4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6

General

Target

4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe
Size

327KB
MD5

5e722546e2e087938ee13117c36d5bad
SHA1

6ba7b440b54dbab2715009fd3a83ef04dbcaac3f
SHA256

4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6
SHA512

cf6eb1b1af503375ef0b5f6ce49c56c936d84c98ff44727bd4c7e2a0f26f98a417703d1960422da997345196b33e645a6c59d8ac66fbddb9771f43a955aa64f9
SSDEEP

6144:vdvMKYs9URxBI3+fypFQwx//gS4wvn24ZcDA4hHwdPbLP5JnT8DPgGp:mfjA+AQiXgBG2rDA4hQdPPbODp

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

Processes:

mscorsvw.exemscorsvw.exeOSE.EXE

pid process

1688 mscorsvw.exe
560 mscorsvw.exe
1940 OSE.EXE

pid	process
1688	mscorsvw.exe
560	mscorsvw.exe
1940	OSE.EXE

Drops file in System32 directory 27 IoCs

Processes:

4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exeOSE.EXE

description	ioc	process
File opened for modification	\??\c:\windows\SysWOW64\alg.exe	4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe
File opened for modification	\??\c:\windows\syswow64\perfhost.exe	4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe
File opened for modification	\??\c:\windows\SysWOW64\locator.exe	4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe
File opened for modification	\??\c:\windows\SysWOW64\ieetwcollector.exe	OSE.EXE
File opened for modification	\??\c:\windows\SysWOW64\msdtc.exe	OSE.EXE
File opened for modification	\??\c:\windows\SysWOW64\snmptrap.exe	4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe
File opened for modification	\??\c:\windows\SysWOW64\vssvc.exe	4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe
File opened for modification	\??\c:\windows\SysWOW64\lsass.exe	OSE.EXE
File opened for modification	\??\c:\windows\SysWOW64\wbengine.exe	4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe
File opened for modification	\??\c:\windows\SysWOW64\ui0detect.exe	4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe
File opened for modification	\??\c:\windows\SysWOW64\wbem\wmiApsrv.exe	4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe
File opened for modification	\??\c:\windows\SysWOW64\alg.exe	OSE.EXE
File opened for modification	\??\c:\windows\SysWOW64\svchost.exe	OSE.EXE
File created	\??\c:\windows\SysWOW64\msiexec.vir	4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe
File created	\??\c:\windows\SysWOW64\searchindexer.vir	4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe
File opened for modification	\??\c:\windows\SysWOW64\fxssvc.exe	OSE.EXE
File created	\??\c:\windows\SysWOW64\svchost.vir	4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe
File opened for modification	\??\c:\windows\SysWOW64\dllhost.exe	4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe
File opened for modification	\??\c:\windows\SysWOW64\fxssvc.exe	4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe
File opened for modification	\??\c:\windows\SysWOW64\msiexec.exe	4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe
File opened for modification	\??\c:\windows\SysWOW64\svchost.exe	4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe
File created	\??\c:\windows\SysWOW64\dllhost.vir	4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe
File opened for modification	\??\c:\windows\SysWOW64\lsass.exe	4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe
File opened for modification	\??\c:\windows\SysWOW64\searchindexer.exe	4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe
File opened for modification	\??\c:\windows\SysWOW64\ieetwcollector.exe	4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe
File opened for modification	\??\c:\windows\SysWOW64\msdtc.exe	4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe
File opened for modification	\??\c:\windows\SysWOW64\vds.exe	4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe

Drops file in Program Files directory 14 IoCs

Processes:

4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exeOSE.EXE

description	ioc	process
File opened for modification	\??\c:\program files\google\chrome\Application\89.0.4389.114\elevation_service.exe	4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe
File opened for modification	\??\c:\program files (x86)\microsoft office\office14\groove.exe	4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe
File created	\??\c:\program files (x86)\microsoft office\office14\groove.vir	4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe
File opened for modification	\??\c:\program files (x86)\common files\microsoft shared\source engine\ose.exe	4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe
File opened for modification	\??\c:\program files\windows media player\wmpnetwk.exe	4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe
File opened for modification	\??\c:\program files (x86)\google\update\googleupdate.exe	OSE.EXE
File opened for modification	C:\Program Files\Internet Explorer\iexplore.exe	4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe
File opened for modification	\??\c:\program files (x86)\google\update\googleupdate.exe	4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe
File opened for modification	\??\c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe	4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe
File created	\??\c:\program files (x86)\common files\microsoft shared\source engine\ose.vir	4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe
File opened for modification	\??\c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe	4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe
File opened for modification	\??\c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe	OSE.EXE
File opened for modification	\??\c:\program files\google\chrome\Application\89.0.4389.114\elevation_service.exe	OSE.EXE
File opened for modification	\??\c:\program files (x86)\microsoft office\office14\groove.exe	OSE.EXE

Drops file in Windows directory 26 IoCs

Processes:

4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exeOSE.EXEmscorsvw.exedllhost.exe

description	ioc	process
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe	4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe
File opened for modification	\??\c:\windows\servicing\trustedinstaller.exe	4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe	OSE.EXE
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe	OSE.EXE
File opened for modification	\??\c:\windows\ehome\ehrecvr.exe	OSE.EXE
File opened for modification	\??\c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe	OSE.EXE
File opened for modification	\??\c:\windows\microsoft.net\framework64\v3.0\windows communication foundation\infocard.exe	OSE.EXE
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe	4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe
File created	\??\c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.vir	4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen_service.log	mscorsvw.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngenservicelock.dat	mscorsvw.exe
File created	\??\c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.vir	4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe
File opened for modification	\??\c:\windows\ehome\ehsched.exe	OSE.EXE
File opened for modification	\??\c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe	4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe
File created	C:\Windows\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{AF74D9DA-96D6-4727-96B3-BAD81DB7ADD9}.crmlog	dllhost.exe
File opened for modification	\??\c:\windows\ehome\ehsched.exe	4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe	4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe	OSE.EXE
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen_service.lock	mscorsvw.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe	4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe
File opened for modification	C:\Windows\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{AF74D9DA-96D6-4727-96B3-BAD81DB7ADD9}.crmlog	dllhost.exe
File opened for modification	\??\c:\windows\ehome\ehrecvr.exe	4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe
File opened for modification	\??\c:\windows\microsoft.net\framework64\v3.0\windows communication foundation\infocard.exe	4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe
File opened for modification	\??\c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe	OSE.EXE
File opened for modification	\??\c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe	OSE.EXE
File opened for modification	\??\c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe	4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe

Modifies data under HKEY_USERS 3 IoCs

Processes:

SearchIndexer.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	SearchIndexer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones	SearchIndexer.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap	SearchIndexer.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

Processes:

4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exemsiexec.exeOSE.EXESearchIndexer.exe

description	pid	process
Token: SeTakeOwnershipPrivilege	788	4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe
Token: SeRestorePrivilege	892	msiexec.exe
Token: SeTakeOwnershipPrivilege	892	msiexec.exe
Token: SeSecurityPrivilege	892	msiexec.exe
Token: SeTakeOwnershipPrivilege	1940	OSE.EXE
Token: SeManageVolumePrivilege	2024	SearchIndexer.exe
Token: 33	2024	SearchIndexer.exe
Token: SeIncBasePriorityPrivilege	2024	SearchIndexer.exe

Suspicious use of SetWindowsHookAW 1 IoCs

Processes:

4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe

pid process

788 4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

SearchProtocolHost.exe

pid process

1032 SearchProtocolHost.exe
1032 SearchProtocolHost.exe

pid	process
788	4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe

pid	process
1032	SearchProtocolHost.exe
1032	SearchProtocolHost.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

SearchIndexer.exe

description	pid	process	target process
PID 2024 wrote to memory of 1032	2024	SearchIndexer.exe	SearchProtocolHost.exe
PID 2024 wrote to memory of 1032	2024	SearchIndexer.exe	SearchProtocolHost.exe
PID 2024 wrote to memory of 1032	2024	SearchIndexer.exe	SearchProtocolHost.exe
PID 2024 wrote to memory of 1604	2024	SearchIndexer.exe	SearchFilterHost.exe
PID 2024 wrote to memory of 1604	2024	SearchIndexer.exe	SearchFilterHost.exe
PID 2024 wrote to memory of 1604	2024	SearchIndexer.exe	SearchFilterHost.exe

C:\Users\Admin\AppData\Local\Temp\4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe
"C:\Users\Admin\AppData\Local\Temp\4c6079b4b235f97d19939db0d43d10ab1b68433e05a7dc36dc213a8f1902f6c6.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookAW
PID:788

C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
1⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:1688

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
1⤵
- Executes dropped EXE
PID:560

C:\Windows\system32\dllhost.exe
C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
1⤵
- Drops file in Windows directory
PID:840

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:892

C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:1940

C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2024

C:\Windows\system32\SearchProtocolHost.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-575491160-2295418218-1540667289-10001_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-575491160-2295418218-1540667289-10001 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"
2⤵
- Suspicious use of SetWindowsHookEx
PID:1032

C:\Windows\system32\SearchFilterHost.exe
"C:\Windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520
2⤵
PID:1604

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE
Filesize
332KB

MD5
d1d24780c916c8de6959556c639f0f11

SHA1
a5a3e9d2d010ce4a2f627ab99bc26cfcdd86badb

SHA256
25757548f64c22ec443104bb54bf3c47aa9c81eb2a9caf530ca2c5997296a288

SHA512
152284992eb1fa99a2c48b7b72609af91f417629a8ea472723f596ca3c9ed5a22530494ff765598e900a67664103020f33666a8920f25d2a40a4a55408b0a832

Download Submit
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
Filesize
251KB

MD5
a580f7b37a0dd7795ac248f5943893e7

SHA1
50f4a6152b1676b381575026b89b0265c661ac7b

SHA256
10950fc8d01ef1c33d09baa8b001c6108d532adc4816603689b777d5ef67d666

SHA512
d034ca4be0efe80a8b827accdba7bc06de20707fd9fdc3c47b4c6296a865d48b2bb716b62b3a02e259b1101a6eb8835d54be4e40d9f98eca1d7e2405b1b1d070

Download Submit
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
Filesize
251KB

MD5
a580f7b37a0dd7795ac248f5943893e7

SHA1
50f4a6152b1676b381575026b89b0265c661ac7b

SHA256
10950fc8d01ef1c33d09baa8b001c6108d532adc4816603689b777d5ef67d666

SHA512
d034ca4be0efe80a8b827accdba7bc06de20707fd9fdc3c47b4c6296a865d48b2bb716b62b3a02e259b1101a6eb8835d54be4e40d9f98eca1d7e2405b1b1d070

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
Filesize
282KB

MD5
1997f115cc6ceb9d9bd97e2530e8306c

SHA1
6d15639e9b314a20ebfca7407ccee8e81f8efd35

SHA256
b6490bb39d0523cdbc674f2349b6b0c74261ccc46c0e2638cf1dca3949059666

SHA512
bc33f41f7b5f4e7d68a9030590e79f53d7a307bd50a3e7957a8ef0fc0007c78728a8b99e208df8f790a83de7cea525653328ccb9a206c9b91470af2d808cfb63

Download Submit
\??\c:\program files (x86)\microsoft office\office14\groove.exe
Filesize
29.7MB

MD5
2045b908a37f2515f43df19ffbd6dd2c

SHA1
a8162cbadf8f01493a04547ccf3311f4ad1ef156

SHA256
b5c7b9d0d46890439e2142d1d0b9ce8fd18eb74ac7606c18c94ddfb90a6cc832

SHA512
e1c42027c615ab588adb7270240b0b2d38596f09232753f560781e5b1a7df20e1947844cea865dfd5685647e93f847937fc85c142b4e009585b1d5125b817997

Download Submit
\??\c:\windows\SysWOW64\svchost.exe
Filesize
212KB

MD5
d9c2c21827104fe09b76fc18776a18a8

SHA1
f72283552aecc5ba61a3bf009f443118bd45c416

SHA256
b0197a88d236f02f4a1456b862a0b1519111efc44796c7c927689a60fcf92485

SHA512
fa3ae29ce361021213263af480dcc427a5a2872af382ce474645e93ffa81e1e77913bd6186ec408143dfd83d9856dfcbe12a850d1cdf6555f8bf80195484f666

Download Submit
\??\c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
Filesize
282KB

MD5
1997f115cc6ceb9d9bd97e2530e8306c

SHA1
6d15639e9b314a20ebfca7407ccee8e81f8efd35

SHA256
b6490bb39d0523cdbc674f2349b6b0c74261ccc46c0e2638cf1dca3949059666

SHA512
bc33f41f7b5f4e7d68a9030590e79f53d7a307bd50a3e7957a8ef0fc0007c78728a8b99e208df8f790a83de7cea525653328ccb9a206c9b91470af2d808cfb63

Download Submit
memory/560-62-0x0000000000400000-0x0000000000569000-memory.dmp

Filesize
1.4MB

Download
memory/788-54-0x0000000074E01000-0x0000000074E03000-memory.dmp

Filesize
8KB

Download
memory/788-56-0x0000000001000000-0x0000000001174000-memory.dmp

Filesize
1.5MB

Download
memory/788-55-0x0000000001000000-0x0000000001174000-memory.dmp

Filesize
1.5MB

Download
memory/892-63-0x000007FEFB7D1000-0x000007FEFB7D3000-memory.dmp

Filesize
8KB

Download
memory/1032-108-0x0000000000000000-mapping.dmp

Download
memory/1604-109-0x0000000000000000-mapping.dmp

Download
memory/1688-60-0x0000000010000000-0x0000000010160000-memory.dmp

Filesize
1.4MB

Download
memory/1688-58-0x0000000010000000-0x0000000010160000-memory.dmp

Filesize
1.4MB

Download
memory/1940-65-0x000000002E000000-0x000000002E176000-memory.dmp

Filesize
1.5MB

Download
memory/1940-70-0x000000002E000000-0x000000002E176000-memory.dmp

Filesize
1.5MB

Download
memory/1940-66-0x000000002E000000-0x000000002E176000-memory.dmp

Filesize
1.5MB

Download
memory/2024-87-0x00000000029E0000-0x00000000029F0000-memory.dmp

Filesize
64KB

Download
memory/2024-103-0x0000000003E70000-0x0000000003E78000-memory.dmp

Filesize
32KB

Download
memory/2024-106-0x0000000003E70000-0x0000000003E78000-memory.dmp

Filesize
32KB

Download
memory/2024-107-0x0000000003ED0000-0x0000000003ED8000-memory.dmp

Filesize
32KB

Download
memory/2024-71-0x00000000028E0000-0x00000000028F0000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads