3db27f821c3bc04f27f7540c9a966545c733ac586f59a70c3896a0c635a314a6

General

Target

ijerph-17-02506-v2.pdf
Size

379KB
MD5

1315546b281cd86ce566e6eabb835711
SHA1

6d1f52907774bfeb741baa9a4f31d082a7293501
SHA256

3db27f821c3bc04f27f7540c9a966545c733ac586f59a70c3896a0c635a314a6
SHA512

19e09a28ef557dd4f9c2eb5b09ad124fe82f18265122a8dc866ca908014699a360626882a04e42b8ec7f0299b6b705b1a8f57ce7e31d4b528c318d54fd9b003e

Score

7^/10

spyware

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware

Data from Local System
T1005

Credentials in Files
T1081
Drops file in Program Files directory 1 IoCs

Processes:

chrome.exe

description ioc process

File created C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic chrome.exe
Drops file in Windows directory 1 IoCs

Processes:

WINWORD.EXE

description ioc process

File opened for modification C:\Windows\Debug\WIA\wiatrace.log WINWORD.EXE
Office loads VBA resources, possible macro or embedded object present
Enumerates system info in registry 2 TTPs 1 IoCs

Query Registry
T1012

System Information Discovery
T1082

Processes:

EXCEL.EXE

description ioc process

Key opened \REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor EXCEL.EXE

description	ioc	process
File created	C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic	chrome.exe

description	ioc	process
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	WINWORD.EXE

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor	EXCEL.EXE

Modifies Internet Explorer settings 1 TTPs 9 IoCs

adware spyware

Modify Registry

T1112

Processes:

EXCEL.EXE

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts = "1"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\Toolbar	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButton = "Yes"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\MenuExt	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\ONBttnIE.dll/105"	EXCEL.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts = "55"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3825035466-2522850611-591511364-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\EXCEL.EXE/3000"	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 2 IoCs

Processes:

EXCEL.EXEWINWORD.EXE

pid process

2772 EXCEL.EXE
3008 WINWORD.EXE
Suspicious behavior: EnumeratesProcesses 3 IoCs

Processes:

chrome.exechrome.exe

pid process

1892 chrome.exe
1624 chrome.exe
1624 chrome.exe

pid	process
2772	EXCEL.EXE
3008	WINWORD.EXE

pid	process
1892	chrome.exe
1624	chrome.exe
1624	chrome.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

Processes:

AUDIODG.EXE7zG.exe

description	pid	process
Token: 33	2544	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2544	AUDIODG.EXE
Token: 33	2544	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2544	AUDIODG.EXE
Token: SeRestorePrivilege	2696	7zG.exe
Token: 35	2696	7zG.exe
Token: SeSecurityPrivilege	2696	7zG.exe
Token: SeSecurityPrivilege	2696	7zG.exe

Suspicious use of FindShellTrayWindow 5 IoCs

Processes:

chrome.exe7zG.exe

pid process

1624 chrome.exe
1624 chrome.exe
1624 chrome.exe
1624 chrome.exe
2696 7zG.exe
Suspicious use of SetWindowsHookEx 9 IoCs

Processes:

AcroRd32.exeEXCEL.EXEWINWORD.EXE

pid process

1084 AcroRd32.exe
1084 AcroRd32.exe
1084 AcroRd32.exe
2772 EXCEL.EXE
2772 EXCEL.EXE
2772 EXCEL.EXE
2772 EXCEL.EXE
3008 WINWORD.EXE
3008 WINWORD.EXE

pid	process
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
1624	chrome.exe
2696	7zG.exe

pid	process
1084	AcroRd32.exe
1084	AcroRd32.exe
1084	AcroRd32.exe
2772	EXCEL.EXE
2772	EXCEL.EXE
2772	EXCEL.EXE
2772	EXCEL.EXE
3008	WINWORD.EXE
3008	WINWORD.EXE

Suspicious use of WriteProcessMemory 173 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1624 wrote to memory of 740	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 740	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 740	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1512	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1512	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1512	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1512	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1512	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1512	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1512	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1512	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1512	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1512	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1512	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1512	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1512	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1512	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1512	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1512	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1512	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1512	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1512	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1512	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1512	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1512	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1512	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1512	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1512	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1512	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1512	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1512	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1512	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1512	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1512	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1512	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1512	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1512	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1512	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1512	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1512	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1512	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1512	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1512	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1512	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1892	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1892	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1892	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1608	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1608	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1608	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1608	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1608	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1608	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1608	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1608	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1608	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1608	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1608	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1608	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1608	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1608	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1608	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1608	1624	chrome.exe	chrome.exe
PID 1624 wrote to memory of 1608	1624	chrome.exe	chrome.exe

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\ijerph-17-02506-v2.pdf"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=86.0.4240.111 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef68d6e00,0x7fef68d6e10,0x7fef68d6e20
2⤵
PID:740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1104,5630427096159932283,3076912384486687647,131072 --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --mojo-platform-channel-handle=1108 /prefetch:2
2⤵
PID:1512

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1104,5630427096159932283,3076912384486687647,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1220 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1892

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1104,5630427096159932283,3076912384486687647,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1868 /prefetch:1
2⤵
PID:1608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1104,5630427096159932283,3076912384486687647,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1888 /prefetch:1
2⤵
PID:2016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1104,5630427096159932283,3076912384486687647,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2072 /prefetch:1
2⤵
PID:940

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2444

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x580
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2544

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Documents\Files\" -ad -an -ai#7zMap20194:74:7zEvent25644
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2696

C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde
1⤵
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2772

C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\Admin\Documents\Opened.docx"
1⤵
- Drops file in Windows directory
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3008

C:\Windows\splwow64.exe
C:\Windows\splwow64.exe 12288
2⤵
PID:2128

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Credentials in Files

1

T1081

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Data from Local System

1

T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
MD5
296efaea1cbcc452cd07ee1b8857e557

SHA1
f6e3548b55da519fcb53fbf6b2e89f7d72fb647e

SHA256
16af517e54abeef85a0ac4629e4beb44507c46cf400e7e11f7583a5f3d5cb50d

SHA512
2d676de5436e159af3907301ef9fee8163ab96defe279379bc7e2162b2c608efbea225e5fd737966cda534c8fbbafa1586b67863f08b8e37ff26d9b2e7e0037e

Download Submit
\??\pipe\crashpad_1624_RIHPRAZFHTPBOSDZ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/740-0-0x0000000000000000-mapping.dmp

Download
memory/1512-2-0x0000000000060000-0x0000000000061000-memory.dmp

Filesize
4KB

Download
memory/1512-3-0x000000013FB43F60-0x000000013FB44020-memory.dmp

Filesize
192B

Download
memory/1512-6-0x0000000000000000-mapping.dmp

Download
memory/1512-8-0x0000000077500000-0x0000000077501000-memory.dmp

Filesize
4KB

Download
memory/1608-16-0x0000000000000000-mapping.dmp

Download
memory/1608-26-0x000006CB00040000-0x000006CB00041000-memory.dmp

Filesize
4KB

Download
memory/1608-31-0x0000000000080000-0x00000000000800B0-memory.dmp

Filesize
176B

Download
memory/1608-30-0x0000000008450000-0x0000000008461000-memory.dmp

Filesize
68KB

Download
memory/1892-7-0x0000000000000000-mapping.dmp

Download
memory/2016-64-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2016-58-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2016-34-0x000000000A1A0000-0x000000000A1B1000-memory.dmp

Filesize
68KB

Download
memory/2016-38-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2016-41-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2016-49-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2016-61-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2016-77-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2016-76-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2016-75-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2016-74-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2016-73-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2016-72-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2016-71-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2016-70-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2016-69-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2016-68-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2016-67-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2016-66-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2016-65-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2016-24-0x0000000000000000-mapping.dmp

Download
memory/2016-63-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2016-62-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2016-60-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2016-59-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2016-33-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2016-57-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2016-56-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2016-55-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2016-54-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2016-53-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2016-52-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2016-51-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2016-50-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2016-48-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2016-47-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2016-46-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2016-45-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2016-44-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2016-43-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2016-42-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2016-40-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2016-39-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2016-37-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2016-36-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2016-35-0x0000000000880000-0x00000000008800B0-memory.dmp

Filesize
176B

Download
memory/2128-84-0x0000000000000000-mapping.dmp

Download
memory/2772-80-0x00000000004A0000-0x00000000004A1000-memory.dmp

Filesize
4KB

Download
memory/2772-82-0x0000000004970000-0x0000000004974000-memory.dmp

Filesize
16KB

Download
memory/2868-79-0x000007FEF6500000-0x000007FEF677A000-memory.dmp

Filesize
2.5MB

Download
memory/3008-83-0x0000000005E90000-0x0000000005E91000-memory.dmp

Filesize
4KB

Download
memory/3008-85-0x0000000004790000-0x0000000004794000-memory.dmp

Filesize
16KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads