hxxp://user1[.]test[.]cbtb7-bkbd14[.]xyz[//]?e=ZmxvcmluLnRhY3VAbWFlLnJv

General

Target

http://user1.test.cbtb7-bkbd14.xyz//?e=ZmxvcmluLnRhY3VAbWFlLnJv
Sample

211012-g3cz7sbeal

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

Processes:

IEXPLORE.EXEiexplore.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "232"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60718ef5dabed701	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$blogger	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "25"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "232"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 3	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$WordPress	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$http://www.typepad.com/	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c07f7c0cdbbed701	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "25"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DOMStorage\cbtb7-bkbd14.xyz	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "232"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Discuz!	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000dc21cd4e5d91da47b7b2dd49bafda68b000000000200000000001066000000010000200000002268cb1d427f2cbcc89f2b887a8f877aa2a64ff9a61d341c4e1da8219cef5873000000000e80000000020000200000009ee18a5af77c52fae1776be6015b49a0003a81d1ba685e0445d8f25bf58873da00010000037a544f83fc3217ee75c53a395053506c0bd3162b4cf51b8aa6c499ea526fdabb426a675b0f921d7ed19735b931fb19938d98481a7a617624397f8299065b5b953b1ffc161cada9f57e4e566a86bde725393b7355ca98877eebe4cee2ae757cde7ec3a5cc78b4aeb535510486d38456b0e691963526bdc63f3e78a09b2eff08f41f27db3333ebe2e9f9ebcbcfb0ed9a517c4cf109b47b3aec7a5a6d10e35d281de26a724669d6ffabc45ee0de63886308583dbd0d3d060fe8ab3bb500f2f1ca1016fc0178781e3bd845bbc93109af9c355cc40125711b3403e51c019d3fac4570ef32fb3c9d97115305d58938e23f4447fbacfc6eed2301503826d9ff7bdd0c400000001c116790d862516ccd066a1b2fab68ace77b49ebb82e412e4d7e48b08b82d3e25060de657f986f85fd56f94823342cef8e78019cffe1693f9239fdc9979156b7	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A56515F6-2D90-11EC-B2DB-5210EA48215F} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\FlipAhead	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$MediaWiki	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30916314"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000dc21cd4e5d91da47b7b2dd49bafda68b00000000020000000000106600000001000020000000a5224e980b63386b3101a3063b6aad7b4a262f2e13cf736ce8db7d7188e95da1000000000e800000000200002000000014b422f7c70052d1525b962a307a595100b9da90ba6caa7644993cd7a1a7600e20000000c7bd0bc94342478861003419c216e8ca380e7564b32cb21462cd21fb20b8da4e400000000c0a8961052679d7baa0f061c14815fd0f2612c23a2f04b844ada4f9f003b5c2c5bd836917b04cddb25645067044541a4fb604afb6959f1257b8f6060d5647e6	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000dc21cd4e5d91da47b7b2dd49bafda68b00000000020000000000106600000001000020000000900b96a2a75fece91a322b0e67fde26bcf3b86925df10c57a38be732c70a47ee000000000e8000000002000020000000fbf5dd2385662722d459b53bb7ea428905f68dca2487913a8cd404aca564fdce20000000d2df148229983ba366e76434dc4026a25ebec984ee2f100dfc8972a98108cbc1400000006933b6b8a0a447e92c88244341126dd20e108da7a250ef34ac7e5ac26a85980c2863a5070a09fdea835a8b44d51fe99c44b1637a591ef19f82b5b5240bcb4fb7	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 4	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\FlipAhead\NextUpdateDate = "340796088"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DOMStorage\user1.test.cbtb7-bkbd14.xyz	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "4054575793"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "25"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "64"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "64"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Telligent	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000dc21cd4e5d91da47b7b2dd49bafda68b00000000020000000000106600000001000020000000e809343a2c2c02ffac104078c447a2d5e999f9d0d63aaf4df1b36fc80ffba04a000000000e8000000002000020000000e71ea471d5fe88d883183d86c19d74c032f35a415f3546638b073ffaf63c9e0b200000002c5e4ab60a0919c9cb00f003905ec6544e1ff15584b2313cb2156337de74ddc440000000c279d51e67952bdead1f86bebfb5114598d0527630e77268f2d4dddf39f7d19e98cd39bd446154192f1510e31116756849a5d058ee6557f4557763b38a89db07	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "340747502"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000dc21cd4e5d91da47b7b2dd49bafda68b000000000200000000001066000000010000200000006cafd93fc1b5350a917b4e294ee9ddc2e9ce59ff740078013afc7b816de0704e000000000e80000000020000200000006ff4ca790575e9967afda543205615fb439b046c1ffb130d1253f647653ade4600010000398aeba56c0073ae618b31fc2f74e048a186984864585f0463f41b059951146826d2a17a2e56ca1b1a2be166d8952726b0071711d15fdc04204e497fbbdd303dee282a55655be313597e1883d1692de7c552e9b7043107089d6edff9acc6192916fd3145092358c91d5e73f6475ec3381b0b22b892d334da527a54c8cbae1b42c33622314413f1cbb009cba8c5be2d9b86c75f67f55b50c86cd11ce271ff033b193aad710577830fa06d4d5583485eda9406fa2d826d617ddf67c372fe0c3bca2c569705fa78af05b6787c1a7f0929d71695518c8b75ee8f4125f2b2f7aee4c3338203f0a3b84112397badf7c161c74c007c3a8b06880798264ab04775e6f82e4000000089904e1f09b11c265bb8a164e198d9d44f88aa63b38235a46d4617fe9047951b1845d506d491051ab9e19236dcdbaf475b83704e0e2bc9a9ace152f0e73321c0	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000dc21cd4e5d91da47b7b2dd49bafda68b00000000020000000000106600000001000020000000d8149b91b00ccbeea69957cdbc316db62f8e06525c1fcad7c67b94451d1e6b37000000000e8000000002000020000000b321590647c153b3c2f662aed2d1cd03c76a313fe99100743608aa7e9354c9f10001000056e70c2be436de1117e007bd0ff766e40d653aa7cfdb5d1c0ae3cff0ab5b6cd76c4f755d4e7cc213f396da4550b86ab52ca20a2bdee10452b84033328adc72bb9463321834e53134deb49032052eefa2d4cc6d73ad81d82b75daf9c7e41a1cf67ccbf878560b7c68936f31fae8aafd6d8967aa8e7871b135592d6da10c9ed22897e981a9ef0023c4e83f916ebefebfbe6ef514139b36a92b7c0df296f9fdd14cd2c577f02bbe043853928a7db5ae9330bed9e8ef31c3d1cf435976a48d10af4a828c535759f39d5a5a1c13f05cd3de637c1012c866bbda4fd0566c750db09fb8170485fced45744578d67fa88a51e729a89f89d6b2bd80fb514b7de2dacca8de40000000cabd77af625bc6f44606d1584d4cb2016ad50ac2ae5d6a5b63e362e56d9532253f292899cd480c07a2043d404d160e60c6a310c8219cafacb000204b7e86858b	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "64"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate\NextUpdateDate = "340764097"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "125"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DOMStorage\cbtb7-bkbd14.xyz\Total = "100"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\DOMStorage\cbtb7-bkbd14.xyz\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30916314"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c064ccf5dabed701	iexplore.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

iexplore.exe

pid process

4044 iexplore.exe
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

4044 iexplore.exe

Suspicious use of SetWindowsHookEx 16 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid	process
4044	iexplore.exe
4044	iexplore.exe
3812	IEXPLORE.EXE
3812	IEXPLORE.EXE
3812	IEXPLORE.EXE
3812	IEXPLORE.EXE
3812	IEXPLORE.EXE
3812	IEXPLORE.EXE
3812	IEXPLORE.EXE
3812	IEXPLORE.EXE
3812	IEXPLORE.EXE
3812	IEXPLORE.EXE
3812	IEXPLORE.EXE
3812	IEXPLORE.EXE
3812	IEXPLORE.EXE
3812	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 4044 wrote to memory of 3812	4044	iexplore.exe	IEXPLORE.EXE
PID 4044 wrote to memory of 3812	4044	iexplore.exe	IEXPLORE.EXE
PID 4044 wrote to memory of 3812	4044	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://user1.test.cbtb7-bkbd14.xyz//?e=ZmxvcmluLnRhY3VAbWFlLnJv
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4044

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4044 CREDAT:82945 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3812

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\C1YM7YWE.cookie
MD5
d40149cd907fe0eea049eb74d75b54a1

SHA1
be5e51ab96713237947bd550ceba176a60176211

SHA256
3672312e95ce8c528d454851abeca796ce96a2838c9d062f4f3ea1e3584f647e

SHA512
fc493d5007fb97061869fc69f3efccd0ffa3e8d13a96e11fb84a4bbab3cf02fb06be7b9da493ea89cc444d0249e3e304fe3a7bf030bef84bea7006c2cdb026a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\XPVCM2BA.cookie
MD5
b91f5ca1c844e54af4236400583fdae0

SHA1
0ae7b98b2f108d872fb59a746a56df85b71a7534

SHA256
fbd6d1f0b0c0d4dacb6cd93524d1a1cd8461a7a1d31b6a47a8ff69d38b4efc78

SHA512
e39442c342d89de0a81e94570aac0f1d69254a6bc0d3385dfd9ee2d929e40280a843956efd1807eafdf35281539d4b6df774f2e31f4a23d1ea8db9cde7f9b0ab

Download Submit
memory/3812-139-0x0000000000000000-mapping.dmp

Download
memory/4044-141-0x00007FFB8FEE0000-0x00007FFB8FF4B000-memory.dmp

Filesize
428KB

Download
memory/4044-126-0x00007FFB8FEE0000-0x00007FFB8FF4B000-memory.dmp

Filesize
428KB

Download
memory/4044-146-0x00007FFB8FEE0000-0x00007FFB8FF4B000-memory.dmp

Filesize
428KB

Download
memory/4044-122-0x00007FFB8FEE0000-0x00007FFB8FF4B000-memory.dmp

Filesize
428KB

Download
memory/4044-121-0x00007FFB8FEE0000-0x00007FFB8FF4B000-memory.dmp

Filesize
428KB

Download
memory/4044-123-0x00007FFB8FEE0000-0x00007FFB8FF4B000-memory.dmp

Filesize
428KB

Download
memory/4044-124-0x00007FFB8FEE0000-0x00007FFB8FF4B000-memory.dmp

Filesize
428KB

Download
memory/4044-143-0x00007FFB8FEE0000-0x00007FFB8FF4B000-memory.dmp

Filesize
428KB

Download
memory/4044-127-0x00007FFB8FEE0000-0x00007FFB8FF4B000-memory.dmp

Filesize
428KB

Download
memory/4044-128-0x00007FFB8FEE0000-0x00007FFB8FF4B000-memory.dmp

Filesize
428KB

Download
memory/4044-130-0x00007FFB8FEE0000-0x00007FFB8FF4B000-memory.dmp

Filesize
428KB

Download
memory/4044-131-0x00007FFB8FEE0000-0x00007FFB8FF4B000-memory.dmp

Filesize
428KB

Download
memory/4044-144-0x00007FFB8FEE0000-0x00007FFB8FF4B000-memory.dmp

Filesize
428KB

Download
memory/4044-134-0x00007FFB8FEE0000-0x00007FFB8FF4B000-memory.dmp

Filesize
428KB

Download
memory/4044-135-0x00007FFB8FEE0000-0x00007FFB8FF4B000-memory.dmp

Filesize
428KB

Download
memory/4044-136-0x00007FFB8FEE0000-0x00007FFB8FF4B000-memory.dmp

Filesize
428KB

Download
memory/4044-137-0x00007FFB8FEE0000-0x00007FFB8FF4B000-memory.dmp

Filesize
428KB

Download
memory/4044-118-0x00007FFB8FEE0000-0x00007FFB8FF4B000-memory.dmp

Filesize
428KB

Download
memory/4044-140-0x00007FFB8FEE0000-0x00007FFB8FF4B000-memory.dmp

Filesize
428KB

Download
memory/4044-114-0x00007FFB8FEE0000-0x00007FFB8FF4B000-memory.dmp

Filesize
428KB

Download
memory/4044-132-0x00007FFB8FEE0000-0x00007FFB8FF4B000-memory.dmp

Filesize
428KB

Download
memory/4044-119-0x00007FFB8FEE0000-0x00007FFB8FF4B000-memory.dmp

Filesize
428KB

Download
memory/4044-120-0x00007FFB8FEE0000-0x00007FFB8FF4B000-memory.dmp

Filesize
428KB

Download
memory/4044-148-0x00007FFB8FEE0000-0x00007FFB8FF4B000-memory.dmp

Filesize
428KB

Download
memory/4044-149-0x00007FFB8FEE0000-0x00007FFB8FF4B000-memory.dmp

Filesize
428KB

Download
memory/4044-150-0x00007FFB8FEE0000-0x00007FFB8FF4B000-memory.dmp

Filesize
428KB

Download
memory/4044-154-0x00007FFB8FEE0000-0x00007FFB8FF4B000-memory.dmp

Filesize
428KB

Download
memory/4044-155-0x00007FFB8FEE0000-0x00007FFB8FF4B000-memory.dmp

Filesize
428KB

Download
memory/4044-156-0x00007FFB8FEE0000-0x00007FFB8FF4B000-memory.dmp

Filesize
428KB

Download
memory/4044-162-0x00007FFB8FEE0000-0x00007FFB8FF4B000-memory.dmp

Filesize
428KB

Download
memory/4044-163-0x00007FFB8FEE0000-0x00007FFB8FF4B000-memory.dmp

Filesize
428KB

Download
memory/4044-164-0x00007FFB8FEE0000-0x00007FFB8FF4B000-memory.dmp

Filesize
428KB

Download
memory/4044-165-0x00007FFB8FEE0000-0x00007FFB8FF4B000-memory.dmp

Filesize
428KB

Download
memory/4044-166-0x00007FFB8FEE0000-0x00007FFB8FF4B000-memory.dmp

Filesize
428KB

Download
memory/4044-167-0x00007FFB8FEE0000-0x00007FFB8FF4B000-memory.dmp

Filesize
428KB

Download
memory/4044-168-0x00007FFB8FEE0000-0x00007FFB8FF4B000-memory.dmp

Filesize
428KB

Download
memory/4044-172-0x00007FFB8FEE0000-0x00007FFB8FF4B000-memory.dmp

Filesize
428KB

Download
memory/4044-174-0x00007FFB8FEE0000-0x00007FFB8FF4B000-memory.dmp

Filesize
428KB

Download
memory/4044-177-0x00007FFB8FEE0000-0x00007FFB8FF4B000-memory.dmp

Filesize
428KB

Download
memory/4044-178-0x00007FFB8FEE0000-0x00007FFB8FF4B000-memory.dmp

Filesize
428KB

Download
memory/4044-116-0x00007FFB8FEE0000-0x00007FFB8FF4B000-memory.dmp

Filesize
428KB

Download
memory/4044-115-0x00007FFB8FEE0000-0x00007FFB8FF4B000-memory.dmp

Filesize
428KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads