glupteba | 3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e

General

Target

3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
Size

4.3MB
MD5

8d39881b479efcda04f158e674cef5ee
SHA1

752a05d3729588289e99c41a57f1e3497a1a1d61
SHA256

3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e
SHA512

887e6f9d9926ed5ee00b919154e8eb24d45cfc006a5251b5c14a8524e214ac1277c42efc4e7f72080aa0fe9099984831fe53a5ac15bdba901bb537fa5eccf951

Score

10^/10

glupteba metasploit backdoor dropper loader trojan

Malware Config

Extracted

Family

metasploit

Version

windows/single_exec

Signatures

Glupteba
Glupteba is a modular loader written in Golang with various components.
loader dropper glupteba

Glupteba Payload 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2208-115-0x0000000003270000-0x0000000003B8E000-memory.dmp	family_glupteba
behavioral1/memory/2208-116-0x0000000000400000-0x0000000000D39000-memory.dmp	family_glupteba

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

Modifies data under HKEY_USERS 64 IoCs

Processes:

3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-161 = "Central Daylight Time"	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-2591 = "Tocantins Daylight Time"	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-2392 = "Aleutian Standard Time"	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-1661 = "Bahia Daylight Time"	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-51 = "Greenland Daylight Time"	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-491 = "India Daylight Time"	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-31 = "Mid-Atlantic Daylight Time"	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-181 = "Mountain Daylight Time (Mexico)"	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-1832 = "Russia TZ 2 Standard Time"	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-561 = "SE Asia Daylight Time"	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-2532 = "Chatham Islands Standard Time"	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-1802 = "Line Islands Standard Time"	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-182 = "Mountain Standard Time (Mexico)"	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-402 = "Arabic Standard Time"	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-142 = "Canada Central Standard Time"	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-831 = "SA Eastern Daylight Time"	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-11 = "Azores Daylight Time"	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-105 = "Central Brazilian Standard Time"	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-572 = "China Standard Time"	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-682 = "E. Australia Standard Time"	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-331 = "E. Europe Daylight Time"	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-1841 = "Russia TZ 4 Daylight Time"	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-1891 = "Russia TZ 3 Daylight Time"	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-132 = "US Eastern Standard Time"	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-461 = "Afghanistan Daylight Time"	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-1821 = "Russia TZ 1 Daylight Time"	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-2511 = "Lord Howe Daylight Time"	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-384 = "Namibia Daylight Time"	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-2182 = "Astrakhan Standard Time"	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-2612 = "Bougainville Standard Time"	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-152 = "Central America Standard Time"	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-1861 = "Russia TZ 6 Daylight Time"	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-792 = "SA Western Standard Time"	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-2162 = "Altai Standard Time"	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-1971 = "Belarus Daylight Time"	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-251 = "Dateline Daylight Time"	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-351 = "FLE Daylight Time"	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-2342 = "Haiti Standard Time"	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-2752 = "Tomsk Standard Time"	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-1042 = "Ulaanbaatar Standard Time"	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-391 = "Arab Daylight Time"	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-1871 = "Russia TZ 7 Daylight Time"	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-602 = "Taipei Standard Time"	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-2002 = "Cabo Verde Standard Time"	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-961 = "Paraguay Daylight Time"	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-562 = "SE Asia Standard Time"	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-42 = "E. South America Standard Time"	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-271 = "Greenwich Daylight Time"	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-501 = "Nepal Daylight Time"	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-652 = "AUS Central Standard Time"	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-2611 = "Bougainville Daylight Time"	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-232 = "Hawaiian Standard Time"	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-1822 = "Russia TZ 1 Standard Time"	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-622 = "Korea Standard Time"	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-542 = "Myanmar Standard Time"	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-1831 = "Russia TZ 2 Daylight Time"	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-2492 = "Aus Central W. Standard Time"	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\C:\Windows\system32\,@tzres.dll,-2412 = "Marquesas Standard Time"	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe

pid	process
2208	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
2208	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe

description	pid	process
Token: SeDebugPrivilege	2208	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
Token: SeImpersonatePrivilege	2208	3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe

C:\Users\Admin\AppData\Local\Temp\3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
"C:\Users\Admin\AppData\Local\Temp\3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2208

C:\Users\Admin\AppData\Local\Temp\3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe
"C:\Users\Admin\AppData\Local\Temp\3228dc8c6d843c7eefb7cbdc59b2333e1acfd2c3334f812fba7515f8f9271b1e.exe"
2⤵
- Modifies data under HKEY_USERS
PID:3132

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2208-115-0x0000000003270000-0x0000000003B8E000-memory.dmp

Filesize
9.1MB

Download
memory/2208-116-0x0000000000400000-0x0000000000D39000-memory.dmp

Filesize
9.2MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads