dmp

Filesize
7.7MB

Download
memory/1420-7-0x0000000006C00000-0x0000000007218000-memory.dmp

Filesize
6.1MB

Download
memory/1420-6-0x0000000074E10000-0x00000000755C1000-memory.dmp

Filesize
7.7MB

Download
memory/1420-5-0x0000000005640000-0x000000000564A000-memory.dmp

Filesize
40KB

Download
memory/1420-4-0x0000000005660000-0x00000000056F2000-memory.dmp

Filesize
584KB

Download
memory/1420-3-0x0000000005C10000-0x00000000061B6000-memory.dmp

Filesize
5.6MB

Download
memory/1420-2-0x0000000074E1E000-0x0000000074E1F000-memory.dmp

Filesize
4KB

Download
memory/4608-0-0x0000000000F50000-0x0000000000F51000-memory.dmp

Filesize
4KB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads