946e011cc9cd2bd27bfda5a8c8fa185ecd59c7e6bee091f5fc59194a67ef973e

General

Target

946e011cc9cd2bd27bfda5a8c8fa185ecd59c7e6bee091f5fc59194a67ef973e.exe
Size

256KB
MD5

196f505466314101773bc9f50ad3b2b5
SHA1

97986e2db4d11f4b97c1727c8d3683f6b2dd80ae
SHA256

946e011cc9cd2bd27bfda5a8c8fa185ecd59c7e6bee091f5fc59194a67ef973e
SHA512

9b8dafb2d6d81b88723a6c96ee3abb9cb509dff3aa17490e73b543215cfee92645635e3bd6b53a8eec522b4d9b3539e25e946f90f961b76e4505fd90059465cc
SSDEEP

3072:BDR1MBlhoJNJ1nrunt3CKYQ/Szu32znYIr56+6SpMgvzr9LFE:BQB8JP1nbBzupIrx6KMgfE

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 2 IoCs

Processes:

yhxy.exeyhxy.exe

pid process

1772 yhxy.exe
1676 yhxy.exe
Deletes itself 1 IoCs

Processes:

cmd.exe

pid process

700 cmd.exe

pid	process
1772	yhxy.exe
1676	yhxy.exe

pid	process
700	cmd.exe

Loads dropped DLL 2 IoCs

Processes:

946e011cc9cd2bd27bfda5a8c8fa185ecd59c7e6bee091f5fc59194a67ef973e.exe

pid	process
2004	946e011cc9cd2bd27bfda5a8c8fa185ecd59c7e6bee091f5fc59194a67ef973e.exe
2004	946e011cc9cd2bd27bfda5a8c8fa185ecd59c7e6bee091f5fc59194a67ef973e.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

yhxy.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Windows\Currentversion\Run	yhxy.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Windows\CurrentVersion\Run\{93ED5294-A84F-C11A-BC09-F0E77D2DB917} = "C:\\Users\\Admin\\AppData\\Roaming\\Roric\\yhxy.exe"	yhxy.exe

Suspicious use of SetThreadContext 2 IoCs

Processes:

946e011cc9cd2bd27bfda5a8c8fa185ecd59c7e6bee091f5fc59194a67ef973e.exeyhxy.exe

description	pid	process	target process
PID 1568 set thread context of 2004	1568	946e011cc9cd2bd27bfda5a8c8fa185ecd59c7e6bee091f5fc59194a67ef973e.exe	946e011cc9cd2bd27bfda5a8c8fa185ecd59c7e6bee091f5fc59194a67ef973e.exe
PID 1772 set thread context of 1676	1772	yhxy.exe	yhxy.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

Processes:

cmd.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Privacy	cmd.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Privacy\CleanCookies = "0"	cmd.exe

Suspicious behavior: EnumeratesProcesses 24 IoCs

Processes:

yhxy.exe

pid	process
1676	yhxy.exe
1676	yhxy.exe
1676	yhxy.exe
1676	yhxy.exe
1676	yhxy.exe
1676	yhxy.exe
1676	yhxy.exe
1676	yhxy.exe
1676	yhxy.exe
1676	yhxy.exe
1676	yhxy.exe
1676	yhxy.exe
1676	yhxy.exe
1676	yhxy.exe
1676	yhxy.exe
1676	yhxy.exe
1676	yhxy.exe
1676	yhxy.exe
1676	yhxy.exe
1676	yhxy.exe
1676	yhxy.exe
1676	yhxy.exe
1676	yhxy.exe
1676	yhxy.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

946e011cc9cd2bd27bfda5a8c8fa185ecd59c7e6bee091f5fc59194a67ef973e.execmd.exe

description	pid	process
Token: SeSecurityPrivilege	2004	946e011cc9cd2bd27bfda5a8c8fa185ecd59c7e6bee091f5fc59194a67ef973e.exe
Token: SeSecurityPrivilege	700	cmd.exe
Token: SeSecurityPrivilege	700	cmd.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

946e011cc9cd2bd27bfda5a8c8fa185ecd59c7e6bee091f5fc59194a67ef973e.exeyhxy.exe

pid process

1568 946e011cc9cd2bd27bfda5a8c8fa185ecd59c7e6bee091f5fc59194a67ef973e.exe
1772 yhxy.exe

pid	process
1568	946e011cc9cd2bd27bfda5a8c8fa185ecd59c7e6bee091f5fc59194a67ef973e.exe
1772	yhxy.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

946e011cc9cd2bd27bfda5a8c8fa185ecd59c7e6bee091f5fc59194a67ef973e.exe946e011cc9cd2bd27bfda5a8c8fa185ecd59c7e6bee091f5fc59194a67ef973e.exeyhxy.exeyhxy.exe

description	pid	process	target process
PID 1568 wrote to memory of 2004	1568	946e011cc9cd2bd27bfda5a8c8fa185ecd59c7e6bee091f5fc59194a67ef973e.exe	946e011cc9cd2bd27bfda5a8c8fa185ecd59c7e6bee091f5fc59194a67ef973e.exe
PID 1568 wrote to memory of 2004	1568	946e011cc9cd2bd27bfda5a8c8fa185ecd59c7e6bee091f5fc59194a67ef973e.exe	946e011cc9cd2bd27bfda5a8c8fa185ecd59c7e6bee091f5fc59194a67ef973e.exe
PID 1568 wrote to memory of 2004	1568	946e011cc9cd2bd27bfda5a8c8fa185ecd59c7e6bee091f5fc59194a67ef973e.exe	946e011cc9cd2bd27bfda5a8c8fa185ecd59c7e6bee091f5fc59194a67ef973e.exe
PID 1568 wrote to memory of 2004	1568	946e011cc9cd2bd27bfda5a8c8fa185ecd59c7e6bee091f5fc59194a67ef973e.exe	946e011cc9cd2bd27bfda5a8c8fa185ecd59c7e6bee091f5fc59194a67ef973e.exe
PID 1568 wrote to memory of 2004	1568	946e011cc9cd2bd27bfda5a8c8fa185ecd59c7e6bee091f5fc59194a67ef973e.exe	946e011cc9cd2bd27bfda5a8c8fa185ecd59c7e6bee091f5fc59194a67ef973e.exe
PID 1568 wrote to memory of 2004	1568	946e011cc9cd2bd27bfda5a8c8fa185ecd59c7e6bee091f5fc59194a67ef973e.exe	946e011cc9cd2bd27bfda5a8c8fa185ecd59c7e6bee091f5fc59194a67ef973e.exe
PID 1568 wrote to memory of 2004	1568	946e011cc9cd2bd27bfda5a8c8fa185ecd59c7e6bee091f5fc59194a67ef973e.exe	946e011cc9cd2bd27bfda5a8c8fa185ecd59c7e6bee091f5fc59194a67ef973e.exe
PID 1568 wrote to memory of 2004	1568	946e011cc9cd2bd27bfda5a8c8fa185ecd59c7e6bee091f5fc59194a67ef973e.exe	946e011cc9cd2bd27bfda5a8c8fa185ecd59c7e6bee091f5fc59194a67ef973e.exe
PID 1568 wrote to memory of 2004	1568	946e011cc9cd2bd27bfda5a8c8fa185ecd59c7e6bee091f5fc59194a67ef973e.exe	946e011cc9cd2bd27bfda5a8c8fa185ecd59c7e6bee091f5fc59194a67ef973e.exe
PID 2004 wrote to memory of 1772	2004	946e011cc9cd2bd27bfda5a8c8fa185ecd59c7e6bee091f5fc59194a67ef973e.exe	yhxy.exe
PID 2004 wrote to memory of 1772	2004	946e011cc9cd2bd27bfda5a8c8fa185ecd59c7e6bee091f5fc59194a67ef973e.exe	yhxy.exe
PID 2004 wrote to memory of 1772	2004	946e011cc9cd2bd27bfda5a8c8fa185ecd59c7e6bee091f5fc59194a67ef973e.exe	yhxy.exe
PID 2004 wrote to memory of 1772	2004	946e011cc9cd2bd27bfda5a8c8fa185ecd59c7e6bee091f5fc59194a67ef973e.exe	yhxy.exe
PID 1772 wrote to memory of 1676	1772	yhxy.exe	yhxy.exe
PID 1772 wrote to memory of 1676	1772	yhxy.exe	yhxy.exe
PID 1772 wrote to memory of 1676	1772	yhxy.exe	yhxy.exe
PID 1772 wrote to memory of 1676	1772	yhxy.exe	yhxy.exe
PID 1772 wrote to memory of 1676	1772	yhxy.exe	yhxy.exe
PID 1772 wrote to memory of 1676	1772	yhxy.exe	yhxy.exe
PID 1772 wrote to memory of 1676	1772	yhxy.exe	yhxy.exe
PID 1772 wrote to memory of 1676	1772	yhxy.exe	yhxy.exe
PID 1772 wrote to memory of 1676	1772	yhxy.exe	yhxy.exe
PID 2004 wrote to memory of 700	2004	946e011cc9cd2bd27bfda5a8c8fa185ecd59c7e6bee091f5fc59194a67ef973e.exe	cmd.exe
PID 2004 wrote to memory of 700	2004	946e011cc9cd2bd27bfda5a8c8fa185ecd59c7e6bee091f5fc59194a67ef973e.exe	cmd.exe
PID 2004 wrote to memory of 700	2004	946e011cc9cd2bd27bfda5a8c8fa185ecd59c7e6bee091f5fc59194a67ef973e.exe	cmd.exe
PID 2004 wrote to memory of 700	2004	946e011cc9cd2bd27bfda5a8c8fa185ecd59c7e6bee091f5fc59194a67ef973e.exe	cmd.exe
PID 1676 wrote to memory of 1140	1676	yhxy.exe	taskhost.exe
PID 1676 wrote to memory of 1140	1676	yhxy.exe	taskhost.exe
PID 1676 wrote to memory of 1140	1676	yhxy.exe	taskhost.exe
PID 1676 wrote to memory of 1140	1676	yhxy.exe	taskhost.exe
PID 1676 wrote to memory of 1140	1676	yhxy.exe	taskhost.exe
PID 1676 wrote to memory of 1228	1676	yhxy.exe	Dwm.exe
PID 1676 wrote to memory of 1228	1676	yhxy.exe	Dwm.exe
PID 1676 wrote to memory of 1228	1676	yhxy.exe	Dwm.exe
PID 1676 wrote to memory of 1228	1676	yhxy.exe	Dwm.exe
PID 1676 wrote to memory of 1228	1676	yhxy.exe	Dwm.exe
PID 1676 wrote to memory of 1284	1676	yhxy.exe	Explorer.EXE
PID 1676 wrote to memory of 1284	1676	yhxy.exe	Explorer.EXE
PID 1676 wrote to memory of 1284	1676	yhxy.exe	Explorer.EXE
PID 1676 wrote to memory of 1284	1676	yhxy.exe	Explorer.EXE
PID 1676 wrote to memory of 1284	1676	yhxy.exe	Explorer.EXE
PID 1676 wrote to memory of 700	1676	yhxy.exe	cmd.exe
PID 1676 wrote to memory of 700	1676	yhxy.exe	cmd.exe
PID 1676 wrote to memory of 700	1676	yhxy.exe	cmd.exe
PID 1676 wrote to memory of 700	1676	yhxy.exe	cmd.exe
PID 1676 wrote to memory of 700	1676	yhxy.exe	cmd.exe
PID 1676 wrote to memory of 812	1676	yhxy.exe	conhost.exe
PID 1676 wrote to memory of 1036	1676	yhxy.exe	DllHost.exe
PID 1676 wrote to memory of 1036	1676	yhxy.exe	DllHost.exe
PID 1676 wrote to memory of 1036	1676	yhxy.exe	DllHost.exe
PID 1676 wrote to memory of 1036	1676	yhxy.exe	DllHost.exe
PID 1676 wrote to memory of 1036	1676	yhxy.exe	DllHost.exe
PID 1676 wrote to memory of 1516	1676	yhxy.exe	DllHost.exe
PID 1676 wrote to memory of 1516	1676	yhxy.exe	DllHost.exe
PID 1676 wrote to memory of 1516	1676	yhxy.exe	DllHost.exe
PID 1676 wrote to memory of 1516	1676	yhxy.exe	DllHost.exe
PID 1676 wrote to memory of 1516	1676	yhxy.exe	DllHost.exe
PID 1676 wrote to memory of 1596	1676	yhxy.exe	DllHost.exe
PID 1676 wrote to memory of 1596	1676	yhxy.exe	DllHost.exe
PID 1676 wrote to memory of 1596	1676	yhxy.exe	DllHost.exe
PID 1676 wrote to memory of 1596	1676	yhxy.exe	DllHost.exe
PID 1676 wrote to memory of 1596	1676	yhxy.exe	DllHost.exe
PID 1676 wrote to memory of 1768	1676	yhxy.exe	DllHost.exe
PID 1676 wrote to memory of 1768	1676	yhxy.exe	DllHost.exe

C:\Windows\system32\Dwm.exe
"C:\Windows\system32\Dwm.exe"
1⤵
PID:1228

C:\Windows\system32\taskhost.exe
"taskhost.exe"
1⤵
PID:1140

C:\Users\Admin\AppData\Local\Temp\946e011cc9cd2bd27bfda5a8c8fa185ecd59c7e6bee091f5fc59194a67ef973e.exe
"C:\Users\Admin\AppData\Local\Temp\946e011cc9cd2bd27bfda5a8c8fa185ecd59c7e6bee091f5fc59194a67ef973e.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1568

C:\Users\Admin\AppData\Local\Temp\946e011cc9cd2bd27bfda5a8c8fa185ecd59c7e6bee091f5fc59194a67ef973e.exe
"C:\Users\Admin\AppData\Local\Temp\946e011cc9cd2bd27bfda5a8c8fa185ecd59c7e6bee091f5fc59194a67ef973e.exe"
2⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2004

C:\Users\Admin\AppData\Roaming\Roric\yhxy.exe
"C:\Users\Admin\AppData\Roaming\Roric\yhxy.exe"
3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1772

C:\Users\Admin\AppData\Roaming\Roric\yhxy.exe
"C:\Users\Admin\AppData\Roaming\Roric\yhxy.exe"
4⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1676

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\tmp5b5c3150.bat"
3⤵
- Deletes itself
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
PID:700

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1284

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-1746065131-528677819668113625-1110390943-1496795501-107686096136537271656856356"
1⤵
PID:812

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:1036

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
1⤵
PID:1516

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:1596

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:1768

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\tmp5b5c3150.bat
Filesize
307B

MD5
2ec98a290532a5751e6a8ec799b3321b

SHA1
aab4d4d4460f6a6b20b7a73e4112be788978ea76

SHA256
136dcc21176a24382551ad2ae1223e079f5891385ed6e1e8ec480856537156bc

SHA512
ad6bcaf0e8d55fdc3a69ff54cc9b34072fdc44fe5903ac031aaf2bd204d4fb6f606580fa80fcf1fcfa8c6158e037b24c6f47381a34251dbcd31d20197ce48720

Download Submit
C:\Users\Admin\AppData\Roaming\Roric\yhxy.exe
Filesize
256KB

MD5
2d9e9ae46e58b9ad89dbf61a4a89b9b4

SHA1
7854f709a4ec0d0bb2e05c222559e818620cd89a

SHA256
b0e71c070a0224fd1689cc2e2e7fc62b2b11a3ef5fb721b8d57016d51a5ea661

SHA512
e02c80fb7e6b65701292a2ead31b6404d786da3c5731c2d08a37a56c448fa872ce342102cc0f4ae71785974d1b63058a2804ee71bed68137992da28114929c18

Download Submit
C:\Users\Admin\AppData\Roaming\Roric\yhxy.exe
Filesize
256KB

MD5
2d9e9ae46e58b9ad89dbf61a4a89b9b4

SHA1
7854f709a4ec0d0bb2e05c222559e818620cd89a

SHA256
b0e71c070a0224fd1689cc2e2e7fc62b2b11a3ef5fb721b8d57016d51a5ea661

SHA512
e02c80fb7e6b65701292a2ead31b6404d786da3c5731c2d08a37a56c448fa872ce342102cc0f4ae71785974d1b63058a2804ee71bed68137992da28114929c18

Download Submit
C:\Users\Admin\AppData\Roaming\Roric\yhxy.exe
Filesize
256KB

MD5
2d9e9ae46e58b9ad89dbf61a4a89b9b4

SHA1
7854f709a4ec0d0bb2e05c222559e818620cd89a

SHA256
b0e71c070a0224fd1689cc2e2e7fc62b2b11a3ef5fb721b8d57016d51a5ea661

SHA512
e02c80fb7e6b65701292a2ead31b6404d786da3c5731c2d08a37a56c448fa872ce342102cc0f4ae71785974d1b63058a2804ee71bed68137992da28114929c18

Download Submit
\Users\Admin\AppData\Roaming\Roric\yhxy.exe
Filesize
256KB

MD5
2d9e9ae46e58b9ad89dbf61a4a89b9b4

SHA1
7854f709a4ec0d0bb2e05c222559e818620cd89a

SHA256
b0e71c070a0224fd1689cc2e2e7fc62b2b11a3ef5fb721b8d57016d51a5ea661

SHA512
e02c80fb7e6b65701292a2ead31b6404d786da3c5731c2d08a37a56c448fa872ce342102cc0f4ae71785974d1b63058a2804ee71bed68137992da28114929c18

Download Submit
\Users\Admin\AppData\Roaming\Roric\yhxy.exe
Filesize
256KB

MD5
2d9e9ae46e58b9ad89dbf61a4a89b9b4

SHA1
7854f709a4ec0d0bb2e05c222559e818620cd89a

SHA256
b0e71c070a0224fd1689cc2e2e7fc62b2b11a3ef5fb721b8d57016d51a5ea661

SHA512
e02c80fb7e6b65701292a2ead31b6404d786da3c5731c2d08a37a56c448fa872ce342102cc0f4ae71785974d1b63058a2804ee71bed68137992da28114929c18

Download Submit
memory/700-74-0x0000000000000000-mapping.dmp

Download
memory/700-103-0x0000000000080000-0x00000000000A7000-memory.dmp

Filesize
156KB

Download
memory/700-97-0x0000000000080000-0x00000000000A7000-memory.dmp

Filesize
156KB

Download
memory/700-98-0x0000000000080000-0x00000000000A7000-memory.dmp

Filesize
156KB

Download
memory/700-99-0x0000000000080000-0x00000000000A7000-memory.dmp

Filesize
156KB

Download
memory/700-96-0x0000000000080000-0x00000000000A7000-memory.dmp

Filesize
156KB

Download
memory/1036-110-0x0000000000310000-0x0000000000337000-memory.dmp

Filesize
156KB

Download
memory/1036-108-0x0000000000310000-0x0000000000337000-memory.dmp

Filesize
156KB

Download
memory/1036-109-0x0000000000310000-0x0000000000337000-memory.dmp

Filesize
156KB

Download
memory/1036-111-0x0000000000310000-0x0000000000337000-memory.dmp

Filesize
156KB

Download
memory/1140-79-0x0000000001C60000-0x0000000001C87000-memory.dmp

Filesize
156KB

Download
memory/1140-75-0x0000000001C60000-0x0000000001C87000-memory.dmp

Filesize
156KB

Download
memory/1140-80-0x0000000001C60000-0x0000000001C87000-memory.dmp

Filesize
156KB

Download
memory/1140-81-0x0000000001C60000-0x0000000001C87000-memory.dmp

Filesize
156KB

Download
memory/1140-78-0x0000000001C60000-0x0000000001C87000-memory.dmp

Filesize
156KB

Download
memory/1228-86-0x0000000000120000-0x0000000000147000-memory.dmp

Filesize
156KB

Download
memory/1228-84-0x0000000000120000-0x0000000000147000-memory.dmp

Filesize
156KB

Download
memory/1228-85-0x0000000000120000-0x0000000000147000-memory.dmp

Filesize
156KB

Download
memory/1228-87-0x0000000000120000-0x0000000000147000-memory.dmp

Filesize
156KB

Download
memory/1284-92-0x0000000002A50000-0x0000000002A77000-memory.dmp

Filesize
156KB

Download
memory/1284-93-0x0000000002A50000-0x0000000002A77000-memory.dmp

Filesize
156KB

Download
memory/1284-91-0x0000000002A50000-0x0000000002A77000-memory.dmp

Filesize
156KB

Download
memory/1284-90-0x0000000002A50000-0x0000000002A77000-memory.dmp

Filesize
156KB

Download
memory/1516-116-0x0000000003A50000-0x0000000003A77000-memory.dmp

Filesize
156KB

Download
memory/1516-114-0x0000000003A50000-0x0000000003A77000-memory.dmp

Filesize
156KB

Download
memory/1516-117-0x0000000003A50000-0x0000000003A77000-memory.dmp

Filesize
156KB

Download
memory/1516-115-0x0000000003A50000-0x0000000003A77000-memory.dmp

Filesize
156KB

Download
memory/1596-123-0x0000000000110000-0x0000000000137000-memory.dmp

Filesize
156KB

Download
memory/1596-121-0x0000000000110000-0x0000000000137000-memory.dmp

Filesize
156KB

Download
memory/1596-122-0x0000000000110000-0x0000000000137000-memory.dmp

Filesize
156KB

Download
memory/1596-120-0x0000000000110000-0x0000000000137000-memory.dmp

Filesize
156KB

Download
memory/1676-70-0x0000000000416D95-mapping.dmp

Download
memory/1676-105-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1768-128-0x0000000000110000-0x0000000000137000-memory.dmp

Filesize
156KB

Download
memory/1768-126-0x0000000000110000-0x0000000000137000-memory.dmp

Filesize
156KB

Download
memory/1768-129-0x0000000000110000-0x0000000000137000-memory.dmp

Filesize
156KB

Download
memory/1768-127-0x0000000000110000-0x0000000000137000-memory.dmp

Filesize
156KB

Download
memory/1772-64-0x0000000000000000-mapping.dmp

Download
memory/2004-76-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2004-56-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2004-60-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2004-61-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2004-57-0x0000000000416D95-mapping.dmp

Download
memory/2004-59-0x0000000076031000-0x0000000076033000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads