c1dbe3b2727390cd9b5fbc1cdffcabdc07a2a0d6d8ee8233d9f4727191ea3cb9

General

Target

c1dbe3b2727390cd9b5fbc1cdffcabdc07a2a0d6d8ee8233d9f4727191ea3cb9.exe
Size

224KB
MD5

2afd9390bc8706cb2a3c74339082c75f
SHA1

2525b3a5a337dad351f9a8a6bf8bbe8fcc8889cb
SHA256

c1dbe3b2727390cd9b5fbc1cdffcabdc07a2a0d6d8ee8233d9f4727191ea3cb9
SHA512

1da0fcd03a84c47c5f70063dd193da4f3a4c768e4424c0d60b120321938576a1691f5e6cc0b473c179b5125830fe87815bbebead2f3f383923d4c57ac04be80e
SSDEEP

6144:6aRdxGgC4Cdm+QQNfHy08pb6ilGqbyXlc7claAjv+7epZQnONzI:6M+ghY2pbZGGC+cwt

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 2 IoCs

Processes:

xeha.exexeha.exe

pid process

944 xeha.exe
1192 xeha.exe
Deletes itself 1 IoCs

Processes:

cmd.exe

pid process

1868 cmd.exe

pid	process
944	xeha.exe
1192	xeha.exe

pid	process
1868	cmd.exe

Loads dropped DLL 2 IoCs

Processes:

c1dbe3b2727390cd9b5fbc1cdffcabdc07a2a0d6d8ee8233d9f4727191ea3cb9.exe

pid	process
848	c1dbe3b2727390cd9b5fbc1cdffcabdc07a2a0d6d8ee8233d9f4727191ea3cb9.exe
848	c1dbe3b2727390cd9b5fbc1cdffcabdc07a2a0d6d8ee8233d9f4727191ea3cb9.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

xeha.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Windows\Currentversion\Run	xeha.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Windows\CurrentVersion\Run\{B4CEC134-6B0B-6DA7-4068-686E384507C6} = "C:\\Users\\Admin\\AppData\\Roaming\\Qyalp\\xeha.exe"	xeha.exe

Suspicious use of SetThreadContext 2 IoCs

Processes:

c1dbe3b2727390cd9b5fbc1cdffcabdc07a2a0d6d8ee8233d9f4727191ea3cb9.exexeha.exe

description	pid	process	target process
PID 1092 set thread context of 848	1092	c1dbe3b2727390cd9b5fbc1cdffcabdc07a2a0d6d8ee8233d9f4727191ea3cb9.exe	c1dbe3b2727390cd9b5fbc1cdffcabdc07a2a0d6d8ee8233d9f4727191ea3cb9.exe
PID 944 set thread context of 1192	944	xeha.exe	xeha.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

Processes:

c1dbe3b2727390cd9b5fbc1cdffcabdc07a2a0d6d8ee8233d9f4727191ea3cb9.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Privacy	c1dbe3b2727390cd9b5fbc1cdffcabdc07a2a0d6d8ee8233d9f4727191ea3cb9.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Privacy\CleanCookies = "0"	c1dbe3b2727390cd9b5fbc1cdffcabdc07a2a0d6d8ee8233d9f4727191ea3cb9.exe

Suspicious behavior: EnumeratesProcesses 9 IoCs

Processes:

xeha.exe

pid process

1192 xeha.exe
1192 xeha.exe
1192 xeha.exe
1192 xeha.exe
1192 xeha.exe
1192 xeha.exe
1192 xeha.exe
1192 xeha.exe
1192 xeha.exe

pid	process
1192	xeha.exe
1192	xeha.exe
1192	xeha.exe
1192	xeha.exe
1192	xeha.exe
1192	xeha.exe
1192	xeha.exe
1192	xeha.exe
1192	xeha.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

c1dbe3b2727390cd9b5fbc1cdffcabdc07a2a0d6d8ee8233d9f4727191ea3cb9.exe

description	pid	process
Token: SeSecurityPrivilege	848	c1dbe3b2727390cd9b5fbc1cdffcabdc07a2a0d6d8ee8233d9f4727191ea3cb9.exe
Token: SeSecurityPrivilege	848	c1dbe3b2727390cd9b5fbc1cdffcabdc07a2a0d6d8ee8233d9f4727191ea3cb9.exe
Token: SeSecurityPrivilege	848	c1dbe3b2727390cd9b5fbc1cdffcabdc07a2a0d6d8ee8233d9f4727191ea3cb9.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

c1dbe3b2727390cd9b5fbc1cdffcabdc07a2a0d6d8ee8233d9f4727191ea3cb9.exexeha.exe

pid process

1092 c1dbe3b2727390cd9b5fbc1cdffcabdc07a2a0d6d8ee8233d9f4727191ea3cb9.exe
944 xeha.exe

pid	process
1092	c1dbe3b2727390cd9b5fbc1cdffcabdc07a2a0d6d8ee8233d9f4727191ea3cb9.exe
944	xeha.exe

Suspicious use of WriteProcessMemory 52 IoCs

Processes:

c1dbe3b2727390cd9b5fbc1cdffcabdc07a2a0d6d8ee8233d9f4727191ea3cb9.exec1dbe3b2727390cd9b5fbc1cdffcabdc07a2a0d6d8ee8233d9f4727191ea3cb9.exexeha.exexeha.exe

description	pid	process	target process
PID 1092 wrote to memory of 848	1092	c1dbe3b2727390cd9b5fbc1cdffcabdc07a2a0d6d8ee8233d9f4727191ea3cb9.exe	c1dbe3b2727390cd9b5fbc1cdffcabdc07a2a0d6d8ee8233d9f4727191ea3cb9.exe
PID 1092 wrote to memory of 848	1092	c1dbe3b2727390cd9b5fbc1cdffcabdc07a2a0d6d8ee8233d9f4727191ea3cb9.exe	c1dbe3b2727390cd9b5fbc1cdffcabdc07a2a0d6d8ee8233d9f4727191ea3cb9.exe
PID 1092 wrote to memory of 848	1092	c1dbe3b2727390cd9b5fbc1cdffcabdc07a2a0d6d8ee8233d9f4727191ea3cb9.exe	c1dbe3b2727390cd9b5fbc1cdffcabdc07a2a0d6d8ee8233d9f4727191ea3cb9.exe
PID 1092 wrote to memory of 848	1092	c1dbe3b2727390cd9b5fbc1cdffcabdc07a2a0d6d8ee8233d9f4727191ea3cb9.exe	c1dbe3b2727390cd9b5fbc1cdffcabdc07a2a0d6d8ee8233d9f4727191ea3cb9.exe
PID 1092 wrote to memory of 848	1092	c1dbe3b2727390cd9b5fbc1cdffcabdc07a2a0d6d8ee8233d9f4727191ea3cb9.exe	c1dbe3b2727390cd9b5fbc1cdffcabdc07a2a0d6d8ee8233d9f4727191ea3cb9.exe
PID 1092 wrote to memory of 848	1092	c1dbe3b2727390cd9b5fbc1cdffcabdc07a2a0d6d8ee8233d9f4727191ea3cb9.exe	c1dbe3b2727390cd9b5fbc1cdffcabdc07a2a0d6d8ee8233d9f4727191ea3cb9.exe
PID 1092 wrote to memory of 848	1092	c1dbe3b2727390cd9b5fbc1cdffcabdc07a2a0d6d8ee8233d9f4727191ea3cb9.exe	c1dbe3b2727390cd9b5fbc1cdffcabdc07a2a0d6d8ee8233d9f4727191ea3cb9.exe
PID 1092 wrote to memory of 848	1092	c1dbe3b2727390cd9b5fbc1cdffcabdc07a2a0d6d8ee8233d9f4727191ea3cb9.exe	c1dbe3b2727390cd9b5fbc1cdffcabdc07a2a0d6d8ee8233d9f4727191ea3cb9.exe
PID 1092 wrote to memory of 848	1092	c1dbe3b2727390cd9b5fbc1cdffcabdc07a2a0d6d8ee8233d9f4727191ea3cb9.exe	c1dbe3b2727390cd9b5fbc1cdffcabdc07a2a0d6d8ee8233d9f4727191ea3cb9.exe
PID 848 wrote to memory of 944	848	c1dbe3b2727390cd9b5fbc1cdffcabdc07a2a0d6d8ee8233d9f4727191ea3cb9.exe	xeha.exe
PID 848 wrote to memory of 944	848	c1dbe3b2727390cd9b5fbc1cdffcabdc07a2a0d6d8ee8233d9f4727191ea3cb9.exe	xeha.exe
PID 848 wrote to memory of 944	848	c1dbe3b2727390cd9b5fbc1cdffcabdc07a2a0d6d8ee8233d9f4727191ea3cb9.exe	xeha.exe
PID 848 wrote to memory of 944	848	c1dbe3b2727390cd9b5fbc1cdffcabdc07a2a0d6d8ee8233d9f4727191ea3cb9.exe	xeha.exe
PID 944 wrote to memory of 1192	944	xeha.exe	xeha.exe
PID 944 wrote to memory of 1192	944	xeha.exe	xeha.exe
PID 944 wrote to memory of 1192	944	xeha.exe	xeha.exe
PID 944 wrote to memory of 1192	944	xeha.exe	xeha.exe
PID 944 wrote to memory of 1192	944	xeha.exe	xeha.exe
PID 944 wrote to memory of 1192	944	xeha.exe	xeha.exe
PID 944 wrote to memory of 1192	944	xeha.exe	xeha.exe
PID 944 wrote to memory of 1192	944	xeha.exe	xeha.exe
PID 944 wrote to memory of 1192	944	xeha.exe	xeha.exe
PID 1192 wrote to memory of 1128	1192	xeha.exe	taskhost.exe
PID 1192 wrote to memory of 1128	1192	xeha.exe	taskhost.exe
PID 1192 wrote to memory of 1128	1192	xeha.exe	taskhost.exe
PID 1192 wrote to memory of 1128	1192	xeha.exe	taskhost.exe
PID 1192 wrote to memory of 1128	1192	xeha.exe	taskhost.exe
PID 1192 wrote to memory of 1244	1192	xeha.exe	Dwm.exe
PID 1192 wrote to memory of 1244	1192	xeha.exe	Dwm.exe
PID 1192 wrote to memory of 1244	1192	xeha.exe	Dwm.exe
PID 1192 wrote to memory of 1244	1192	xeha.exe	Dwm.exe
PID 1192 wrote to memory of 1244	1192	xeha.exe	Dwm.exe
PID 1192 wrote to memory of 1276	1192	xeha.exe	Explorer.EXE
PID 1192 wrote to memory of 1276	1192	xeha.exe	Explorer.EXE
PID 1192 wrote to memory of 1276	1192	xeha.exe	Explorer.EXE
PID 1192 wrote to memory of 1276	1192	xeha.exe	Explorer.EXE
PID 1192 wrote to memory of 1276	1192	xeha.exe	Explorer.EXE
PID 1192 wrote to memory of 848	1192	xeha.exe	c1dbe3b2727390cd9b5fbc1cdffcabdc07a2a0d6d8ee8233d9f4727191ea3cb9.exe
PID 1192 wrote to memory of 848	1192	xeha.exe	c1dbe3b2727390cd9b5fbc1cdffcabdc07a2a0d6d8ee8233d9f4727191ea3cb9.exe
PID 1192 wrote to memory of 848	1192	xeha.exe	c1dbe3b2727390cd9b5fbc1cdffcabdc07a2a0d6d8ee8233d9f4727191ea3cb9.exe
PID 1192 wrote to memory of 848	1192	xeha.exe	c1dbe3b2727390cd9b5fbc1cdffcabdc07a2a0d6d8ee8233d9f4727191ea3cb9.exe
PID 1192 wrote to memory of 848	1192	xeha.exe	c1dbe3b2727390cd9b5fbc1cdffcabdc07a2a0d6d8ee8233d9f4727191ea3cb9.exe
PID 848 wrote to memory of 1868	848	c1dbe3b2727390cd9b5fbc1cdffcabdc07a2a0d6d8ee8233d9f4727191ea3cb9.exe	cmd.exe
PID 848 wrote to memory of 1868	848	c1dbe3b2727390cd9b5fbc1cdffcabdc07a2a0d6d8ee8233d9f4727191ea3cb9.exe	cmd.exe
PID 848 wrote to memory of 1868	848	c1dbe3b2727390cd9b5fbc1cdffcabdc07a2a0d6d8ee8233d9f4727191ea3cb9.exe	cmd.exe
PID 848 wrote to memory of 1868	848	c1dbe3b2727390cd9b5fbc1cdffcabdc07a2a0d6d8ee8233d9f4727191ea3cb9.exe	cmd.exe
PID 1192 wrote to memory of 1868	1192	xeha.exe	cmd.exe
PID 1192 wrote to memory of 1868	1192	xeha.exe	cmd.exe
PID 1192 wrote to memory of 1868	1192	xeha.exe	cmd.exe
PID 1192 wrote to memory of 1868	1192	xeha.exe	cmd.exe
PID 1192 wrote to memory of 1868	1192	xeha.exe	cmd.exe
PID 1192 wrote to memory of 1564	1192	xeha.exe	conhost.exe

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1276

C:\Users\Admin\AppData\Local\Temp\c1dbe3b2727390cd9b5fbc1cdffcabdc07a2a0d6d8ee8233d9f4727191ea3cb9.exe
"C:\Users\Admin\AppData\Local\Temp\c1dbe3b2727390cd9b5fbc1cdffcabdc07a2a0d6d8ee8233d9f4727191ea3cb9.exe"
2⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1092

C:\Users\Admin\AppData\Local\Temp\c1dbe3b2727390cd9b5fbc1cdffcabdc07a2a0d6d8ee8233d9f4727191ea3cb9.exe
"C:\Users\Admin\AppData\Local\Temp\c1dbe3b2727390cd9b5fbc1cdffcabdc07a2a0d6d8ee8233d9f4727191ea3cb9.exe"
3⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:848

C:\Users\Admin\AppData\Roaming\Qyalp\xeha.exe
"C:\Users\Admin\AppData\Roaming\Qyalp\xeha.exe"
4⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:944

C:\Users\Admin\AppData\Roaming\Qyalp\xeha.exe
"C:\Users\Admin\AppData\Roaming\Qyalp\xeha.exe"
5⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1192

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\tmp299542f8.bat"
4⤵
- Deletes itself
PID:1868

C:\Windows\system32\Dwm.exe
"C:\Windows\system32\Dwm.exe"
1⤵
PID:1244

C:\Windows\system32\taskhost.exe
"taskhost.exe"
1⤵
PID:1128

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "5882830531980214061370566585-1232296826402074167-7697234122117467200-1251080211"
1⤵
PID:1564

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\tmp299542f8.bat
Filesize
307B

MD5
28a093c2c8ef0319370673bbc9193994

SHA1
aad8a21f29ab8288b4cc3e8b933997d52cc7439a

SHA256
8c6b89857c174ae804eac87f78fc6f9e63b3f7fbb9b4cbf23091ee61e68c9ac2

SHA512
cbfb292ca1b97ef2bc83e1db0298e9e93fcfaf89b2099a397d4b1abfbcce8fc5aea23e67aca59bd0ded64983197e5d3b79045daa2692422cfe377068b2ddf5f2

Download Submit
C:\Users\Admin\AppData\Roaming\Aqeqi\zoet.qoy
Filesize
398B

MD5
3f998d9d9c8652e1c9767522936a45e0

SHA1
ce4cd264bc0a698097a0f50e818ddf8bb1bac47a

SHA256
9f314baed151722a2a27727ff16c9b4f02370b34b1d0f524cae754e983fad010

SHA512
c3574d015afaf2a42a94d81a9c4e7518f09b53213d33d5ef07f91d7385aaaf133d6ca8a290485c35914332c171c73ee7ca09e7335d90e107f1370eb6a28fef6b

Download Submit
C:\Users\Admin\AppData\Roaming\Qyalp\xeha.exe
Filesize
224KB

MD5
6de571d4f7fa954529fe1230ab7c5761

SHA1
f40bb95ae4b7f3131672a921560d4011aa7893af

SHA256
b0f8a2dce3c6e411f3532db4fb47dfb579f882ee500002447e1e15509b696aa2

SHA512
f61481114df239906e32a0c7aef9d010f6cf1b237e8f3534105fac4e932f921c4189e2e70d9657722d8bef64ac3ac4a07f2c807b740488e48b508ba58bd27f53

Download Submit
C:\Users\Admin\AppData\Roaming\Qyalp\xeha.exe
Filesize
224KB

MD5
6de571d4f7fa954529fe1230ab7c5761

SHA1
f40bb95ae4b7f3131672a921560d4011aa7893af

SHA256
b0f8a2dce3c6e411f3532db4fb47dfb579f882ee500002447e1e15509b696aa2

SHA512
f61481114df239906e32a0c7aef9d010f6cf1b237e8f3534105fac4e932f921c4189e2e70d9657722d8bef64ac3ac4a07f2c807b740488e48b508ba58bd27f53

Download Submit
C:\Users\Admin\AppData\Roaming\Qyalp\xeha.exe
Filesize
224KB

MD5
6de571d4f7fa954529fe1230ab7c5761

SHA1
f40bb95ae4b7f3131672a921560d4011aa7893af

SHA256
b0f8a2dce3c6e411f3532db4fb47dfb579f882ee500002447e1e15509b696aa2

SHA512
f61481114df239906e32a0c7aef9d010f6cf1b237e8f3534105fac4e932f921c4189e2e70d9657722d8bef64ac3ac4a07f2c807b740488e48b508ba58bd27f53

Download Submit
\Users\Admin\AppData\Roaming\Qyalp\xeha.exe
Filesize
224KB

MD5
6de571d4f7fa954529fe1230ab7c5761

SHA1
f40bb95ae4b7f3131672a921560d4011aa7893af

SHA256
b0f8a2dce3c6e411f3532db4fb47dfb579f882ee500002447e1e15509b696aa2

SHA512
f61481114df239906e32a0c7aef9d010f6cf1b237e8f3534105fac4e932f921c4189e2e70d9657722d8bef64ac3ac4a07f2c807b740488e48b508ba58bd27f53

Download Submit
\Users\Admin\AppData\Roaming\Qyalp\xeha.exe
Filesize
224KB

MD5
6de571d4f7fa954529fe1230ab7c5761

SHA1
f40bb95ae4b7f3131672a921560d4011aa7893af

SHA256
b0f8a2dce3c6e411f3532db4fb47dfb579f882ee500002447e1e15509b696aa2

SHA512
f61481114df239906e32a0c7aef9d010f6cf1b237e8f3534105fac4e932f921c4189e2e70d9657722d8bef64ac3ac4a07f2c807b740488e48b508ba58bd27f53

Download Submit
memory/848-99-0x0000000001DB0000-0x0000000001DD7000-memory.dmp

Filesize
156KB

Download
memory/848-94-0x0000000001DB0000-0x0000000001DD7000-memory.dmp

Filesize
156KB

Download
memory/848-61-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/848-60-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/848-57-0x0000000000413048-mapping.dmp

Download
memory/848-59-0x0000000074C91000-0x0000000074C93000-memory.dmp

Filesize
8KB

Download
memory/848-102-0x0000000001DB0000-0x0000000001DD7000-memory.dmp

Filesize
156KB

Download
memory/848-101-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/848-56-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/848-97-0x0000000001DB0000-0x0000000001DD7000-memory.dmp

Filesize
156KB

Download
memory/848-96-0x0000000001DB0000-0x0000000001DD7000-memory.dmp

Filesize
156KB

Download
memory/848-95-0x0000000001DB0000-0x0000000001DD7000-memory.dmp

Filesize
156KB

Download
memory/944-64-0x0000000000000000-mapping.dmp

Download
memory/1128-79-0x0000000001F00000-0x0000000001F27000-memory.dmp

Filesize
156KB

Download
memory/1128-74-0x0000000001F00000-0x0000000001F27000-memory.dmp

Filesize
156KB

Download
memory/1128-76-0x0000000001F00000-0x0000000001F27000-memory.dmp

Filesize
156KB

Download
memory/1128-77-0x0000000001F00000-0x0000000001F27000-memory.dmp

Filesize
156KB

Download
memory/1128-78-0x0000000001F00000-0x0000000001F27000-memory.dmp

Filesize
156KB

Download
memory/1192-98-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1192-115-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1192-70-0x0000000000413048-mapping.dmp

Download
memory/1244-84-0x0000000001BB0000-0x0000000001BD7000-memory.dmp

Filesize
156KB

Download
memory/1244-83-0x0000000001BB0000-0x0000000001BD7000-memory.dmp

Filesize
156KB

Download
memory/1244-85-0x0000000001BB0000-0x0000000001BD7000-memory.dmp

Filesize
156KB

Download
memory/1244-82-0x0000000001BB0000-0x0000000001BD7000-memory.dmp

Filesize
156KB

Download
memory/1276-91-0x00000000029F0000-0x0000000002A17000-memory.dmp

Filesize
156KB

Download
memory/1276-88-0x00000000029F0000-0x0000000002A17000-memory.dmp

Filesize
156KB

Download
memory/1276-89-0x00000000029F0000-0x0000000002A17000-memory.dmp

Filesize
156KB

Download
memory/1276-90-0x00000000029F0000-0x0000000002A17000-memory.dmp

Filesize
156KB

Download
memory/1868-106-0x0000000000140000-0x0000000000167000-memory.dmp

Filesize
156KB

Download
memory/1868-107-0x0000000000140000-0x0000000000167000-memory.dmp

Filesize
156KB

Download
memory/1868-108-0x0000000000140000-0x0000000000167000-memory.dmp

Filesize
156KB

Download
memory/1868-111-0x0000000000140000-0x0000000000167000-memory.dmp

Filesize
156KB

Download
memory/1868-105-0x0000000000140000-0x0000000000167000-memory.dmp

Filesize
156KB

Download
memory/1868-100-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads