16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93

General

Target

16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe
Size

76KB
MD5

540a027298b39dadbc3ad08c8ac2e316
SHA1

5c3b19943210209fabbc7b5a43b30686c154b159
SHA256

16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93
SHA512

cf887fa8f9e6b0aa0f2e8a366747262c98557247373649a60a4eace7bf66db2d46b360e51a9d287aa560cf0b56337d606b571339949ec7a63488dceca69388d3
SSDEEP

1536:bpvF99rQswQ25+9Pn9tbfoBQy6XKEYo8+uHOdRdSBuGJOgm:9vN8VQ/nn06hvSHmdFGJW

Score

8^/10

persistence upx

Malware Config

Signatures

Drops file in Drivers directory 2 IoCs

Processes:

16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\drivers\TXP1atform.exe	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe
File created	C:\Windows\SysWOW64\drivers\TXP1atform.exe	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe

Executes dropped EXE 1 IoCs

Processes:

TXP1atform.exe

pid process

3752 TXP1atform.exe

pid	process
3752	TXP1atform.exe

Sets file execution options in registry 2 TTPs 45 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe

description	ioc	process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSOHTMED.EXE	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ORGCHART.EXE	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\PRESENTATIONHOST.EXE	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RDRSERVICESUPDATER.EXE	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RUNTIMEBROKER.EXE	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SELFCERT.EXE	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSFEEDSSYNC.EXE	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSOADFSB.EXE	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SVCHOST.EXE	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\PRINTISOLATIONHOST.EXE	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SYSTEMSETTINGS.EXE	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\EXCELCNV.EXE	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\IELOWUTIL.EXE	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\IEXPLORE.EXE	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\PRINTDIALOG.EXE	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\WORDCONV.EXE	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\EXTEXPORT.EXE	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GRAPH.EXE	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\NGEN.EXE	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\RDRCEF.EXE	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\IEINSTAL.EXE	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSOXMLED.EXE	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\IEUNATT.EXE	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MRT.EXE	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSHTA.EXE	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SDXHELPER.EXE	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SETLANG.EXE	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SPLWOW64.EXE	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ACRORD32INFO.EXE	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CLVIEW.EXE	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\WINWORD.EXE	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSOSREC.EXE	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\NGENTASK.EXE	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\POWERPNT.EXE	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SPOOLSV.EXE	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\ACRORD32.EXE	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSCORSVW.EXE	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MICROSOFTEDGEUPDATE.EXE	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSQRY32.EXE	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\IE4UINIT.EXE	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSOASB.EXE	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MSOSYNC.EXE	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\EXCEL.EXE	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GOOGLEUPDATE.EXE	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/5064-132-0x0000000000400000-0x000000000044A000-memory.dmp	upx
C:\Windows\SysWOW64\drivers\TXP1atform.exe	upx
C:\Windows\SysWOW64\drivers\TXP1atform.exe	upx
behavioral2/memory/3752-136-0x0000000000400000-0x000000000044A000-memory.dmp	upx
behavioral2/memory/5064-137-0x0000000000400000-0x000000000044A000-memory.dmp	upx

Suspicious behavior: EnumeratesProcesses 36 IoCs

Processes:

16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exeTXP1atform.exe

pid	process
5064	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe
5064	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe
5064	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe
5064	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe
5064	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe
5064	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe
5064	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe
5064	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe
5064	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe
5064	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe
5064	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe
5064	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe
5064	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe
5064	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe
5064	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe
5064	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe
5064	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe
5064	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe
3752	TXP1atform.exe
3752	TXP1atform.exe
3752	TXP1atform.exe
3752	TXP1atform.exe
3752	TXP1atform.exe
3752	TXP1atform.exe
3752	TXP1atform.exe
3752	TXP1atform.exe
3752	TXP1atform.exe
3752	TXP1atform.exe
3752	TXP1atform.exe
3752	TXP1atform.exe
3752	TXP1atform.exe
3752	TXP1atform.exe
3752	TXP1atform.exe
3752	TXP1atform.exe
3752	TXP1atform.exe
3752	TXP1atform.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe

description	pid	process	target process
PID 5064 wrote to memory of 3752	5064	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe	TXP1atform.exe
PID 5064 wrote to memory of 3752	5064	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe	TXP1atform.exe
PID 5064 wrote to memory of 3752	5064	16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe	TXP1atform.exe

C:\Users\Admin\AppData\Local\Temp\16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe
"C:\Users\Admin\AppData\Local\Temp\16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93.exe"
1⤵
- Drops file in Drivers directory
- Sets file execution options in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:5064

C:\Windows\SysWOW64\drivers\TXP1atform.exe
C:\Windows\system32\drivers\TXP1atform.exe
2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:3752

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\drivers\TXP1atform.exe

Filesize
76KB

MD5
540a027298b39dadbc3ad08c8ac2e316

SHA1
5c3b19943210209fabbc7b5a43b30686c154b159

SHA256
16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93

SHA512
cf887fa8f9e6b0aa0f2e8a366747262c98557247373649a60a4eace7bf66db2d46b360e51a9d287aa560cf0b56337d606b571339949ec7a63488dceca69388d3

Download Submit
C:\Windows\SysWOW64\drivers\TXP1atform.exe

Filesize
76KB

MD5
540a027298b39dadbc3ad08c8ac2e316

SHA1
5c3b19943210209fabbc7b5a43b30686c154b159

SHA256
16a64331e1f07f8cbbb6fbe973b978d4d79be2d8b3f11f8eeeb8c8a3e4f52e93

SHA512
cf887fa8f9e6b0aa0f2e8a366747262c98557247373649a60a4eace7bf66db2d46b360e51a9d287aa560cf0b56337d606b571339949ec7a63488dceca69388d3

Download Submit
memory/3752-133-0x0000000000000000-mapping.dmp

Download
memory/3752-136-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/5064-132-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/5064-137-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads