d950627ba013c91ea5fce0503032f797fc523e7e4f3a6547ae8c9b25cc0dfbd7

General

Target

SecurePayment_HealthNet.pdf
Size

23KB
MD5

10a075ce1ee756195cdcf53ab543c28b
SHA1

a1df7aa413b196c8e66e3567ee166e5441e5a0a1
SHA256

d950627ba013c91ea5fce0503032f797fc523e7e4f3a6547ae8c9b25cc0dfbd7
SHA512

194abdc5d209022e034ad384ece64c5e7909f04db1809cf60692fec573f2f019969f2a413eee44564b6afee74ad9f6ffc6ded43f2ca3e94abbdbb402a4e4c233
SSDEEP

384:8O4hg9ui9E0Vxo+oVORBAFcUDZw6zGCUSRb5eWnP0bUOCUSN:8OWgwi9E8xGVOEqOwLCbVsNK

Score

6^/10

collection

Malware Config

Signatures

Accesses Microsoft Outlook profiles 1 TTPs 5 IoCs

collection

Email Collection

T1114

Processes:

OUTLOOK.EXE

description	ioc	process
Key opened	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook	OUTLOOK.EXE
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook	OUTLOOK.EXE
Key queried	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook	OUTLOOK.EXE
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	OUTLOOK.EXE
Key queried	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	OUTLOOK.EXE

Drops file in System32 directory 14 IoCs

Processes:

OUTLOOK.EXE

description	ioc	process
File created	C:\Windows\SysWOW64\PerfStringBackup.TMP	OUTLOOK.EXE
File created	C:\Windows\system32\perfc007.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfc009.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfc00A.dat	OUTLOOK.EXE
File opened for modification	C:\Windows\SysWOW64\PerfStringBackup.INI	OUTLOOK.EXE
File created	C:\Windows\system32\perfh007.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfh009.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfh00C.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfh010.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfc011.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfc00C.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfh011.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfh00A.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfc010.dat	OUTLOOK.EXE

Drops file in Windows directory 3 IoCs

Processes:

OUTLOOK.EXE

description	ioc	process
File created	C:\Windows\inf\Outlook\0009\outlperf.ini	OUTLOOK.EXE
File created	C:\Windows\inf\Outlook\outlperf.h	OUTLOOK.EXE
File opened for modification	C:\Windows\inf\Outlook\outlperf.h	OUTLOOK.EXE

Modifies Internet Explorer settings 1 TTPs 43 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeOUTLOOK.EXEIEXPLORE.EXE

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{2A480511-3243-11ED-A503-626C2AE6DC56} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButton = "Yes"	OUTLOOK.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\EXCEL.EXE/3000"	OUTLOOK.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\ONBttnIE.dll/105"	OUTLOOK.EXE
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote	OUTLOOK.EXE
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel	OUTLOOK.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d3b98f5693c0d24b85f349229339c59c0000000002000000000010660000000100002000000034b208f7d6d4593ee6f3c69cd4617f819dfc77edcd211d26c308dddc2dc96a1b000000000e8000000002000020000000d20ed81666993772ad1beae1b8651cbd136ff1847c5d145f12165ff87cb398dc90000000bd750639be4abf8f10214226398e44d1a163a53412bf82c5867b5e1faca955dd2e29641740f2e1474925e7dcaa009f875ff32f0b978e04023d49f0e068a1427273b5382fd36d04a118429ef22ee7c4d4a60e9513bb0bd1298b5fa5a573db06ba72bca0f42cb5cbbc16dcb6ad8911fd5fda9e7cb6407c7e93a1c0f68b0b07f79fb7866f52c25258a7337893dbb618517a40000000c12a24105fc11ee3ea94d673f35a535834a8431d5563d6c235bad5a17510205c125ca67cc52c10da062a34ab2f8d57af5cba03cf5ae5752f52c5c364677893cd	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Toolbar	OUTLOOK.EXE
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "369714932"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d3b98f5693c0d24b85f349229339c59c0000000002000000000010660000000100002000000033481e023b7ed5d1dd5e33c43620ad4e4812481ff9cf7c37e288f80c223315c2000000000e8000000002000020000000a2e902ece1d840f8de518dd0bff6a142bf548a5c52bfe98bf160eb67b0e48a45200000008715cf5d83036cb8fc388f0299cdea2b5e667c9893000ff4f150661c10a09fed400000004fcf5def15ddf17e8eaaea1af3a9bf3d0922281778e7be2deefc3f79fc9fcd0bb8f87619f8553bc179e638ee41dbde31cf6a0d52ef2ed6d7c48fb3b5af497a63	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts = "55"	OUTLOOK.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 1026fa0650c6d801	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts = "1"	OUTLOOK.EXE
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\MenuExt	OUTLOOK.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

OUTLOOK.EXE

pid process

1528 OUTLOOK.EXE
Suspicious behavior: GetForegroundWindowSpam 2 IoCs

Processes:

AcroRd32.exemsdt.exe

pid process

752 AcroRd32.exe
536 msdt.exe
Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

iexplore.exemsdt.exe

pid process

1792 iexplore.exe
536 msdt.exe

pid	process
1528	OUTLOOK.EXE

pid	process
1792	iexplore.exe
536	msdt.exe

Suspicious use of SetWindowsHookEx 10 IoCs

Processes:

AcroRd32.exeiexplore.exeIEXPLORE.EXE

pid	process
752	AcroRd32.exe
752	AcroRd32.exe
752	AcroRd32.exe
752	AcroRd32.exe
1792	iexplore.exe
1792	iexplore.exe
920	IEXPLORE.EXE
920	IEXPLORE.EXE
920	IEXPLORE.EXE
920	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 21 IoCs

Processes:

AcroRd32.exeiexplore.exeIEXPLORE.EXE

description	pid	process	target process
PID 752 wrote to memory of 1792	752	AcroRd32.exe	iexplore.exe
PID 752 wrote to memory of 1792	752	AcroRd32.exe	iexplore.exe
PID 752 wrote to memory of 1792	752	AcroRd32.exe	iexplore.exe
PID 752 wrote to memory of 1792	752	AcroRd32.exe	iexplore.exe
PID 1792 wrote to memory of 920	1792	iexplore.exe	IEXPLORE.EXE
PID 1792 wrote to memory of 920	1792	iexplore.exe	IEXPLORE.EXE
PID 1792 wrote to memory of 920	1792	iexplore.exe	IEXPLORE.EXE
PID 1792 wrote to memory of 920	1792	iexplore.exe	IEXPLORE.EXE
PID 920 wrote to memory of 536	920	IEXPLORE.EXE	msdt.exe
PID 920 wrote to memory of 536	920	IEXPLORE.EXE	msdt.exe
PID 920 wrote to memory of 536	920	IEXPLORE.EXE	msdt.exe
PID 920 wrote to memory of 536	920	IEXPLORE.EXE	msdt.exe
PID 752 wrote to memory of 1528	752	AcroRd32.exe	OUTLOOK.EXE
PID 752 wrote to memory of 1528	752	AcroRd32.exe	OUTLOOK.EXE
PID 752 wrote to memory of 1528	752	AcroRd32.exe	OUTLOOK.EXE
PID 752 wrote to memory of 1528	752	AcroRd32.exe	OUTLOOK.EXE
PID 752 wrote to memory of 1528	752	AcroRd32.exe	OUTLOOK.EXE
PID 752 wrote to memory of 1528	752	AcroRd32.exe	OUTLOOK.EXE
PID 752 wrote to memory of 1528	752	AcroRd32.exe	OUTLOOK.EXE
PID 752 wrote to memory of 1528	752	AcroRd32.exe	OUTLOOK.EXE
PID 752 wrote to memory of 1528	752	AcroRd32.exe	OUTLOOK.EXE

outlook_win_path 1 IoCs

Processes:

OUTLOOK.EXE

description	ioc	process
Key queried	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook	OUTLOOK.EXE

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\SecurePayment_HealthNet.pdf"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:752

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://dik.si/mWTeL
2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1792

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1792 CREDAT:275457 /prefetch:2
3⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:920

C:\Windows\SysWOW64\msdt.exe
-modal 65986 -skip TRUE -path C:\Windows\diagnostics\system\networking -af C:\Users\Admin\AppData\Local\Temp\NDFABEC.tmp -ep NetworkDiagnosticsWeb
4⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:536

C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE
"C:\PROGRA~2\MICROS~1\Office14\OUTLOOK.EXE" -c IPM.Note /m "mailto:[email protected]"
2⤵
- Accesses Microsoft Outlook profiles
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Suspicious behavior: AddClipboardFormatListener
- outlook_win_path
PID:1528

C:\Windows\SysWOW64\sdiagnhost.exe
C:\Windows\SysWOW64\sdiagnhost.exe -Embedding
1⤵
PID:1828

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1

T1114

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
340B

MD5
4045ec2e5c76962fabeab02cd54aee08

SHA1
bb5fe422ad47ac440dc73ec2838611abd34f9dc1

SHA256
6af18d020af3b6e4dddf28b6a79e8770282ab2c17b32f22c88e7229410a97731

SHA512
d09bcd2983ec80f97b51341ff0bd9a4aa506cf1a1e08c8c1e250728e8d4126f1b59806bd10d79a3974228c91efc5870bb42628fba755a960a125449f8dda5f20

Download Submit
C:\Users\Admin\AppData\Local\Temp\NDFABEC.tmp
Filesize
3KB

MD5
6bc8d5d12aa69b08b74b877eea7e304c

SHA1
4b146cdb7546cc168702fb949563fdd90c325390

SHA256
78beb83f08c088d6624ac6941449c3ad990eeb7cd743a65bfb4a0dc488127c0f

SHA512
99ff4ae55db436d9ffa06497fbd233976f6ecc702b257a735db6610d783842424f3555a314b3429fb848170cfc6e8bc3109ea1d9a867c641fc48ea6eea90b5d9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\ESVOYMJQ.txt
Filesize
601B

MD5
5cbf0df89c5bf324d02e53cae39b925c

SHA1
d79df38f090f1c931355144aff3f40d15552a9e2

SHA256
2a05d518c86e662904a55786a6cbe43d7c39368f2cea5efecff743d1fc58d387

SHA512
5380e3c1ccc6a93486196c2a4cffc62cb0d9109bbff67efee107fb3047eb17981c227aa3251e5745dcf18e8b4264147270841c9ced5ce739fa2a739046b5a924

Download Submit
C:\Windows\TEMP\SDIAG_45dafa9d-cadd-4e56-8920-69e71bfe79b8\NetworkDiagnosticsTroubleshoot.ps1
Filesize
23KB

MD5
1d192ce36953dbb7dc7ee0d04c57ad8d

SHA1
7008e759cb47bf74a4ea4cd911de158ef00ace84

SHA256
935a231924ae5d4a017b0c99d4a5f3904ef280cea4b3f727d365283e26e8a756

SHA512
e864ac74e9425a6c7f1be2bbc87df9423408e16429cb61fa1de8875356226293aa07558b2fafdd5d0597254474204f5ba181f4e96c2bc754f1f414748f80a129

Download Submit
C:\Windows\TEMP\SDIAG_45dafa9d-cadd-4e56-8920-69e71bfe79b8\UtilityFunctions.ps1
Filesize
52KB

MD5
2f7c3db0c268cf1cf506fe6e8aecb8a0

SHA1
fb35af6b329d60b0ec92e24230eafc8e12b0a9f9

SHA256
886a625f71e0c35e5722423ed3aa0f5bff8d120356578ab81a64de2ab73d47f3

SHA512
322f2b1404a59ee86c492b58d56b8a6ed6ebc9b844a8c38b7bb0b0675234a3d5cfc9f1d08c38c218070e60ce949aa5322de7a2f87f952e8e653d0ca34ff0de45

Download Submit
C:\Windows\TEMP\SDIAG_45dafa9d-cadd-4e56-8920-69e71bfe79b8\UtilitySetConstants.ps1
Filesize
2KB

MD5
0c75ae5e75c3e181d13768909c8240ba

SHA1
288403fc4bedaacebccf4f74d3073f082ef70eb9

SHA256
de5c231c645d3ae1e13694284997721509f5de64ee5c96c966cdfda9e294db3f

SHA512
8fc944515f41a837c61a6c4e5181ca273607a89e48fbf86cf8eb8db837aed095aa04fc3043029c3b5cb3710d59abfd86f086ac198200f634bfb1a5dd0823406b

Download Submit
C:\Windows\TEMP\SDIAG_45dafa9d-cadd-4e56-8920-69e71bfe79b8\en-US\LocalizationData.psd1
Filesize
5KB

MD5
dc9be0fdf9a4e01693cfb7d8a0d49054

SHA1
74730fd9c9bd4537fd9a353fe4eafce9fcc105e6

SHA256
944186cd57d6adc23a9c28fc271ed92dd56efd6f3bb7c9826f7208ea1a1db440

SHA512
92ad96fa6b221882a481b36ff2b7114539eb65be46ee9e3139e45b72da80aac49174155483cba6254b10fff31f0119f07cbc529b1b69c45234c7bb61766aad66

Download Submit
memory/536-55-0x0000000000000000-mapping.dmp

Download
memory/536-58-0x000000006D811000-0x000000006D813000-memory.dmp

Filesize
8KB

Download
memory/752-54-0x0000000075841000-0x0000000075843000-memory.dmp

Filesize
8KB

Download
memory/1528-68-0x00000000689FD000-0x0000000068A08000-memory.dmp

Filesize
44KB

Download
memory/1528-67-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/1528-66-0x0000000067A11000-0x0000000067A13000-memory.dmp

Filesize
8KB

Download
memory/1528-65-0x0000000000000000-mapping.dmp

Download
memory/1828-70-0x000000006D190000-0x000000006D73B000-memory.dmp

Filesize
5.7MB

Download
memory/1828-60-0x000000006D190000-0x000000006D73B000-memory.dmp

Filesize
5.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads