b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784

General

Target

b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
Size

1.6MB
MD5

bf60b20442eb074a2b0b0b9f410aa40b
SHA1

679f886dc3613225c9238eb36669402f60f1ae85
SHA256

b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784
SHA512

81e669cfb677b25116d45b4f0e6341c611a3d56ee46cd019d6e5d8ef9daaf1f4cfeb0e4997032128b1af99ef93f9b81f4cd0026e5a11fdab5d73e4d98801c8b5

Score

10^/10

bootkit evasion persistence suricata trojan upx

Malware Config

Signatures

suricata: ET MALWARE Possible Windows executable sent when remote host claims to send a Text File
suricata: ET MALWARE Possible Windows executable sent when remote host claims to send a Text File
suricata

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

Processes:

resource	yara_rule
\Users\Admin\AppData\Local\Temp\kdb_semrjgj.dll	acprotect

Downloads MZ/PE file

Drops file in Drivers directory 35 IoCs

Processes:

b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe

description	ioc	process
File created	C:\Windows\system32\drivers\ksapi64_ev.sys	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File opened for modification	C:\Windows\system32\drivers\kavbootc.sys	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	C:\Windows\system32\drivers\kiscore.sys	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	C:\Windows\system32\drivers\kisknl.sys	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	C:\Windows\system32\drivers\kisnetflt64_arm.sys	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	C:\Windows\system32\drivers\kisnetmxp.sys	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	C:\Windows\system32\drivers\kdhacker64.sys	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	C:\Windows\system32\drivers\kisnetm_ev.sys	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	C:\Windows\system32\drivers\ksapi.sys	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	C:\Windows\system32\drivers\kusbquery.sys	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	C:\Windows\system32\drivers\kavbootc_ev.sys	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	C:\Windows\system32\drivers\kdhacker64_ev.sys	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	C:\Windows\system32\drivers\kisknl64.sys	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	C:\Windows\system32\drivers\kisknl_ev.sys	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	C:\Windows\system32\drivers\kisnetm64_ev.sys	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	C:\Windows\system32\drivers\kavbootc.sys	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	C:\Windows\system32\drivers\kavbootc64.sys	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	C:\Windows\system32\drivers\kisknl64_ev.sys	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	C:\Windows\system32\drivers\kisnetflt.sys	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	C:\Windows\system32\drivers\ksapi64_arm.sys	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	C:\Windows\system32\drivers\kdhacker.sys	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	C:\Windows\system32\drivers\ksapi_ev.sys	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	C:\Windows\system32\drivers\kusbquery64.sys	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File opened for modification	C:\Windows\SysWOW64\drivers\KAVBase.sys	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	C:\Windows\system32\drivers\kdhacker64_arm.sys	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	C:\Windows\system32\drivers\kisknl64_arm.sys	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	C:\Windows\system32\drivers\kisnetm64.sys	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	C:\Windows\system32\drivers\ksskrpr.sys	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	C:\Windows\system32\drivers\kavbootc64_arm.sys	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	C:\Windows\system32\drivers\kdhacker_ev.sys	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	C:\Windows\system32\drivers\kisnetm64_arm.sys	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	C:\Windows\system32\drivers\ksapi64.sys	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	C:\Windows\system32\drivers\kavbootc64_ev.sys	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	C:\Windows\system32\drivers\kisnetflt64.sys	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	C:\Windows\system32\drivers\kisnetm.sys	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
\Users\Admin\AppData\Local\Temp\kdb_semrjgj.dll	upx

Loads dropped DLL 1 IoCs

Processes:

b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe

pid process

1800 b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe

description ioc process

File opened for modification \??\PhysicalDrive0 b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe

Drops file in Program Files directory 64 IoCs

Processes:

b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe

description	ioc	process
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\data\system.dat	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\ksg\btfc2009.psg	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\ksg\ztvf2002.vsg	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\kshmpg.ini	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\cloudctrl.config	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\data\kunioncfg.dat	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\data\softuninstalllib.dat	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\data\speedtest.dat	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\kdownloader.exe	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\security\kxescan\kfcdetect.dll	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\security\kxescan\ksesscan.dll	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\data\rcmdv2sp01\cfg\pic\rcmdv2_normal_taobao1212_test1_sub3.png	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\security\ksde\deheurcfg.ini	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\ksg\zipe0003.ksg	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\ksg\ztvea003.vsg	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\kwsui.dll	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\data\rcmdv2sp01\cfg\pic\rcmdv2_roundicon_sysdoct.png	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\data\skin\theme\skin_space.png	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\kswebshield.dll	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\data\rcmdv2sp01\cfg\pic\rcmdv2_juhuasuan_3_8.png	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\data\rcmdv2sp01\cfg\pic\rcmdv2_normal_loan_bootopt.png	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\security\kxescan\spt\u6b1h7f5i5r8g7x2t6.dat	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\config\UserInterConf.dat	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\kpopinterengine.dll	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\ksg\ztv01002.vsg	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\kweibotool.exe	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\data\deexcfg.dat	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\ressrc\chs\delaydownloader.dat	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\data\fileupdatenotifier.dat	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\data\spdupcfg.dat	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\ksd.nlb	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\data\floatskin\kongqizhiliang.skin	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\security\kxescan\ksetc.dll	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\hmpgconfig.ini	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\inject.dat	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\security\kxescan\kae\kaecorea.dat	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\data\safe_business.dat	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\ksg\ztfd8003.fsg	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\kdh.dat	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\data\kupdateworkcfg.dat	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\kinst.exe	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\security\kavbootc64.sys	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\data\rcmdv2sp01\cfg\pic\haohuojingxuan-taobao.png	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\api-ms-win-core-memory-l1-1-0.dll	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\api-ms-win-core-synch-l1-1-0.dll	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\kshighvaluesp.dll	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\security\kxescan\ksreng3.dll	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\kxebscsp.dll	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\kxescore.exe	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\data\floatskin\skinicon\kfxspring_skin_img.png	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\data\rcmdv2sp01\cfg\pic\rcmdv2_normal_qiangpiao_sub3.png	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\ksg\ztf06001.fsg	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\data\floatskin\tianshizhiyi.skin	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\kteenmodecore.dll	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\kactivitycenter.dll	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\k2isfdpro64.dll.bak	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\kprivacypanel.dll	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\data\rcmdv2sp01\cfg\pic\rcmdv2_gamebox2.png	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\data\rcmdv2sp01\cfg\pic\rcmdv2_normal_calendar_icon.png	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\microsoft.vc80.crt.manifest	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\security\kxescan\ic.dat	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\kavlog2.exe	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\kswbc.dll	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
File created	\??\c:\program files (x86)\kingsoft\kingsoft antivirus\msvcp140.dll	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe

Modifies registry class 14 IoCs

Processes:

b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9B7A98EC-7EF9-468c-ACC8-37C793DBD7E0}\Implemented Categories\{A5F7140E-4311-4ef9-AABC-F55941B5EBE5}\idex = "3d7e8e6e50f0c662f0edc9631af5cf7f"	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79B5BC47-CEA1-4772-B433-7D1B3139F278}\Implemented Categories\{607568DD-B059-434b-B7E7-38EC51998F8E}\did = "5728A73133B43B7963AEF655735DA977"	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9B7A98EC-7EF9-468c-ACC8-37C793DBD7E0}\Implemented Categories\{A5F7140E-4311-4ef9-AABC-F55941B5EBE5}	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9B7A98EC-7EF9-468c-ACC8-37C793DBD7E0}	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9B7A98EC-7EF9-468c-ACC8-37C793DBD7E0}\Implemented Categories	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9B7A98EC-7EF9-468c-ACC8-37C793DBD7E0}\Implemented Categories\{A5F7140E-4311-4ef9-AABC-F55941B5EBE5}\idno = "1"	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79B5BC47-CEA1-4772-B433-7D1B3139F278}\Implemented Categories\{607568DD-B059-434b-B7E7-38EC51998F8E}\PacketPath_166_342_1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\kdb_semrjgj.dll"	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79B5BC47-CEA1-4772-B433-7D1B3139F278}	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79B5BC47-CEA1-4772-B433-7D1B3139F278}\Implemented Categories	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9B7A98EC-7EF9-468c-ACC8-37C793DBD7E0}\Implemented Categories\{A5F7140E-4311-4ef9-AABC-F55941B5EBE5}\svrid = "8l7b84ggvwy29cjjw7wrmzipgwul"	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79B5BC47-CEA1-4772-B433-7D1B3139F278}\Implemented Categories\{607568DD-B059-434b-B7E7-38EC51998F8E}	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9B7A98EC-7EF9-468c-ACC8-37C793DBD7E0}\Implemented Categories\{A5F7140E-4311-4ef9-AABC-F55941B5EBE5}\svrid	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe

pid	process
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe

description	pid	process
Token: SeDebugPrivilege	1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
Token: SeDebugPrivilege	1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe

pid	process
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe

pid	process
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
1800	b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe

C:\Users\Admin\AppData\Local\Temp\b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe
"C:\Users\Admin\AppData\Local\Temp\b615e085031fb93ff21a0b0e743cc92e0e8f4dd4b58c02e557ed0ad116bd1784.exe"
1⤵
- Drops file in Drivers directory
- Loads dropped DLL
- Checks whether UAC is enabled
- Writes to the Master Boot Record (MBR)
- Drops file in Program Files directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1800

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

1

T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\kdb_semrjgj.dll
Filesize
84.3MB

MD5
13ad0c8c5ad273243ed73a8e8b96ef26

SHA1
8129f41443fb0658a0cc07a1587ea9b663675f60

SHA256
3100e880e5309f562335b6a490d66b456515023222ecea113ef956dc91afd674

SHA512
bf9d707dc194fbf5040b401a265a30fa40d0aa4f5d3c1fd0178d1782a7ef95385b1cc8916ecb4ae76798a95858995b28891a2dd0e58df592b2985b22974bfce6

Download Submit
memory/1800-54-0x0000000074E91000-0x0000000074E93000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads