837cd68e59a256d1ccc462ea72ad632b310e9c89bbd7a1b7a127f50a68200c81

General

Target

837cd68e59a256d1ccc462ea72ad632b310e9c89bbd7a1b7a127f50a68200c81.exe
Size

251KB
MD5

43cf64094b7e0e7a7a0496bf6cdf6b67
SHA1

a5ec32a0750538f9b0fbed5f80f799244833f25f
SHA256

837cd68e59a256d1ccc462ea72ad632b310e9c89bbd7a1b7a127f50a68200c81
SHA512

8314869e899d05f36352be2bf0ba585cc0226426fd4b16700baff380154fdf385bcf1a06f3d3235ab64c80d291fa44f00b611edb624ad31b70cf40980b5a40f1
SSDEEP

6144:qtBYZYw7uV3WUV7ArlAh0vlAResGlnGFo:qtBA7uVfy00GMuo

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 2 IoCs

Processes:

pewou.exepewou.exe

pid process

1096 pewou.exe
956 pewou.exe
Deletes itself 1 IoCs

Processes:

cmd.exe

pid process

1524 cmd.exe

pid	process
1096	pewou.exe
956	pewou.exe

pid	process
1524	cmd.exe

Loads dropped DLL 2 IoCs

Processes:

837cd68e59a256d1ccc462ea72ad632b310e9c89bbd7a1b7a127f50a68200c81.exe

pid	process
1032	837cd68e59a256d1ccc462ea72ad632b310e9c89bbd7a1b7a127f50a68200c81.exe
1032	837cd68e59a256d1ccc462ea72ad632b310e9c89bbd7a1b7a127f50a68200c81.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

pewou.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Windows\Currentversion\Run	pewou.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Windows\CurrentVersion\Run\{6FB5EB02-BA00-EA16-973A-5E67D3C48179} = "C:\\Users\\Admin\\AppData\\Roaming\\Gaif\\pewou.exe"	pewou.exe

Suspicious use of SetThreadContext 2 IoCs

Processes:

837cd68e59a256d1ccc462ea72ad632b310e9c89bbd7a1b7a127f50a68200c81.exepewou.exe

description	pid	process	target process
PID 1392 set thread context of 1032	1392	837cd68e59a256d1ccc462ea72ad632b310e9c89bbd7a1b7a127f50a68200c81.exe	837cd68e59a256d1ccc462ea72ad632b310e9c89bbd7a1b7a127f50a68200c81.exe
PID 1096 set thread context of 956	1096	pewou.exe	pewou.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

Processes:

837cd68e59a256d1ccc462ea72ad632b310e9c89bbd7a1b7a127f50a68200c81.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Privacy	837cd68e59a256d1ccc462ea72ad632b310e9c89bbd7a1b7a127f50a68200c81.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Privacy\CleanCookies = "0"	837cd68e59a256d1ccc462ea72ad632b310e9c89bbd7a1b7a127f50a68200c81.exe

Suspicious behavior: EnumeratesProcesses 23 IoCs

Processes:

pewou.exe

pid	process
956	pewou.exe
956	pewou.exe
956	pewou.exe
956	pewou.exe
956	pewou.exe
956	pewou.exe
956	pewou.exe
956	pewou.exe
956	pewou.exe
956	pewou.exe
956	pewou.exe
956	pewou.exe
956	pewou.exe
956	pewou.exe
956	pewou.exe
956	pewou.exe
956	pewou.exe
956	pewou.exe
956	pewou.exe
956	pewou.exe
956	pewou.exe
956	pewou.exe
956	pewou.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

837cd68e59a256d1ccc462ea72ad632b310e9c89bbd7a1b7a127f50a68200c81.exe

description	pid	process
Token: SeSecurityPrivilege	1032	837cd68e59a256d1ccc462ea72ad632b310e9c89bbd7a1b7a127f50a68200c81.exe
Token: SeSecurityPrivilege	1032	837cd68e59a256d1ccc462ea72ad632b310e9c89bbd7a1b7a127f50a68200c81.exe
Token: SeSecurityPrivilege	1032	837cd68e59a256d1ccc462ea72ad632b310e9c89bbd7a1b7a127f50a68200c81.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

837cd68e59a256d1ccc462ea72ad632b310e9c89bbd7a1b7a127f50a68200c81.exepewou.exe

pid process

1392 837cd68e59a256d1ccc462ea72ad632b310e9c89bbd7a1b7a127f50a68200c81.exe
1096 pewou.exe

pid	process
1392	837cd68e59a256d1ccc462ea72ad632b310e9c89bbd7a1b7a127f50a68200c81.exe
1096	pewou.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

837cd68e59a256d1ccc462ea72ad632b310e9c89bbd7a1b7a127f50a68200c81.exe837cd68e59a256d1ccc462ea72ad632b310e9c89bbd7a1b7a127f50a68200c81.exepewou.exepewou.exe

description	pid	process	target process
PID 1392 wrote to memory of 1032	1392	837cd68e59a256d1ccc462ea72ad632b310e9c89bbd7a1b7a127f50a68200c81.exe	837cd68e59a256d1ccc462ea72ad632b310e9c89bbd7a1b7a127f50a68200c81.exe
PID 1392 wrote to memory of 1032	1392	837cd68e59a256d1ccc462ea72ad632b310e9c89bbd7a1b7a127f50a68200c81.exe	837cd68e59a256d1ccc462ea72ad632b310e9c89bbd7a1b7a127f50a68200c81.exe
PID 1392 wrote to memory of 1032	1392	837cd68e59a256d1ccc462ea72ad632b310e9c89bbd7a1b7a127f50a68200c81.exe	837cd68e59a256d1ccc462ea72ad632b310e9c89bbd7a1b7a127f50a68200c81.exe
PID 1392 wrote to memory of 1032	1392	837cd68e59a256d1ccc462ea72ad632b310e9c89bbd7a1b7a127f50a68200c81.exe	837cd68e59a256d1ccc462ea72ad632b310e9c89bbd7a1b7a127f50a68200c81.exe
PID 1392 wrote to memory of 1032	1392	837cd68e59a256d1ccc462ea72ad632b310e9c89bbd7a1b7a127f50a68200c81.exe	837cd68e59a256d1ccc462ea72ad632b310e9c89bbd7a1b7a127f50a68200c81.exe
PID 1392 wrote to memory of 1032	1392	837cd68e59a256d1ccc462ea72ad632b310e9c89bbd7a1b7a127f50a68200c81.exe	837cd68e59a256d1ccc462ea72ad632b310e9c89bbd7a1b7a127f50a68200c81.exe
PID 1392 wrote to memory of 1032	1392	837cd68e59a256d1ccc462ea72ad632b310e9c89bbd7a1b7a127f50a68200c81.exe	837cd68e59a256d1ccc462ea72ad632b310e9c89bbd7a1b7a127f50a68200c81.exe
PID 1392 wrote to memory of 1032	1392	837cd68e59a256d1ccc462ea72ad632b310e9c89bbd7a1b7a127f50a68200c81.exe	837cd68e59a256d1ccc462ea72ad632b310e9c89bbd7a1b7a127f50a68200c81.exe
PID 1392 wrote to memory of 1032	1392	837cd68e59a256d1ccc462ea72ad632b310e9c89bbd7a1b7a127f50a68200c81.exe	837cd68e59a256d1ccc462ea72ad632b310e9c89bbd7a1b7a127f50a68200c81.exe
PID 1032 wrote to memory of 1096	1032	837cd68e59a256d1ccc462ea72ad632b310e9c89bbd7a1b7a127f50a68200c81.exe	pewou.exe
PID 1032 wrote to memory of 1096	1032	837cd68e59a256d1ccc462ea72ad632b310e9c89bbd7a1b7a127f50a68200c81.exe	pewou.exe
PID 1032 wrote to memory of 1096	1032	837cd68e59a256d1ccc462ea72ad632b310e9c89bbd7a1b7a127f50a68200c81.exe	pewou.exe
PID 1032 wrote to memory of 1096	1032	837cd68e59a256d1ccc462ea72ad632b310e9c89bbd7a1b7a127f50a68200c81.exe	pewou.exe
PID 1096 wrote to memory of 956	1096	pewou.exe	pewou.exe
PID 1096 wrote to memory of 956	1096	pewou.exe	pewou.exe
PID 1096 wrote to memory of 956	1096	pewou.exe	pewou.exe
PID 1096 wrote to memory of 956	1096	pewou.exe	pewou.exe
PID 1096 wrote to memory of 956	1096	pewou.exe	pewou.exe
PID 1096 wrote to memory of 956	1096	pewou.exe	pewou.exe
PID 1096 wrote to memory of 956	1096	pewou.exe	pewou.exe
PID 1096 wrote to memory of 956	1096	pewou.exe	pewou.exe
PID 1096 wrote to memory of 956	1096	pewou.exe	pewou.exe
PID 956 wrote to memory of 1112	956	pewou.exe	taskhost.exe
PID 956 wrote to memory of 1112	956	pewou.exe	taskhost.exe
PID 956 wrote to memory of 1112	956	pewou.exe	taskhost.exe
PID 956 wrote to memory of 1112	956	pewou.exe	taskhost.exe
PID 956 wrote to memory of 1112	956	pewou.exe	taskhost.exe
PID 956 wrote to memory of 1172	956	pewou.exe	Dwm.exe
PID 956 wrote to memory of 1172	956	pewou.exe	Dwm.exe
PID 956 wrote to memory of 1172	956	pewou.exe	Dwm.exe
PID 956 wrote to memory of 1172	956	pewou.exe	Dwm.exe
PID 956 wrote to memory of 1172	956	pewou.exe	Dwm.exe
PID 956 wrote to memory of 1212	956	pewou.exe	Explorer.EXE
PID 956 wrote to memory of 1212	956	pewou.exe	Explorer.EXE
PID 956 wrote to memory of 1212	956	pewou.exe	Explorer.EXE
PID 956 wrote to memory of 1212	956	pewou.exe	Explorer.EXE
PID 956 wrote to memory of 1212	956	pewou.exe	Explorer.EXE
PID 956 wrote to memory of 1032	956	pewou.exe	837cd68e59a256d1ccc462ea72ad632b310e9c89bbd7a1b7a127f50a68200c81.exe
PID 956 wrote to memory of 1032	956	pewou.exe	837cd68e59a256d1ccc462ea72ad632b310e9c89bbd7a1b7a127f50a68200c81.exe
PID 956 wrote to memory of 1032	956	pewou.exe	837cd68e59a256d1ccc462ea72ad632b310e9c89bbd7a1b7a127f50a68200c81.exe
PID 956 wrote to memory of 1032	956	pewou.exe	837cd68e59a256d1ccc462ea72ad632b310e9c89bbd7a1b7a127f50a68200c81.exe
PID 956 wrote to memory of 1032	956	pewou.exe	837cd68e59a256d1ccc462ea72ad632b310e9c89bbd7a1b7a127f50a68200c81.exe
PID 1032 wrote to memory of 1524	1032	837cd68e59a256d1ccc462ea72ad632b310e9c89bbd7a1b7a127f50a68200c81.exe	cmd.exe
PID 1032 wrote to memory of 1524	1032	837cd68e59a256d1ccc462ea72ad632b310e9c89bbd7a1b7a127f50a68200c81.exe	cmd.exe
PID 1032 wrote to memory of 1524	1032	837cd68e59a256d1ccc462ea72ad632b310e9c89bbd7a1b7a127f50a68200c81.exe	cmd.exe
PID 1032 wrote to memory of 1524	1032	837cd68e59a256d1ccc462ea72ad632b310e9c89bbd7a1b7a127f50a68200c81.exe	cmd.exe
PID 956 wrote to memory of 1524	956	pewou.exe	cmd.exe
PID 956 wrote to memory of 1524	956	pewou.exe	cmd.exe
PID 956 wrote to memory of 1524	956	pewou.exe	cmd.exe
PID 956 wrote to memory of 1524	956	pewou.exe	cmd.exe
PID 956 wrote to memory of 1524	956	pewou.exe	cmd.exe
PID 956 wrote to memory of 836	956	pewou.exe	DllHost.exe
PID 956 wrote to memory of 836	956	pewou.exe	DllHost.exe
PID 956 wrote to memory of 836	956	pewou.exe	DllHost.exe
PID 956 wrote to memory of 836	956	pewou.exe	DllHost.exe
PID 956 wrote to memory of 836	956	pewou.exe	DllHost.exe
PID 956 wrote to memory of 1772	956	pewou.exe	DllHost.exe
PID 956 wrote to memory of 1772	956	pewou.exe	DllHost.exe
PID 956 wrote to memory of 1772	956	pewou.exe	DllHost.exe
PID 956 wrote to memory of 1772	956	pewou.exe	DllHost.exe
PID 956 wrote to memory of 1772	956	pewou.exe	DllHost.exe
PID 956 wrote to memory of 988	956	pewou.exe	DllHost.exe
PID 956 wrote to memory of 988	956	pewou.exe	DllHost.exe
PID 956 wrote to memory of 988	956	pewou.exe	DllHost.exe

C:\Windows\system32\Dwm.exe
"C:\Windows\system32\Dwm.exe"
1⤵
PID:1172

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1212

C:\Users\Admin\AppData\Local\Temp\837cd68e59a256d1ccc462ea72ad632b310e9c89bbd7a1b7a127f50a68200c81.exe
"C:\Users\Admin\AppData\Local\Temp\837cd68e59a256d1ccc462ea72ad632b310e9c89bbd7a1b7a127f50a68200c81.exe"
2⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1392

C:\Users\Admin\AppData\Local\Temp\837cd68e59a256d1ccc462ea72ad632b310e9c89bbd7a1b7a127f50a68200c81.exe
"C:\Users\Admin\AppData\Local\Temp\837cd68e59a256d1ccc462ea72ad632b310e9c89bbd7a1b7a127f50a68200c81.exe"
3⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1032

C:\Users\Admin\AppData\Roaming\Gaif\pewou.exe
"C:\Users\Admin\AppData\Roaming\Gaif\pewou.exe"
4⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1096

C:\Users\Admin\AppData\Roaming\Gaif\pewou.exe
"C:\Users\Admin\AppData\Roaming\Gaif\pewou.exe"
5⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:956

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\tmp7e9d5082.bat"
4⤵
- Deletes itself
PID:1524

C:\Windows\system32\taskhost.exe
"taskhost.exe"
1⤵
PID:1112

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:836

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
1⤵
PID:1772

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:988

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:1748

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\tmp7e9d5082.bat
Filesize
307B

MD5
02a19161844ff6588e3e3281f58809aa

SHA1
a2b0ea57c45dcbf9ade9534cb1c9cb34b2b73faf

SHA256
e7e83851678e81596b5fb7d14f797d51660fd11085d63128e1b8f10fe6479171

SHA512
211e3354768115d2accbca7c1d56d7fa6bfb5467eb128a85e1a2b3963988c0c8bf82f3f66219f8277506a5e2c5517445411db0e7de078d519c660d0b9b8fc729

Download Submit
C:\Users\Admin\AppData\Roaming\Gaif\pewou.exe
Filesize
251KB

MD5
3be9eb8df4d3875c35618bb10a880049

SHA1
5063dab8e0825441f59ffa17f5630e2c6c30d5e2

SHA256
0b8a04b38c7880ea7d68f98b4759ed896fba0d3c510f6353af7b85491b37cfe6

SHA512
715ea8db44de9e07178d0114120619499517f6839827d688020b6ac392aeedee121ab8365d9e0ab992c89da2a77e6d35e89e1ab9805136e6cfee72d86fc9303b

Download Submit
C:\Users\Admin\AppData\Roaming\Gaif\pewou.exe
Filesize
251KB

MD5
3be9eb8df4d3875c35618bb10a880049

SHA1
5063dab8e0825441f59ffa17f5630e2c6c30d5e2

SHA256
0b8a04b38c7880ea7d68f98b4759ed896fba0d3c510f6353af7b85491b37cfe6

SHA512
715ea8db44de9e07178d0114120619499517f6839827d688020b6ac392aeedee121ab8365d9e0ab992c89da2a77e6d35e89e1ab9805136e6cfee72d86fc9303b

Download Submit
C:\Users\Admin\AppData\Roaming\Gaif\pewou.exe
Filesize
251KB

MD5
3be9eb8df4d3875c35618bb10a880049

SHA1
5063dab8e0825441f59ffa17f5630e2c6c30d5e2

SHA256
0b8a04b38c7880ea7d68f98b4759ed896fba0d3c510f6353af7b85491b37cfe6

SHA512
715ea8db44de9e07178d0114120619499517f6839827d688020b6ac392aeedee121ab8365d9e0ab992c89da2a77e6d35e89e1ab9805136e6cfee72d86fc9303b

Download Submit
C:\Users\Admin\AppData\Roaming\Utsy\nayp.ziy
Filesize
398B

MD5
a7b7c6520f2aaff0b0c771309fd62eb8

SHA1
bb1f666dc48316016e2849b6265069dc34f35e58

SHA256
a8d0ff159cf7d7155444f301fd350168ef58ae5dd627c46cf0ba9f9746b33645

SHA512
dde6c0fd7ff5c89b41422a09c71817176527615187c310eb26eb0da82ff27d4dc36dd271d907e714c80af3f856d7ff017597299be80c4ca2c596ea1559cb44d6

Download Submit
\Users\Admin\AppData\Roaming\Gaif\pewou.exe
Filesize
251KB

MD5
3be9eb8df4d3875c35618bb10a880049

SHA1
5063dab8e0825441f59ffa17f5630e2c6c30d5e2

SHA256
0b8a04b38c7880ea7d68f98b4759ed896fba0d3c510f6353af7b85491b37cfe6

SHA512
715ea8db44de9e07178d0114120619499517f6839827d688020b6ac392aeedee121ab8365d9e0ab992c89da2a77e6d35e89e1ab9805136e6cfee72d86fc9303b

Download Submit
\Users\Admin\AppData\Roaming\Gaif\pewou.exe
Filesize
251KB

MD5
3be9eb8df4d3875c35618bb10a880049

SHA1
5063dab8e0825441f59ffa17f5630e2c6c30d5e2

SHA256
0b8a04b38c7880ea7d68f98b4759ed896fba0d3c510f6353af7b85491b37cfe6

SHA512
715ea8db44de9e07178d0114120619499517f6839827d688020b6ac392aeedee121ab8365d9e0ab992c89da2a77e6d35e89e1ab9805136e6cfee72d86fc9303b

Download Submit
memory/836-114-0x0000000000330000-0x0000000000357000-memory.dmp

Filesize
156KB

Download
memory/836-115-0x0000000000330000-0x0000000000357000-memory.dmp

Filesize
156KB

Download
memory/836-113-0x0000000000330000-0x0000000000357000-memory.dmp

Filesize
156KB

Download
memory/836-112-0x0000000000330000-0x0000000000357000-memory.dmp

Filesize
156KB

Download
memory/956-70-0x0000000000413048-mapping.dmp

Download
memory/956-109-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/988-126-0x0000000000130000-0x0000000000157000-memory.dmp

Filesize
156KB

Download
memory/988-127-0x0000000000130000-0x0000000000157000-memory.dmp

Filesize
156KB

Download
memory/988-125-0x0000000000130000-0x0000000000157000-memory.dmp

Filesize
156KB

Download
memory/988-124-0x0000000000130000-0x0000000000157000-memory.dmp

Filesize
156KB

Download
memory/1032-97-0x0000000000280000-0x00000000002A7000-memory.dmp

Filesize
156KB

Download
memory/1032-99-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1032-59-0x0000000075601000-0x0000000075603000-memory.dmp

Filesize
8KB

Download
memory/1032-61-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1032-102-0x0000000000280000-0x00000000002A7000-memory.dmp

Filesize
156KB

Download
memory/1032-60-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1032-56-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1032-94-0x0000000000280000-0x00000000002A7000-memory.dmp

Filesize
156KB

Download
memory/1032-96-0x0000000000280000-0x00000000002A7000-memory.dmp

Filesize
156KB

Download
memory/1032-57-0x0000000000413048-mapping.dmp

Download
memory/1032-95-0x0000000000280000-0x00000000002A7000-memory.dmp

Filesize
156KB

Download
memory/1096-64-0x0000000000000000-mapping.dmp

Download
memory/1112-79-0x00000000001A0000-0x00000000001C7000-memory.dmp

Filesize
156KB

Download
memory/1112-78-0x00000000001A0000-0x00000000001C7000-memory.dmp

Filesize
156KB

Download
memory/1112-77-0x00000000001A0000-0x00000000001C7000-memory.dmp

Filesize
156KB

Download
memory/1112-76-0x00000000001A0000-0x00000000001C7000-memory.dmp

Filesize
156KB

Download
memory/1112-74-0x00000000001A0000-0x00000000001C7000-memory.dmp

Filesize
156KB

Download
memory/1172-85-0x0000000000220000-0x0000000000247000-memory.dmp

Filesize
156KB

Download
memory/1172-84-0x0000000000220000-0x0000000000247000-memory.dmp

Filesize
156KB

Download
memory/1172-82-0x0000000000220000-0x0000000000247000-memory.dmp

Filesize
156KB

Download
memory/1172-83-0x0000000000220000-0x0000000000247000-memory.dmp

Filesize
156KB

Download
memory/1212-88-0x00000000029C0000-0x00000000029E7000-memory.dmp

Filesize
156KB

Download
memory/1212-89-0x00000000029C0000-0x00000000029E7000-memory.dmp

Filesize
156KB

Download
memory/1212-90-0x00000000029C0000-0x00000000029E7000-memory.dmp

Filesize
156KB

Download
memory/1212-91-0x00000000029C0000-0x00000000029E7000-memory.dmp

Filesize
156KB

Download
memory/1524-106-0x0000000000130000-0x0000000000157000-memory.dmp

Filesize
156KB

Download
memory/1524-107-0x0000000000130000-0x0000000000157000-memory.dmp

Filesize
156KB

Download
memory/1524-105-0x0000000000130000-0x0000000000157000-memory.dmp

Filesize
156KB

Download
memory/1524-103-0x0000000000130000-0x0000000000157000-memory.dmp

Filesize
156KB

Download
memory/1524-98-0x0000000000000000-mapping.dmp

Download
memory/1748-130-0x0000000001E80000-0x0000000001EA7000-memory.dmp

Filesize
156KB

Download
memory/1748-131-0x0000000001E80000-0x0000000001EA7000-memory.dmp

Filesize
156KB

Download
memory/1748-132-0x0000000001E80000-0x0000000001EA7000-memory.dmp

Filesize
156KB

Download
memory/1748-133-0x0000000001E80000-0x0000000001EA7000-memory.dmp

Filesize
156KB

Download
memory/1772-118-0x0000000003A60000-0x0000000003A87000-memory.dmp

Filesize
156KB

Download
memory/1772-119-0x0000000003A60000-0x0000000003A87000-memory.dmp

Filesize
156KB

Download
memory/1772-120-0x0000000003A60000-0x0000000003A87000-memory.dmp

Filesize
156KB

Download
memory/1772-121-0x0000000003A60000-0x0000000003A87000-memory.dmp

Filesize
156KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads