d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712

General

Target

d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
Size

300KB
MD5

34bb08ef3736dfb14f24a287b7842394
SHA1

d246bb89cd4969bb135d2b056a11dd8135830f55
SHA256

d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712
SHA512

d01a1eb74073d2c185fedff2af33b757c922622b684e57c0848d6f30ad0a3168df47d3cbcbb693971c6e6f872de737b5278b5fd43f39d6ee766573a899d8e67c

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\diuoxcnqsdo = "\"C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\vecaps.exe\""	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe

Enumerates connected drives 3 TTPs 24 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe

description	ioc	process
File opened (read-only)	\??\Q:	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
File opened (read-only)	\??\T:	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
File opened (read-only)	\??\U:	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
File opened (read-only)	\??\F:	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
File opened (read-only)	\??\G:	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
File opened (read-only)	\??\J:	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
File opened (read-only)	\??\N:	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
File opened (read-only)	\??\O:	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
File opened (read-only)	\??\W:	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
File opened (read-only)	\??\P:	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
File opened (read-only)	\??\R:	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
File opened (read-only)	\??\X:	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
File opened (read-only)	\??\H:	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
File opened (read-only)	\??\I:	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
File opened (read-only)	\??\K:	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
File opened (read-only)	\??\L:	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
File opened (read-only)	\??\M:	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
File opened (read-only)	\??\Y:	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
File opened (read-only)	\??\A:	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
File opened (read-only)	\??\B:	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
File opened (read-only)	\??\E:	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
File opened (read-only)	\??\S:	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
File opened (read-only)	\??\Z:	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
File opened (read-only)	\??\V:	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe

pid	process
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe

Suspicious use of SetWindowsHookAW 64 IoCs

Processes:

d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe

pid	process
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe

description	pid	process	target process
PID 4436 wrote to memory of 3212	4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe	nslookup.exe
PID 4436 wrote to memory of 3212	4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe	nslookup.exe
PID 4436 wrote to memory of 3212	4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe	nslookup.exe
PID 4436 wrote to memory of 3956	4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe	nslookup.exe
PID 4436 wrote to memory of 3956	4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe	nslookup.exe
PID 4436 wrote to memory of 3956	4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe	nslookup.exe
PID 4436 wrote to memory of 4060	4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe	nslookup.exe
PID 4436 wrote to memory of 4060	4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe	nslookup.exe
PID 4436 wrote to memory of 4060	4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe	nslookup.exe
PID 4436 wrote to memory of 4080	4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe	nslookup.exe
PID 4436 wrote to memory of 4080	4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe	nslookup.exe
PID 4436 wrote to memory of 4080	4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe	nslookup.exe
PID 4436 wrote to memory of 4176	4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe	nslookup.exe
PID 4436 wrote to memory of 4176	4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe	nslookup.exe
PID 4436 wrote to memory of 4176	4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe	nslookup.exe
PID 4436 wrote to memory of 4240	4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe	nslookup.exe
PID 4436 wrote to memory of 4240	4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe	nslookup.exe
PID 4436 wrote to memory of 4240	4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe	nslookup.exe
PID 4436 wrote to memory of 4336	4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe	nslookup.exe
PID 4436 wrote to memory of 4336	4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe	nslookup.exe
PID 4436 wrote to memory of 4336	4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe	nslookup.exe
PID 4436 wrote to memory of 4376	4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe	nslookup.exe
PID 4436 wrote to memory of 4376	4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe	nslookup.exe
PID 4436 wrote to memory of 4376	4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe	nslookup.exe
PID 4436 wrote to memory of 504	4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe	nslookup.exe
PID 4436 wrote to memory of 504	4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe	nslookup.exe
PID 4436 wrote to memory of 504	4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe	nslookup.exe
PID 4436 wrote to memory of 184	4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe	nslookup.exe
PID 4436 wrote to memory of 184	4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe	nslookup.exe
PID 4436 wrote to memory of 184	4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe	nslookup.exe
PID 4436 wrote to memory of 644	4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe	nslookup.exe
PID 4436 wrote to memory of 644	4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe	nslookup.exe
PID 4436 wrote to memory of 644	4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe	nslookup.exe
PID 4436 wrote to memory of 908	4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe	nslookup.exe
PID 4436 wrote to memory of 908	4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe	nslookup.exe
PID 4436 wrote to memory of 908	4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe	nslookup.exe
PID 4436 wrote to memory of 1192	4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe	nslookup.exe
PID 4436 wrote to memory of 1192	4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe	nslookup.exe
PID 4436 wrote to memory of 1192	4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe	nslookup.exe
PID 4436 wrote to memory of 1536	4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe	nslookup.exe
PID 4436 wrote to memory of 1536	4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe	nslookup.exe
PID 4436 wrote to memory of 1536	4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe	nslookup.exe
PID 4436 wrote to memory of 1976	4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe	nslookup.exe
PID 4436 wrote to memory of 1976	4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe	nslookup.exe
PID 4436 wrote to memory of 1976	4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe	nslookup.exe
PID 4436 wrote to memory of 2392	4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe	nslookup.exe
PID 4436 wrote to memory of 2392	4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe	nslookup.exe
PID 4436 wrote to memory of 2392	4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe	nslookup.exe
PID 4436 wrote to memory of 2676	4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe	nslookup.exe
PID 4436 wrote to memory of 2676	4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe	nslookup.exe
PID 4436 wrote to memory of 2676	4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe	nslookup.exe
PID 4436 wrote to memory of 3788	4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe	nslookup.exe
PID 4436 wrote to memory of 3788	4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe	nslookup.exe
PID 4436 wrote to memory of 3788	4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe	nslookup.exe
PID 4436 wrote to memory of 4444	4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe	nslookup.exe
PID 4436 wrote to memory of 4444	4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe	nslookup.exe
PID 4436 wrote to memory of 4444	4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe	nslookup.exe
PID 4436 wrote to memory of 3844	4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe	nslookup.exe
PID 4436 wrote to memory of 3844	4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe	nslookup.exe
PID 4436 wrote to memory of 3844	4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe	nslookup.exe
PID 4436 wrote to memory of 4656	4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe	nslookup.exe
PID 4436 wrote to memory of 4656	4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe	nslookup.exe
PID 4436 wrote to memory of 4656	4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe	nslookup.exe
PID 4436 wrote to memory of 4776	4436	d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe	nslookup.exe

C:\Users\Admin\AppData\Local\Temp\d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe
"C:\Users\Admin\AppData\Local\Temp\d98e60a3c34514b171fbd0e897786dbf41a13490ea9d5ea99d0c4e1bf1010712.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookAW
- Suspicious use of WriteProcessMemory
PID:4436

C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns1.wowservers.ru
2⤵
PID:3212

C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns2.wowservers.ru
2⤵
PID:3956

C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns2.wowservers.ru
2⤵
PID:4060

C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns1.wowservers.ru
2⤵
PID:4080

C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns1.wowservers.ru
2⤵
PID:4176

C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns2.wowservers.ru
2⤵
PID:4240

C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns2.wowservers.ru
2⤵
PID:4336

C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns1.wowservers.ru
2⤵
PID:4376

C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns1.wowservers.ru
2⤵
PID:504

C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns2.wowservers.ru
2⤵
PID:184

C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns2.wowservers.ru
2⤵
PID:644

C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns1.wowservers.ru
2⤵
PID:908

C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns1.wowservers.ru
2⤵
PID:1192

C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns2.wowservers.ru
2⤵
PID:1536

C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns2.wowservers.ru
2⤵
PID:1976

C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns1.wowservers.ru
2⤵
PID:2392

C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns1.wowservers.ru
2⤵
PID:2676

C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns2.wowservers.ru
2⤵
PID:3788

C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns2.wowservers.ru
2⤵
PID:4444

C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns1.wowservers.ru
2⤵
PID:3844

C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns1.wowservers.ru
2⤵
PID:4656

C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns2.wowservers.ru
2⤵
PID:4776

C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns2.wowservers.ru
2⤵
PID:4440

C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns1.wowservers.ru
2⤵
PID:4928

C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns1.wowservers.ru
2⤵
PID:3304

C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns2.wowservers.ru
2⤵
PID:996

C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns2.wowservers.ru
2⤵
PID:4528

C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns1.wowservers.ru
2⤵
PID:4004

C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns1.wowservers.ru
2⤵
PID:3976

C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns2.wowservers.ru
2⤵
PID:4292

C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns2.wowservers.ru
2⤵
PID:4308

C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns1.wowservers.ru
2⤵
PID:4392

C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns1.wowservers.ru
2⤵
PID:3684

C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns2.wowservers.ru
2⤵
PID:2196

C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns2.wowservers.ru
2⤵
PID:208

C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns1.wowservers.ru
2⤵
PID:4304

C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns1.wowservers.ru
2⤵
PID:860

C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns2.wowservers.ru
2⤵
PID:1064

C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns2.wowservers.ru
2⤵
PID:1236

C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns1.wowservers.ru
2⤵
PID:1712

C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns1.wowservers.ru
2⤵
PID:2236

C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns2.wowservers.ru
2⤵
PID:2656

C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns2.wowservers.ru
2⤵
PID:2256

C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns1.wowservers.ru
2⤵
PID:3556

C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns1.wowservers.ru
2⤵
PID:4556

C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns2.wowservers.ru
2⤵
PID:2152

C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns2.wowservers.ru
2⤵
PID:1380

C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns1.wowservers.ru
2⤵
PID:3400

C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns1.wowservers.ru
2⤵
PID:4904

C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns2.wowservers.ru
2⤵
PID:5076

C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns2.wowservers.ru
2⤵
PID:2156

C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns1.wowservers.ru
2⤵
PID:3784

C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns1.wowservers.ru
2⤵
PID:4536

C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns2.wowservers.ru
2⤵
PID:3984

C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns2.wowservers.ru
2⤵
PID:4156

C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns1.wowservers.ru
2⤵
PID:4484

C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns1.wowservers.ru
2⤵
PID:4260

C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns2.wowservers.ru
2⤵
PID:4244

C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns2.wowservers.ru
2⤵
PID:4372

C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns1.wowservers.ru
2⤵
PID:2664

C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns1.wowservers.ru
2⤵
PID:3336

C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns2.wowservers.ru
2⤵
PID:4136

C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns2.wowservers.ru
2⤵
PID:4180

C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns1.wowservers.ru
2⤵
PID:820

C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns1.wowservers.ru
2⤵
PID:1224

C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns2.wowservers.ru
2⤵
PID:1700

C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns2.wowservers.ru
2⤵
PID:2240

C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns1.wowservers.ru
2⤵
PID:2660

C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns1.wowservers.ru
2⤵
PID:1256

C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns2.wowservers.ru
2⤵
PID:1468

C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns2.wowservers.ru
2⤵
PID:2796

C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns1.wowservers.ru
2⤵
PID:2200

C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns1.wowservers.ru
2⤵
PID:2208

C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns2.wowservers.ru
2⤵
PID:2108

C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns2.wowservers.ru
2⤵
PID:3524

C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns1.wowservers.ru
2⤵
PID:2204

C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns1.wowservers.ru
2⤵
PID:3944

C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns2.wowservers.ru
2⤵
PID:4932

C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns2.wowservers.ru
2⤵
PID:4916

C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns1.wowservers.ru
2⤵
PID:5008

C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns1.wowservers.ru
2⤵
PID:1476

C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns2.wowservers.ru
2⤵
PID:4512

C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns2.wowservers.ru
2⤵
PID:4200

C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns1.wowservers.ru
2⤵
PID:4120

C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns1.wowservers.ru
2⤵
PID:4232

C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns2.wowservers.ru
2⤵
PID:4380

C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns2.wowservers.ru
2⤵
PID:4408

C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns1.wowservers.ru
2⤵
PID:4188

C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns1.wowservers.ru
2⤵
PID:4064

C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns2.wowservers.ru
2⤵
PID:4140

C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns2.wowservers.ru
2⤵
PID:4284

C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns1.wowservers.ru
2⤵
PID:424

C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns1.wowservers.ru
2⤵
PID:1368

C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns2.wowservers.ru
2⤵
PID:1876

C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns2.wowservers.ru
2⤵
PID:1588

C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns1.wowservers.ru
2⤵
PID:2072

C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns1.wowservers.ru
2⤵
PID:2544

C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns2.wowservers.ru
2⤵
PID:1972

C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns2.wowservers.ru
2⤵
PID:2224

C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns1.wowservers.ru
2⤵
PID:4600

C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns1.wowservers.ru
2⤵
PID:3772

C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns2.wowservers.ru
2⤵
PID:3696

C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns2.wowservers.ru
2⤵
PID:4572

C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns1.wowservers.ru
2⤵
PID:2188

C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns1.wowservers.ru
2⤵
PID:4996

C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns2.wowservers.ru
2⤵
PID:4884

C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns2.wowservers.ru
2⤵
PID:4864

C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns1.wowservers.ru
2⤵
PID:3248

C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns1.wowservers.ru
2⤵
PID:4072

C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns2.wowservers.ru
2⤵
PID:4456

C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns2.wowservers.ru
2⤵
PID:5088

C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns1.wowservers.ru
2⤵
PID:3972

C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns1.wowservers.ru
2⤵
PID:4216

C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns2.wowservers.ru
2⤵
PID:4220

C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns2.wowservers.ru
2⤵
PID:2668

C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns1.wowservers.ru
2⤵
PID:192

C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns1.wowservers.ru
2⤵
PID:196

C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns2.wowservers.ru
2⤵
PID:904

C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns2.wowservers.ru
2⤵
PID:692

C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns1.wowservers.ru
2⤵
PID:1292

C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns1.wowservers.ru
2⤵
PID:1704

C:\Windows\SysWOW64\nslookup.exe
nslookup ransomware.bit ns2.wowservers.ru
2⤵
PID:4504

C:\Windows\SysWOW64\nslookup.exe
nslookup carder.bit ns2.wowservers.ru
2⤵
PID:2428

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

2

T1012

Peripheral Device Discovery

1

T1120

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/184-126-0x0000000000000000-mapping.dmp

Download
memory/208-151-0x0000000000000000-mapping.dmp

Download
memory/504-125-0x0000000000000000-mapping.dmp

Download
memory/644-127-0x0000000000000000-mapping.dmp

Download
memory/820-180-0x0000000000000000-mapping.dmp

Download
memory/860-153-0x0000000000000000-mapping.dmp

Download
memory/908-128-0x0000000000000000-mapping.dmp

Download
memory/996-142-0x0000000000000000-mapping.dmp

Download
memory/1064-154-0x0000000000000000-mapping.dmp

Download
memory/1192-129-0x0000000000000000-mapping.dmp

Download
memory/1236-155-0x0000000000000000-mapping.dmp

Download
memory/1380-163-0x0000000000000000-mapping.dmp

Download
memory/1536-130-0x0000000000000000-mapping.dmp

Download
memory/1712-156-0x0000000000000000-mapping.dmp

Download
memory/1976-131-0x0000000000000000-mapping.dmp

Download
memory/2152-162-0x0000000000000000-mapping.dmp

Download
memory/2156-167-0x0000000000000000-mapping.dmp

Download
memory/2196-150-0x0000000000000000-mapping.dmp

Download
memory/2236-157-0x0000000000000000-mapping.dmp

Download
memory/2256-159-0x0000000000000000-mapping.dmp

Download
memory/2392-132-0x0000000000000000-mapping.dmp

Download
memory/2656-158-0x0000000000000000-mapping.dmp

Download
memory/2664-176-0x0000000000000000-mapping.dmp

Download
memory/2676-133-0x0000000000000000-mapping.dmp

Download
memory/3212-117-0x0000000000000000-mapping.dmp

Download
memory/3304-141-0x0000000000000000-mapping.dmp

Download
memory/3336-177-0x0000000000000000-mapping.dmp

Download
memory/3400-164-0x0000000000000000-mapping.dmp

Download
memory/3556-160-0x0000000000000000-mapping.dmp

Download
memory/3684-149-0x0000000000000000-mapping.dmp

Download
memory/3784-168-0x0000000000000000-mapping.dmp

Download
memory/3788-134-0x0000000000000000-mapping.dmp

Download
memory/3844-136-0x0000000000000000-mapping.dmp

Download
memory/3956-118-0x0000000000000000-mapping.dmp

Download
memory/3976-145-0x0000000000000000-mapping.dmp

Download
memory/3984-170-0x0000000000000000-mapping.dmp

Download
memory/4004-144-0x0000000000000000-mapping.dmp

Download
memory/4060-119-0x0000000000000000-mapping.dmp

Download
memory/4080-120-0x0000000000000000-mapping.dmp

Download
memory/4136-178-0x0000000000000000-mapping.dmp

Download
memory/4156-171-0x0000000000000000-mapping.dmp

Download
memory/4176-121-0x0000000000000000-mapping.dmp

Download
memory/4180-179-0x0000000000000000-mapping.dmp

Download
memory/4240-122-0x0000000000000000-mapping.dmp

Download
memory/4244-174-0x0000000000000000-mapping.dmp

Download
memory/4260-173-0x0000000000000000-mapping.dmp

Download
memory/4292-146-0x0000000000000000-mapping.dmp

Download
memory/4304-152-0x0000000000000000-mapping.dmp

Download
memory/4308-147-0x0000000000000000-mapping.dmp

Download
memory/4336-123-0x0000000000000000-mapping.dmp

Download
memory/4372-175-0x0000000000000000-mapping.dmp

Download
memory/4376-124-0x0000000000000000-mapping.dmp

Download
memory/4392-148-0x0000000000000000-mapping.dmp

Download
memory/4436-114-0x0000000003CA0000-0x0000000003DEA000-memory.dmp

Filesize
1.3MB

Download
memory/4436-115-0x0000000000400000-0x0000000003B9B000-memory.dmp

Filesize
55.6MB

Download
memory/4436-116-0x0000000003CA0000-0x0000000003DEA000-memory.dmp

Filesize
1.3MB

Download
memory/4440-139-0x0000000000000000-mapping.dmp

Download
memory/4444-135-0x0000000000000000-mapping.dmp

Download
memory/4484-172-0x0000000000000000-mapping.dmp

Download
memory/4528-143-0x0000000000000000-mapping.dmp

Download
memory/4536-169-0x0000000000000000-mapping.dmp

Download
memory/4556-161-0x0000000000000000-mapping.dmp

Download
memory/4656-137-0x0000000000000000-mapping.dmp

Download
memory/4776-138-0x0000000000000000-mapping.dmp

Download
memory/4904-165-0x0000000000000000-mapping.dmp

Download
memory/4928-140-0x0000000000000000-mapping.dmp

Download
memory/5076-166-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads