88749c357803bf7c813ba7585c957824a3312cde231069b063b65acc615a6435

General

Target

88749c357803bf7c813ba7585c957824a3312cde231069b063b65acc615a6435.exe
Size

330KB
MD5

036d0cdc09f3807ccfd9c84ee3860d20
SHA1

3c07b57464bf2f423e84d78e45a62ec547984b37
SHA256

88749c357803bf7c813ba7585c957824a3312cde231069b063b65acc615a6435
SHA512

96b8c1a44e2bb84c35f8110cba1c2152f78bf118468ecce9d77c1d4a50d5742f0e0f5804302b59b403715913ced9a51711e3655dad94d40f2c6707db22c3dca7
SSDEEP

6144:Lkf8OvTWFVeM1F/42XB/4JF9+AE96zB+Ng5Oa2bp3RJ9zch1qxMv:23vTKV42XB/w+AVGg5OaCv9iq

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1144	jlguaji.exe

UPX packed file 12 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x00080000000139dc-56.dat	upx
behavioral1/files/0x00080000000139dc-57.dat	upx
behavioral1/memory/1388-59-0x0000000000400000-0x0000000000470000-memory.dmp	upx
behavioral1/files/0x00080000000139dc-60.dat	upx
behavioral1/files/0x00080000000139dc-64.dat	upx
behavioral1/files/0x00080000000139dc-65.dat	upx
behavioral1/files/0x00080000000139dc-66.dat	upx
behavioral1/files/0x00080000000139dc-67.dat	upx
behavioral1/memory/1144-69-0x0000000000400000-0x00000000004B2000-memory.dmp	upx
behavioral1/memory/1388-71-0x0000000000400000-0x0000000000470000-memory.dmp	upx
behavioral1/memory/1144-72-0x0000000000400000-0x00000000004B2000-memory.dmp	upx
behavioral1/memory/1388-75-0x0000000000400000-0x0000000000470000-memory.dmp	upx

Loads dropped DLL 5 IoCs

pid	Process
1388	88749c357803bf7c813ba7585c957824a3312cde231069b063b65acc615a6435.exe
1388	88749c357803bf7c813ba7585c957824a3312cde231069b063b65acc615a6435.exe
1144	jlguaji.exe
1144	jlguaji.exe
1144	jlguaji.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Run	jlguaji.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Run\urlspace = "C:\\Users\\Admin\\AppData\\Roaming\\Spiritsoft\\urlspirit\\jlguaji.exe -h"	jlguaji.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	jlguaji.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	jlguaji.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
1476	taskkill.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main	jlguaji.exe

Modifies system certificate store 2 TTPs 4 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81\Blob = 190000000100000010000000dc73f9b71e16d51d26527d32b11a6a3d03000000010000001400000091c6d6ee3e8ac86384e548c299295c756c817b810b000000010000000e00000074006800610077007400650000001d00000001000000100000005b3b67000eeb80022e42605b6b3b72401400000001000000140000007b5b45cfafcecb7afd31921a6ab6f346eb57485053000000010000002500000030233021060b6086480186f8450107300130123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b060105050703030f000000010000001400000085fef11b4f47fe3952f98301c9f98976fefee0ce2000000001000000240400003082042030820308a0030201020210344ed55720d5edec49f42fce37db2b6d300d06092a864886f70d01010505003081a9310b300906035504061302555331153013060355040a130c7468617774652c20496e632e31283026060355040b131f43657274696669636174696f6e205365727669636573204469766973696f6e31383036060355040b132f2863292032303036207468617774652c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79311f301d06035504031316746861777465205072696d61727920526f6f74204341301e170d3036313131373030303030305a170d3336303731363233353935395a3081a9310b300906035504061302555331153013060355040a130c7468617774652c20496e632e31283026060355040b131f43657274696669636174696f6e205365727669636573204469766973696f6e31383036060355040b132f2863292032303036207468617774652c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79311f301d06035504031316746861777465205072696d61727920526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100aca0f0fb8059d49cc7a4cf9da159730910450c0d2c6e68f16c5b4868495937fc0b3319c2777fcc102d95341ce6eb4d09a71cd2b8c9973602b789d4245f06c0cc4494948d02626feb5add118d289a5c8490107a0dbd74662f6a38a0e2d55444eb1d079f07ba6feee9fd4e0b29f53e84a001f19cabf81c7e89a4e8a1d871650da3517beebcd222600db95b9ddfbafc515b0baf98b2e92ee904e86287de2bc8d74ec14c641eddcf8758ba4a4fca68071d1c9d4ac6d52f91cc7c71721cc5c067eb32fdc9925c94da85c09bbf537d2b09f48c9d911f976a52cbde0936a477d87b875044d53e6e2969fb3949261e09a5807b402debe82785c9fe61fd7ee67c971dd59d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147b5b45cfafcecb7afd31921a6ab6f346eb574850300d06092a864886f70d010105050003820101007911c04bb391b6fcf0e967d40d6e45be55e893d2ce033fedda25b01d57cb1e3a76a04cec5076e864720ca4a9f1b88bd6d68784bb32e54111c077d9b3609deb1bd5d16e4444a9a601ec55621d77b85c8e48497c9c3b5711acad73378e2f785c906847d96060e6fc073d222017c4f716e9c4d872f9c8737cdf162f15a93efd6a27b6a1eb5aba981fd5e34d640a9d13c861baf5391c87bab8bd7b227ff6feac4079e5ac106f3d8f1b79768bc437b3211884e53600eb632099b9e9fe3304bb41c8c102f94463209e81ce42d3d63f2c76d3639c59dd8fa6e10ea02e41f72e9547cfbcfd33f3f60b617e7e912b8147c22730eea7105d378f5c392be404f07b8d568c68	jlguaji.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81\Blob = 0400000001000000100000008ccadc0b22cef5be72ac411a11a8d8120f000000010000001400000085fef11b4f47fe3952f98301c9f98976fefee0ce09000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000002500000030233021060b6086480186f8450107300130123010060a2b0601040182373c0101030200c01400000001000000140000007b5b45cfafcecb7afd31921a6ab6f346eb5748501d00000001000000100000005b3b67000eeb80022e42605b6b3b72400b000000010000000e000000740068006100770074006500000003000000010000001400000091c6d6ee3e8ac86384e548c299295c756c817b81190000000100000010000000dc73f9b71e16d51d26527d32b11a6a3d2000000001000000240400003082042030820308a0030201020210344ed55720d5edec49f42fce37db2b6d300d06092a864886f70d01010505003081a9310b300906035504061302555331153013060355040a130c7468617774652c20496e632e31283026060355040b131f43657274696669636174696f6e205365727669636573204469766973696f6e31383036060355040b132f2863292032303036207468617774652c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79311f301d06035504031316746861777465205072696d61727920526f6f74204341301e170d3036313131373030303030305a170d3336303731363233353935395a3081a9310b300906035504061302555331153013060355040a130c7468617774652c20496e632e31283026060355040b131f43657274696669636174696f6e205365727669636573204469766973696f6e31383036060355040b132f2863292032303036207468617774652c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79311f301d06035504031316746861777465205072696d61727920526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100aca0f0fb8059d49cc7a4cf9da159730910450c0d2c6e68f16c5b4868495937fc0b3319c2777fcc102d95341ce6eb4d09a71cd2b8c9973602b789d4245f06c0cc4494948d02626feb5add118d289a5c8490107a0dbd74662f6a38a0e2d55444eb1d079f07ba6feee9fd4e0b29f53e84a001f19cabf81c7e89a4e8a1d871650da3517beebcd222600db95b9ddfbafc515b0baf98b2e92ee904e86287de2bc8d74ec14c641eddcf8758ba4a4fca68071d1c9d4ac6d52f91cc7c71721cc5c067eb32fdc9925c94da85c09bbf537d2b09f48c9d911f976a52cbde0936a477d87b875044d53e6e2969fb3949261e09a5807b402debe82785c9fe61fd7ee67c971dd59d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147b5b45cfafcecb7afd31921a6ab6f346eb574850300d06092a864886f70d010105050003820101007911c04bb391b6fcf0e967d40d6e45be55e893d2ce033fedda25b01d57cb1e3a76a04cec5076e864720ca4a9f1b88bd6d68784bb32e54111c077d9b3609deb1bd5d16e4444a9a601ec55621d77b85c8e48497c9c3b5711acad73378e2f785c906847d96060e6fc073d222017c4f716e9c4d872f9c8737cdf162f15a93efd6a27b6a1eb5aba981fd5e34d640a9d13c861baf5391c87bab8bd7b227ff6feac4079e5ac106f3d8f1b79768bc437b3211884e53600eb632099b9e9fe3304bb41c8c102f94463209e81ce42d3d63f2c76d3639c59dd8fa6e10ea02e41f72e9547cfbcfd33f3f60b617e7e912b8147c22730eea7105d378f5c392be404f07b8d568c68	jlguaji.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81	jlguaji.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81\Blob = 0f000000010000001400000085fef11b4f47fe3952f98301c9f98976fefee0ce09000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000002500000030233021060b6086480186f8450107300130123010060a2b0601040182373c0101030200c01400000001000000140000007b5b45cfafcecb7afd31921a6ab6f346eb5748501d00000001000000100000005b3b67000eeb80022e42605b6b3b72400b000000010000000e000000740068006100770074006500000003000000010000001400000091c6d6ee3e8ac86384e548c299295c756c817b812000000001000000240400003082042030820308a0030201020210344ed55720d5edec49f42fce37db2b6d300d06092a864886f70d01010505003081a9310b300906035504061302555331153013060355040a130c7468617774652c20496e632e31283026060355040b131f43657274696669636174696f6e205365727669636573204469766973696f6e31383036060355040b132f2863292032303036207468617774652c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79311f301d06035504031316746861777465205072696d61727920526f6f74204341301e170d3036313131373030303030305a170d3336303731363233353935395a3081a9310b300906035504061302555331153013060355040a130c7468617774652c20496e632e31283026060355040b131f43657274696669636174696f6e205365727669636573204469766973696f6e31383036060355040b132f2863292032303036207468617774652c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79311f301d06035504031316746861777465205072696d61727920526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100aca0f0fb8059d49cc7a4cf9da159730910450c0d2c6e68f16c5b4868495937fc0b3319c2777fcc102d95341ce6eb4d09a71cd2b8c9973602b789d4245f06c0cc4494948d02626feb5add118d289a5c8490107a0dbd74662f6a38a0e2d55444eb1d079f07ba6feee9fd4e0b29f53e84a001f19cabf81c7e89a4e8a1d871650da3517beebcd222600db95b9ddfbafc515b0baf98b2e92ee904e86287de2bc8d74ec14c641eddcf8758ba4a4fca68071d1c9d4ac6d52f91cc7c71721cc5c067eb32fdc9925c94da85c09bbf537d2b09f48c9d911f976a52cbde0936a477d87b875044d53e6e2969fb3949261e09a5807b402debe82785c9fe61fd7ee67c971dd59d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147b5b45cfafcecb7afd31921a6ab6f346eb574850300d06092a864886f70d010105050003820101007911c04bb391b6fcf0e967d40d6e45be55e893d2ce033fedda25b01d57cb1e3a76a04cec5076e864720ca4a9f1b88bd6d68784bb32e54111c077d9b3609deb1bd5d16e4444a9a601ec55621d77b85c8e48497c9c3b5711acad73378e2f785c906847d96060e6fc073d222017c4f716e9c4d872f9c8737cdf162f15a93efd6a27b6a1eb5aba981fd5e34d640a9d13c861baf5391c87bab8bd7b227ff6feac4079e5ac106f3d8f1b79768bc437b3211884e53600eb632099b9e9fe3304bb41c8c102f94463209e81ce42d3d63f2c76d3639c59dd8fa6e10ea02e41f72e9547cfbcfd33f3f60b617e7e912b8147c22730eea7105d378f5c392be404f07b8d568c68	jlguaji.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1144	jlguaji.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1476	taskkill.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
1144	jlguaji.exe
1144	jlguaji.exe
1144	jlguaji.exe
1144	jlguaji.exe
1144	jlguaji.exe

Suspicious use of SendNotifyMessage 5 IoCs

pid	Process
1144	jlguaji.exe
1144	jlguaji.exe
1144	jlguaji.exe
1144	jlguaji.exe
1144	jlguaji.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1144	jlguaji.exe
1144	jlguaji.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 1388 wrote to memory of 1476	1388	88749c357803bf7c813ba7585c957824a3312cde231069b063b65acc615a6435.exe	26
PID 1388 wrote to memory of 1476	1388	88749c357803bf7c813ba7585c957824a3312cde231069b063b65acc615a6435.exe	26
PID 1388 wrote to memory of 1476	1388	88749c357803bf7c813ba7585c957824a3312cde231069b063b65acc615a6435.exe	26
PID 1388 wrote to memory of 1476	1388	88749c357803bf7c813ba7585c957824a3312cde231069b063b65acc615a6435.exe	26
PID 1388 wrote to memory of 1476	1388	88749c357803bf7c813ba7585c957824a3312cde231069b063b65acc615a6435.exe	26
PID 1388 wrote to memory of 1476	1388	88749c357803bf7c813ba7585c957824a3312cde231069b063b65acc615a6435.exe	26
PID 1388 wrote to memory of 1476	1388	88749c357803bf7c813ba7585c957824a3312cde231069b063b65acc615a6435.exe	26
PID 1388 wrote to memory of 1144	1388	88749c357803bf7c813ba7585c957824a3312cde231069b063b65acc615a6435.exe	28
PID 1388 wrote to memory of 1144	1388	88749c357803bf7c813ba7585c957824a3312cde231069b063b65acc615a6435.exe	28
PID 1388 wrote to memory of 1144	1388	88749c357803bf7c813ba7585c957824a3312cde231069b063b65acc615a6435.exe	28
PID 1388 wrote to memory of 1144	1388	88749c357803bf7c813ba7585c957824a3312cde231069b063b65acc615a6435.exe	28
PID 1388 wrote to memory of 1144	1388	88749c357803bf7c813ba7585c957824a3312cde231069b063b65acc615a6435.exe	28
PID 1388 wrote to memory of 1144	1388	88749c357803bf7c813ba7585c957824a3312cde231069b063b65acc615a6435.exe	28
PID 1388 wrote to memory of 1144	1388	88749c357803bf7c813ba7585c957824a3312cde231069b063b65acc615a6435.exe	28

C:\Users\Admin\AppData\Local\Temp\88749c357803bf7c813ba7585c957824a3312cde231069b063b65acc615a6435.exe
"C:\Users\Admin\AppData\Local\Temp\88749c357803bf7c813ba7585c957824a3312cde231069b063b65acc615a6435.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1388
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /f /im Ksafetray.exe
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1476
- C:\Users\Admin\AppData\Roaming\Spiritsoft\urlspirit\jlguaji.exe
  C:\Users\Admin\AppData\Roaming\Spiritsoft\urlspirit\jlguaji.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Checks processor information in registry
  - Modifies Internet Explorer settings
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:1144

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Spiritsoft\urlspirit\jlguaji.exe

Filesize
261KB

MD5
70c9d96f6429f073667cc226cc6a65ee

SHA1
b785564fdf80aabaac60a34c639b06de99a2f736

SHA256
762f4ccb3d9c5e36b253c4f0a903e0f508f1bbaafa75e82a9be3951c95e7eb86

SHA512
15f506f89600cc63c66efa5ed67b57d948ebd303735b0e3b1e86930c5ec0118fd84058c2c8415f783be8474b1dd5243892ea117476366f0674a4f6a4cec61d3a

Download Submit
C:\Users\Admin\AppData\Roaming\Spiritsoft\urlspirit\jlguaji.exe

Filesize
261KB

MD5
70c9d96f6429f073667cc226cc6a65ee

SHA1
b785564fdf80aabaac60a34c639b06de99a2f736

SHA256
762f4ccb3d9c5e36b253c4f0a903e0f508f1bbaafa75e82a9be3951c95e7eb86

SHA512
15f506f89600cc63c66efa5ed67b57d948ebd303735b0e3b1e86930c5ec0118fd84058c2c8415f783be8474b1dd5243892ea117476366f0674a4f6a4cec61d3a

Download Submit
\Users\Admin\AppData\Roaming\Spiritsoft\urlspirit\jlguaji.exe

Filesize
261KB

MD5
70c9d96f6429f073667cc226cc6a65ee

SHA1
b785564fdf80aabaac60a34c639b06de99a2f736

SHA256
762f4ccb3d9c5e36b253c4f0a903e0f508f1bbaafa75e82a9be3951c95e7eb86

SHA512
15f506f89600cc63c66efa5ed67b57d948ebd303735b0e3b1e86930c5ec0118fd84058c2c8415f783be8474b1dd5243892ea117476366f0674a4f6a4cec61d3a

Download Submit
\Users\Admin\AppData\Roaming\Spiritsoft\urlspirit\jlguaji.exe

Filesize
261KB

MD5
70c9d96f6429f073667cc226cc6a65ee

SHA1
b785564fdf80aabaac60a34c639b06de99a2f736

SHA256
762f4ccb3d9c5e36b253c4f0a903e0f508f1bbaafa75e82a9be3951c95e7eb86

SHA512
15f506f89600cc63c66efa5ed67b57d948ebd303735b0e3b1e86930c5ec0118fd84058c2c8415f783be8474b1dd5243892ea117476366f0674a4f6a4cec61d3a

Download Submit
\Users\Admin\AppData\Roaming\Spiritsoft\urlspirit\jlguaji.exe

Filesize
261KB

MD5
70c9d96f6429f073667cc226cc6a65ee

SHA1
b785564fdf80aabaac60a34c639b06de99a2f736

SHA256
762f4ccb3d9c5e36b253c4f0a903e0f508f1bbaafa75e82a9be3951c95e7eb86

SHA512
15f506f89600cc63c66efa5ed67b57d948ebd303735b0e3b1e86930c5ec0118fd84058c2c8415f783be8474b1dd5243892ea117476366f0674a4f6a4cec61d3a

Download Submit
\Users\Admin\AppData\Roaming\Spiritsoft\urlspirit\jlguaji.exe

Filesize
261KB

MD5
70c9d96f6429f073667cc226cc6a65ee

SHA1
b785564fdf80aabaac60a34c639b06de99a2f736

SHA256
762f4ccb3d9c5e36b253c4f0a903e0f508f1bbaafa75e82a9be3951c95e7eb86

SHA512
15f506f89600cc63c66efa5ed67b57d948ebd303735b0e3b1e86930c5ec0118fd84058c2c8415f783be8474b1dd5243892ea117476366f0674a4f6a4cec61d3a

Download Submit
\Users\Admin\AppData\Roaming\Spiritsoft\urlspirit\jlguaji.exe

Filesize
261KB

MD5
70c9d96f6429f073667cc226cc6a65ee

SHA1
b785564fdf80aabaac60a34c639b06de99a2f736

SHA256
762f4ccb3d9c5e36b253c4f0a903e0f508f1bbaafa75e82a9be3951c95e7eb86

SHA512
15f506f89600cc63c66efa5ed67b57d948ebd303735b0e3b1e86930c5ec0118fd84058c2c8415f783be8474b1dd5243892ea117476366f0674a4f6a4cec61d3a

Download Submit
memory/1144-69-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1144-70-0x0000000000950000-0x0000000000A02000-memory.dmp

Filesize
712KB

Download
memory/1144-72-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1144-73-0x0000000000950000-0x0000000000A02000-memory.dmp

Filesize
712KB

Download
memory/1388-62-0x0000000000470000-0x0000000000522000-memory.dmp

Filesize
712KB

Download
memory/1388-61-0x0000000000280000-0x00000000002F0000-memory.dmp

Filesize
448KB

Download
memory/1388-59-0x0000000000400000-0x0000000000470000-memory.dmp

Filesize
448KB

Download
memory/1388-54-0x00000000768A1000-0x00000000768A3000-memory.dmp

Filesize
8KB

Download
memory/1388-71-0x0000000000400000-0x0000000000470000-memory.dmp

Filesize
448KB

Download
memory/1388-75-0x0000000000400000-0x0000000000470000-memory.dmp

Filesize
448KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads