370a27a30ee57247faddeb1f99a83933247e07c8760a07ed82e451e1cb5e5cdd

General

Target

windirstat1_1_2_setup.exe
Size

630KB
MD5

3abf1c149873e25d4e266225fbf37cbf
SHA1

6fa92dd2ca691c11dfbfc0a239e34369897a7fab
SHA256

370a27a30ee57247faddeb1f99a83933247e07c8760a07ed82e451e1cb5e5cdd
SHA512

b6d9672a580a02299bc370deb1fd99b5ca10ab86456385870cdae522c185ae51f8d390a7c50fcb5c7898523f52c834bb73515ffc6d0b0bcde210640e815ece9e
SSDEEP

12288:yCjeMsiGVBKvjxTNlZaLlcMj+wXZvQpd9nP2+ZMU2tYspZcMwr/GNd35:yCjeTZa7BTsxewXZUTP2HU2yawjY5

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

Processes:

windirstat1_1_2_setup.exe

pid process

2700 windirstat1_1_2_setup.exe
2700 windirstat1_1_2_setup.exe

pid	process
2700	windirstat1_1_2_setup.exe
2700	windirstat1_1_2_setup.exe

Drops file in Windows directory 2 IoCs

Processes:

taskmgr.exe

description	ioc	process
File created	C:\Windows\rescache\_merged\4183903823\810424605.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\1601268389\3877292338.pri	taskmgr.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exetaskmgr.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings firefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

taskmgr.exe

pid	process
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

taskmgr.exe

pid process

4756 taskmgr.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

Processes:

firefox.exetaskmgr.exepowershell.exe

description	pid	process
Token: SeDebugPrivilege	3768	firefox.exe
Token: SeDebugPrivilege	3768	firefox.exe
Token: SeDebugPrivilege	3768	firefox.exe
Token: SeDebugPrivilege	3768	firefox.exe
Token: SeDebugPrivilege	4756	taskmgr.exe
Token: SeSystemProfilePrivilege	4756	taskmgr.exe
Token: SeCreateGlobalPrivilege	4756	taskmgr.exe
Token: SeDebugPrivilege	3768	firefox.exe
Token: SeDebugPrivilege	3768	firefox.exe
Token: SeDebugPrivilege	2180	powershell.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

firefox.exetaskmgr.exe

pid	process
3768	firefox.exe
3768	firefox.exe
3768	firefox.exe
3768	firefox.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

firefox.exetaskmgr.exe

pid	process
3768	firefox.exe
3768	firefox.exe
3768	firefox.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe
4756	taskmgr.exe

Suspicious use of SetWindowsHookEx 22 IoCs

Processes:

firefox.exe

pid	process
3768	firefox.exe
3768	firefox.exe
3768	firefox.exe
3768	firefox.exe
3768	firefox.exe
3768	firefox.exe
3768	firefox.exe
3768	firefox.exe
3768	firefox.exe
3768	firefox.exe
3768	firefox.exe
3768	firefox.exe
3768	firefox.exe
3768	firefox.exe
3768	firefox.exe
3768	firefox.exe
3768	firefox.exe
3768	firefox.exe
3768	firefox.exe
3768	firefox.exe
3768	firefox.exe
3768	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process	target process
PID 4776 wrote to memory of 3768	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 3768	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 3768	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 3768	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 3768	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 3768	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 3768	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 3768	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 3768	4776	firefox.exe	firefox.exe
PID 3768 wrote to memory of 1932	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 1932	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 3980	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 3980	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 3980	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 3980	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 3980	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 3980	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 3980	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 3980	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 3980	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 3980	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 3980	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 3980	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 3980	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 3980	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 3980	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 3980	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 3980	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 3980	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 3980	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 3980	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 3980	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 3980	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 3980	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 3980	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 3980	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 3980	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 3980	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 3980	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 3980	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 3980	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 3980	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 3980	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 3980	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 3980	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 3980	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 3980	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 3980	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 3980	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 3980	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 3980	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 3980	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 3980	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 3980	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 4216	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 4216	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 4216	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 4216	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 4216	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 4216	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 4216	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 4216	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 4216	3768	firefox.exe	firefox.exe
PID 3768 wrote to memory of 4216	3768	firefox.exe	firefox.exe

C:\Users\Admin\AppData\Local\Temp\windirstat1_1_2_setup.exe
"C:\Users\Admin\AppData\Local\Temp\windirstat1_1_2_setup.exe"
1⤵
- Loads dropped DLL
PID:2700

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4776

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3768

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3768.0.601600079\290149221" -parentBuildID 20200403170909 -prefsHandle 1544 -prefMapHandle 1536 -prefsLen 1 -prefMapSize 220115 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3768 "\\.\pipe\gecko-crash-server-pipe.3768" 1628 gpu
3⤵
PID:1932

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3768.3.446248047\823034547" -childID 1 -isForBrowser -prefsHandle 2244 -prefMapHandle 2240 -prefsLen 156 -prefMapSize 220115 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3768 "\\.\pipe\gecko-crash-server-pipe.3768" 2256 tab
3⤵
PID:3980

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3768.13.1506376771\134883557" -childID 2 -isForBrowser -prefsHandle 3352 -prefMapHandle 3348 -prefsLen 6938 -prefMapSize 220115 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3768 "\\.\pipe\gecko-crash-server-pipe.3768" 3376 tab
3⤵
PID:4216

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4756

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:1940

C:\Windows\system32\wininit.exe
wininit
2⤵
PID:2476

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2180

C:\Windows\system32\wininit.exe
"C:\Windows\system32\wininit.exe"
2⤵
PID:3032

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

3

T1082

Query Registry

2

T1012

Peripheral Device Discovery

1

T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\nsg8C0A.tmp\System.dll
Filesize
10KB

MD5
4125926391466fdbe8a4730f2374b033

SHA1
fdd23034ada72d2537939ac6755d7f7c0e9b3f0e

SHA256
6692bd93bcd04146831652780c1170da79aa3784c3c070d95fb1580e339de6c5

SHA512
32a1cf96842454b3c3641316ee39051ae024bdce9e88ac236eadad531f2c0a08d46b77d525f7d994c9a5af4cc9a391d30ee92b9ec782b7fb9a42c76f0f52a008

Download Submit
\Users\Admin\AppData\Local\Temp\nsg8C0A.tmp\System.dll
Filesize
10KB

MD5
4125926391466fdbe8a4730f2374b033

SHA1
fdd23034ada72d2537939ac6755d7f7c0e9b3f0e

SHA256
6692bd93bcd04146831652780c1170da79aa3784c3c070d95fb1580e339de6c5

SHA512
32a1cf96842454b3c3641316ee39051ae024bdce9e88ac236eadad531f2c0a08d46b77d525f7d994c9a5af4cc9a391d30ee92b9ec782b7fb9a42c76f0f52a008

Download Submit
memory/2180-207-0x000002852C700000-0x000002852C776000-memory.dmp

Filesize
472KB

Download
memory/2180-196-0x000002852C1B0000-0x000002852C1EC000-memory.dmp

Filesize
240KB

Download
memory/2180-177-0x000002852C040000-0x000002852C062000-memory.dmp

Filesize
136KB

Download
memory/2700-144-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-170-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-147-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-124-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-125-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-126-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-127-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-128-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-129-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-130-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-131-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-132-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-133-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-134-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-135-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-136-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-137-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-138-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-139-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-140-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-141-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-142-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-143-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-116-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-145-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-146-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-123-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-122-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-165-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-150-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-151-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-152-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-153-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-154-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-157-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-156-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-159-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-160-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-121-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-161-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-120-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-162-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-163-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-164-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-149-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-166-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-167-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-168-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-169-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-148-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-171-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-119-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-118-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download
memory/2700-117-0x0000000077A60000-0x0000000077BEE000-memory.dmp

Filesize
1.6MB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads