0e2d18ab230cc779e34752b45e5407a14897f99d95d738a173dd1a397061e5bc

General

Target

逆战嫩草透视辅助1119Sp1.exe
Size

2.0MB
MD5

1ef927006683a9187cc55c8efe36e256
SHA1

bccb3687d7ce6caa1c8c6d1ee21e99aca9acf21c
SHA256

6854daefcb6bf04e35ccdb1bf08ce75315a3fc8bb19d0182a7eddd5bfe4ead7b
SHA512

0d76cf765eaeaef62f104fc9c6b2d9bb2a401c39e72df7fb2199b2348b5b3f482725f098125b6d443f0dcccef2aa495126a5b1e025be0df1b9b52ceec67d87b4
SSDEEP

24576:uBoJKz7+Ze0/r2PEw55c2wTYs42cYbDyGWBVGZu8BlscURb+bo98Ef1gFIo4KGqI:upz7G2PxJhAyGWv4uAA+cRgFIAG2SWs

Score

8^/10

upx vmprotect

Malware Config

Signatures

UPX packed file 24 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral3/memory/956-55-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral3/memory/956-59-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral3/memory/956-57-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral3/memory/956-56-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral3/memory/956-63-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral3/memory/956-61-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral3/memory/956-67-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral3/memory/956-65-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral3/memory/956-69-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral3/memory/956-71-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral3/memory/956-73-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral3/memory/956-75-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral3/memory/956-77-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral3/memory/956-79-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral3/memory/956-81-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral3/memory/956-85-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral3/memory/956-83-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral3/memory/956-87-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral3/memory/956-89-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral3/memory/956-93-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral3/memory/956-91-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral3/memory/956-97-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral3/memory/956-95-0x0000000010000000-0x000000001003F000-memory.dmp	upx
behavioral3/memory/956-98-0x0000000010000000-0x000000001003F000-memory.dmp	upx

VMProtect packed file 3 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

Processes:

resource	yara_rule
\Windows\SysWOW64\SuperEC_Hook.dll	vmprotect
C:\Windows\SysWOW64\SuperEC_Hook.dll	vmprotect
behavioral3/memory/1600-104-0x0000000016080000-0x0000000016152000-memory.dmp	vmprotect

Loads dropped DLL 1 IoCs

Processes:

regsvr32.exe

pid process

1600 regsvr32.exe
Drops file in System32 directory 1 IoCs

Processes:

逆战嫩草透视辅助1119Sp1.exe

description ioc process

File created C:\Windows\SysWOW64\SuperEC_Hook.dll 逆战嫩草透视辅助1119Sp1.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

pid	process
1600	regsvr32.exe

description	ioc	process
File created	C:\Windows\SysWOW64\SuperEC_Hook.dll	逆战嫩草透视辅助1119Sp1.exe

Modifies Internet Explorer settings 1 TTPs 41 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exe逆战嫩草透视辅助1119Sp1.exeIEXPLORE.EXE

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{BF7A6861-6ED1-11ED-B76D-4EFAD8A2B6A5} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main	逆战嫩草透视辅助1119Sp1.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 701af294de02d901	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003bad9e5810411a41b405bdc87c3b0eb80000000002000000000010660000000100002000000071b99e1609f0c4518e14cdb22a6bf9ac6171543bc55f50a80cd585d282e2d8bc000000000e8000000002000020000000be59fa206bffff87b51abea773eeffe120e17ba8a5bbde8efa64d62d3b20621f9000000051629d89990a47b79643b50b583cf37a1ef3ead9d606c178713d21292e4b97b947f22981ad08229204910f5aa84a43d60e2757b259bd8ba69ed748af3e5ae872a44ca93775ac66966646206993155fc809e70c52ea1fb519f64e12aedfec7adb5004bc07ce9f2bcb04814e1724b5a66d59060768a56baf31fa3ea2d99b7b814cd40f4cdafb9a610770cb82cc1c07f597400000005d06e5eb4a0251984d91b947d947d0ddf7587bc25ac819733466c4a77d01aeeb6175de678c2e176b51a971ceeaf18370e2ef83a4a1a86db892b14d14bec9eb0b	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	逆战嫩草透视辅助1119Sp1.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	逆战嫩草透视辅助1119Sp1.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000003bad9e5810411a41b405bdc87c3b0eb800000000020000000000106600000001000020000000ceacfff0751517134548831f8b7e56e9c31e1b5a9238e4363455b195760c6540000000000e80000000020000200000001f4a7c47005694b7207867490a76c54957b3590f6eaa9791d8a095b95c263f2420000000e1c4992094fa5a97026a202d6cffdca5c08882429348b63ecae8e69397f6e2de4000000071e68e8c9f7254ab949b41700acd0335a4c9caa9854be4fcabdf29d39f741cfe5d92e3f0de7019c194286a508c5f816668e90cbbda21ba50beec83808a9f4d6e	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "376373245"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

AUDIODG.EXE

description	pid	process
Token: 33	1852	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1852	AUDIODG.EXE
Token: 33	1852	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1852	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1328 iexplore.exe

pid	process
1328	iexplore.exe

Suspicious use of SetWindowsHookEx 11 IoCs

Processes:

逆战嫩草透视辅助1119Sp1.exeiexplore.exeIEXPLORE.EXE

pid	process
956	逆战嫩草透视辅助1119Sp1.exe
956	逆战嫩草透视辅助1119Sp1.exe
956	逆战嫩草透视辅助1119Sp1.exe
956	逆战嫩草透视辅助1119Sp1.exe
956	逆战嫩草透视辅助1119Sp1.exe
1328	iexplore.exe
1328	iexplore.exe
776	IEXPLORE.EXE
776	IEXPLORE.EXE
776	IEXPLORE.EXE
776	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 15 IoCs

Processes:

逆战嫩草透视辅助1119Sp1.exeiexplore.exe

description	pid	process	target process
PID 956 wrote to memory of 1328	956	逆战嫩草透视辅助1119Sp1.exe	iexplore.exe
PID 956 wrote to memory of 1328	956	逆战嫩草透视辅助1119Sp1.exe	iexplore.exe
PID 956 wrote to memory of 1328	956	逆战嫩草透视辅助1119Sp1.exe	iexplore.exe
PID 956 wrote to memory of 1328	956	逆战嫩草透视辅助1119Sp1.exe	iexplore.exe
PID 956 wrote to memory of 1600	956	逆战嫩草透视辅助1119Sp1.exe	regsvr32.exe
PID 956 wrote to memory of 1600	956	逆战嫩草透视辅助1119Sp1.exe	regsvr32.exe
PID 956 wrote to memory of 1600	956	逆战嫩草透视辅助1119Sp1.exe	regsvr32.exe
PID 956 wrote to memory of 1600	956	逆战嫩草透视辅助1119Sp1.exe	regsvr32.exe
PID 956 wrote to memory of 1600	956	逆战嫩草透视辅助1119Sp1.exe	regsvr32.exe
PID 956 wrote to memory of 1600	956	逆战嫩草透视辅助1119Sp1.exe	regsvr32.exe
PID 956 wrote to memory of 1600	956	逆战嫩草透视辅助1119Sp1.exe	regsvr32.exe
PID 1328 wrote to memory of 776	1328	iexplore.exe	IEXPLORE.EXE
PID 1328 wrote to memory of 776	1328	iexplore.exe	IEXPLORE.EXE
PID 1328 wrote to memory of 776	1328	iexplore.exe	IEXPLORE.EXE
PID 1328 wrote to memory of 776	1328	iexplore.exe	IEXPLORE.EXE

C:\Users\Admin\AppData\Local\Temp\逆战嫩草透视辅助1119Sp1.exe
"C:\Users\Admin\AppData\Local\Temp\逆战嫩草透视辅助1119Sp1.exe"
1⤵
- Drops file in System32 directory
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:956

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://www.cnlna.com/
2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1328

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1328 CREDAT:275457 /prefetch:2
3⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:776

C:\Windows\SysWOW64\regsvr32.exe
regsvr32 /u /s C:\Windows\system32\SuperEC_Hook.dll
2⤵
- Loads dropped DLL
PID:1600

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x508
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1852

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PFZC0YBM\FM2U9VPL.htm
Filesize
427B

MD5
774d13bb0fecd8fd1b141abc974c2840

SHA1
683c8cfb5b5d2fdaf704d9fd8c11885a024e0ee4

SHA256
4a89eebe118988c98ea41bc4540c8972a2e35ff2a616b933178dce75415191b8

SHA512
0759bc9280458afcba4d8a86fb179c98a34f985049d50b4a14c4949d7c99a5c689474a77c9f3564e2ae06a891d53319bf82626ff60cd858e4dda6b93d16e5792

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\YEIY221N.txt
Filesize
608B

MD5
e02e87aecc30d93a1e8010fd220df748

SHA1
6eea564c4c97419d9ac7fa05c8ca5bb78f1beb40

SHA256
173a4ad8340785b3b0898256088776ada2325937de7565149233f7bb9eb65d50

SHA512
ab190a92d76b5c52c1c29c261260505d65a33783f9b41f4000170669986356a2c2883f0e022eb399d11450eb26dc172f0a282cb8a79e717e8d62f5e7adc322ce

Download Submit
C:\Windows\SysWOW64\SuperEC_Hook.dll
Filesize
368KB

MD5
6446f02463634295797ff698eb7eb92e

SHA1
64a20417acf7c9bd67efc601236c85fa640426a8

SHA256
53022e175ff09af40a8569a641a261ed08dabc7331afbdde97f2f3d6f9321b33

SHA512
eeeb4152b92f9c4cad35d596f6fdec8d4e26b93c1a71627007ce5e490c46bd7773cc65309645ace429467b335fea5fe33cb5aac4cf507367cd9ad72a1b9efbfe

Download Submit
\Windows\SysWOW64\SuperEC_Hook.dll
Filesize
368KB

MD5
6446f02463634295797ff698eb7eb92e

SHA1
64a20417acf7c9bd67efc601236c85fa640426a8

SHA256
53022e175ff09af40a8569a641a261ed08dabc7331afbdde97f2f3d6f9321b33

SHA512
eeeb4152b92f9c4cad35d596f6fdec8d4e26b93c1a71627007ce5e490c46bd7773cc65309645ace429467b335fea5fe33cb5aac4cf507367cd9ad72a1b9efbfe

Download Submit
memory/956-79-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/956-83-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/956-61-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/956-67-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/956-65-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/956-69-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/956-71-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/956-73-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/956-75-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/956-77-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/956-54-0x00000000757C1000-0x00000000757C3000-memory.dmp

Filesize
8KB

Download
memory/956-81-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/956-85-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/956-63-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/956-87-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/956-89-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/956-93-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/956-91-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/956-97-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/956-95-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/956-98-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/956-55-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/956-56-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/956-57-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/956-59-0x0000000010000000-0x000000001003F000-memory.dmp

Filesize
252KB

Download
memory/1600-104-0x0000000016080000-0x0000000016152000-memory.dmp

Filesize
840KB

Download
memory/1600-100-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads