gozi_ifsb | c2086a985956435ea408500ddeab2134ae5c627d28ee3779173d6c20321db6da

General

Target

setup.bin.exe
Size

233KB
MD5

378a64dad5717c0930a7664ba33e8e46
SHA1

e155ce1f7f61120565bf03394f946abc207e6fbe
SHA256

c2086a985956435ea408500ddeab2134ae5c627d28ee3779173d6c20321db6da
SHA512

e3d7f17168ae8f5b30d16368055b634a05c6b1257267972e3a88957b5857d677482c43b225f72cecd83a5b585b2353cf59350725be52c13b26248613b7def56c

Score

10^/10

banker trojan gozi_ifsb

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 16 IoCs

Processes:

iexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXE

pid	process
1552	iexplore.exe
1552	iexplore.exe
1060	IEXPLORE.EXE
1060	IEXPLORE.EXE
1916	iexplore.exe
1916	iexplore.exe
1944	IEXPLORE.EXE
1944	IEXPLORE.EXE
1808	iexplore.exe
1808	iexplore.exe
1520	IEXPLORE.EXE
1520	IEXPLORE.EXE
1836	iexplore.exe
1836	iexplore.exe
1968	IEXPLORE.EXE
1968	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

iexplore.exeiexplore.exeiexplore.exeiexplore.exe

pid process

1552 iexplore.exe
1916 iexplore.exe
1808 iexplore.exe
1836 iexplore.exe

Checks whether UAC is enabled 8 IoCs

Processes:

iexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXE

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	iexplore.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	IEXPLORE.EXE
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	iexplore.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	IEXPLORE.EXE
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	iexplore.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	IEXPLORE.EXE
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	iexplore.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	IEXPLORE.EXE

Modifies Internet Explorer settings 1 TTPs 102 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeiexplore.exeIEXPLORE.EXEiexplore.exeiexplore.exeIEXPLORE.EXEIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D87E5C01-C0DB-11EA-AFE2-F6459340E2F6} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{006BAC41-C0DC-11EA-AFE2-F6459340E2F6} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F39DE6E1-C0DB-11EA-AFE2-F6459340E2F6} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0D371041-C0DC-11EA-AFE2-F6459340E2F6} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001b0829a874ca164698fa08cb019bbab800000000020000000000106600000001000020000000322eceeed71d9092d33fb36fceb8d83460265827ee30ac70834507ba559fdeaf000000000e8000000002000020000000b6d69642a4197dd4f9432b1e47dbc6f02dcb7d840eb5e8ab1fb8b38b25d61a4d90000000f58113f1682bce07e40940d560a3079f635c0f146a733916d6780e905676af14360e57a272201378b11253c24e2e9e118210a785a0f1285951ddbe446d4db09517cf4ecbc004661666ce2ff9ab5cecacef91e7710f4d06128b1389ad8ccee360dae14b8b7d36c900005aac915f488ba14d61b994c290ce86fef5158507273367d2eee15db4391cc89c63ae792a96c1f64000000063031ec1951a113d4547d7c03d570e06c685648cb3126997a197c1014685079a2a1ed86c19ca4fb4e2e3f0778359260846a0061e36545f785d07b094ff2bfbf7	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1131729243-447456001-3632642222-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe

Gozi, Gozi IFSB
Gozi ISFB is a well-known and widely distributed banking trojan.
banker trojan gozi_ifsb

Suspicious use of WriteProcessMemory 35 IoCs

Processes:

iexplore.exeiexplore.exeiexplore.exeiexplore.exe

description	pid	process	target process
PID 1552 wrote to memory of 1060	1552	iexplore.exe	IEXPLORE.EXE
PID 1552 wrote to memory of 1060	1552	iexplore.exe	IEXPLORE.EXE
PID 1552 wrote to memory of 1060	1552	iexplore.exe	IEXPLORE.EXE
PID 1552 wrote to memory of 1060	1552	iexplore.exe	IEXPLORE.EXE
PID 1552 wrote to memory of 1060	1552	iexplore.exe	IEXPLORE.EXE
PID 1552 wrote to memory of 1060	1552	iexplore.exe	IEXPLORE.EXE
PID 1552 wrote to memory of 1060	1552	iexplore.exe	IEXPLORE.EXE
PID 1552 wrote to memory of 1656	1552	iexplore.exe	IEXPLORE.EXE
PID 1552 wrote to memory of 1656	1552	iexplore.exe	IEXPLORE.EXE
PID 1552 wrote to memory of 1656	1552	iexplore.exe	IEXPLORE.EXE
PID 1552 wrote to memory of 1656	1552	iexplore.exe	IEXPLORE.EXE
PID 1552 wrote to memory of 1656	1552	iexplore.exe	IEXPLORE.EXE
PID 1552 wrote to memory of 1656	1552	iexplore.exe	IEXPLORE.EXE
PID 1552 wrote to memory of 1656	1552	iexplore.exe	IEXPLORE.EXE
PID 1916 wrote to memory of 1944	1916	iexplore.exe	IEXPLORE.EXE
PID 1916 wrote to memory of 1944	1916	iexplore.exe	IEXPLORE.EXE
PID 1916 wrote to memory of 1944	1916	iexplore.exe	IEXPLORE.EXE
PID 1916 wrote to memory of 1944	1916	iexplore.exe	IEXPLORE.EXE
PID 1916 wrote to memory of 1944	1916	iexplore.exe	IEXPLORE.EXE
PID 1916 wrote to memory of 1944	1916	iexplore.exe	IEXPLORE.EXE
PID 1916 wrote to memory of 1944	1916	iexplore.exe	IEXPLORE.EXE
PID 1808 wrote to memory of 1520	1808	iexplore.exe	IEXPLORE.EXE
PID 1808 wrote to memory of 1520	1808	iexplore.exe	IEXPLORE.EXE
PID 1808 wrote to memory of 1520	1808	iexplore.exe	IEXPLORE.EXE
PID 1808 wrote to memory of 1520	1808	iexplore.exe	IEXPLORE.EXE
PID 1808 wrote to memory of 1520	1808	iexplore.exe	IEXPLORE.EXE
PID 1808 wrote to memory of 1520	1808	iexplore.exe	IEXPLORE.EXE
PID 1808 wrote to memory of 1520	1808	iexplore.exe	IEXPLORE.EXE
PID 1836 wrote to memory of 1968	1836	iexplore.exe	IEXPLORE.EXE
PID 1836 wrote to memory of 1968	1836	iexplore.exe	IEXPLORE.EXE
PID 1836 wrote to memory of 1968	1836	iexplore.exe	IEXPLORE.EXE
PID 1836 wrote to memory of 1968	1836	iexplore.exe	IEXPLORE.EXE
PID 1836 wrote to memory of 1968	1836	iexplore.exe	IEXPLORE.EXE
PID 1836 wrote to memory of 1968	1836	iexplore.exe	IEXPLORE.EXE
PID 1836 wrote to memory of 1968	1836	iexplore.exe	IEXPLORE.EXE

C:\Users\Admin\AppData\Local\Temp\setup.bin.exe
"C:\Users\Admin\AppData\Local\Temp\setup.bin.exe"
1⤵
PID:1104

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of FindShellTrayWindow
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Suspicious use of WriteProcessMemory
PID:1552

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1552 CREDAT:275457 /prefetch:2
2⤵
- Suspicious use of SetWindowsHookEx
- Checks whether UAC is enabled
PID:1060

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1552 CREDAT:209929 /prefetch:2
2⤵
PID:1656

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of FindShellTrayWindow
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Suspicious use of WriteProcessMemory
PID:1916

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1916 CREDAT:275457 /prefetch:2
2⤵
- Suspicious use of SetWindowsHookEx
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
PID:1944

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of FindShellTrayWindow
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Suspicious use of WriteProcessMemory
PID:1808

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1808 CREDAT:275457 /prefetch:2
2⤵
- Suspicious use of SetWindowsHookEx
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
PID:1520

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of FindShellTrayWindow
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
- Suspicious use of WriteProcessMemory
PID:1836

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1836 CREDAT:275457 /prefetch:2
2⤵
- Suspicious use of SetWindowsHookEx
- Checks whether UAC is enabled
- Modifies Internet Explorer settings
PID:1968

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1060-2-0x0000000000000000-mapping.dmp

Download
memory/1060-3-0x0000000005FA0000-0x0000000005FC3000-memory.dmp

Filesize
140KB

Download
memory/1104-0-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/1104-1-0x0000000004F50000-0x0000000004F61000-memory.dmp

Filesize
68KB

Download
memory/1520-5-0x0000000000000000-mapping.dmp

Download
memory/1944-4-0x0000000000000000-mapping.dmp

Download
memory/1968-6-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads