neshta | 542918b6def9c9ecd21dfc946545f44ee928f02be33efc0fec2d028d4341d41e

General

Target

BlitzedGrabberV12.exe
Size

1.7MB
MD5

d9b83c99818f7f4c02a42008eeecd9d8
SHA1

d574c658c7f22a0684610d65866beb563a42151a
SHA256

542918b6def9c9ecd21dfc946545f44ee928f02be33efc0fec2d028d4341d41e
SHA512

2e641b7e5978f53a2609dfdb129801098966de8f868511fa77e29cd87816590ef75652beb992b8063958ce27a890f0dedd96340e1b7e8443edebe071f6c1b8a2
SSDEEP

24576:+xAskWeOT4n5lLHxnpL2Q/NLmKgDJ68p4C8BsePDigEoXh7O83igweBAWgtd:2AznU4n9t2ELj18p4BDifoM83ig9Apv

Score

10^/10

neshta agilenet persistence spyware stealer

Malware Config

Signatures

Detect Neshta payload 1 IoCs

Processes:

resource	yara_rule
C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroRd32.exe	family_neshta

Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
persistence spyware neshta

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

BlitzedGrabberV12.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Control Panel\International\Geo\Nation	BlitzedGrabberV12.exe

Executes dropped EXE 1 IoCs

Processes:

BlitzedGrabberV12.exe

pid process

3336 BlitzedGrabberV12.exe
Loads dropped DLL 1 IoCs

Processes:

BlitzedGrabberV12.exe

pid process

3336 BlitzedGrabberV12.exe

pid	process
3336	BlitzedGrabberV12.exe

pid	process
3336	BlitzedGrabberV12.exe

Modifies system executable filetype association 2 TTPs 1 IoCs

persistence

Modify Registry

T1112

Change Default File Association

T1042

Processes:

BlitzedGrabberV12.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*"	BlitzedGrabberV12.exe

Obfuscated with Agile.Net obfuscator 32 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

Processes:

resource	yara_rule
behavioral1/memory/3336-159-0x0000000005A80000-0x0000000005C6E000-memory.dmp	agile_net
behavioral1/memory/3336-160-0x0000000005A80000-0x0000000005C6E000-memory.dmp	agile_net
behavioral1/memory/3336-162-0x0000000005A80000-0x0000000005C6E000-memory.dmp	agile_net
behavioral1/memory/3336-164-0x0000000005A80000-0x0000000005C6E000-memory.dmp	agile_net
behavioral1/memory/3336-166-0x0000000005A80000-0x0000000005C6E000-memory.dmp	agile_net
behavioral1/memory/3336-168-0x0000000005A80000-0x0000000005C6E000-memory.dmp	agile_net
behavioral1/memory/3336-171-0x0000000005A80000-0x0000000005C6E000-memory.dmp	agile_net
behavioral1/memory/3336-173-0x0000000005A80000-0x0000000005C6E000-memory.dmp	agile_net
behavioral1/memory/3336-175-0x0000000005A80000-0x0000000005C6E000-memory.dmp	agile_net
behavioral1/memory/3336-177-0x0000000005A80000-0x0000000005C6E000-memory.dmp	agile_net
behavioral1/memory/3336-179-0x0000000005A80000-0x0000000005C6E000-memory.dmp	agile_net
behavioral1/memory/3336-187-0x0000000005A80000-0x0000000005C6E000-memory.dmp	agile_net
behavioral1/memory/3336-197-0x0000000005A80000-0x0000000005C6E000-memory.dmp	agile_net
behavioral1/memory/3336-220-0x0000000005A80000-0x0000000005C6E000-memory.dmp	agile_net
behavioral1/memory/3336-222-0x0000000005A80000-0x0000000005C6E000-memory.dmp	agile_net
behavioral1/memory/3336-228-0x0000000005A80000-0x0000000005C6E000-memory.dmp	agile_net
behavioral1/memory/3336-231-0x0000000005A80000-0x0000000005C6E000-memory.dmp	agile_net
behavioral1/memory/3336-236-0x0000000005A80000-0x0000000005C6E000-memory.dmp	agile_net
behavioral1/memory/3336-240-0x0000000005A80000-0x0000000005C6E000-memory.dmp	agile_net
behavioral1/memory/3336-249-0x0000000005A80000-0x0000000005C6E000-memory.dmp	agile_net
behavioral1/memory/3336-253-0x0000000005A80000-0x0000000005C6E000-memory.dmp	agile_net
behavioral1/memory/3336-255-0x0000000005A80000-0x0000000005C6E000-memory.dmp	agile_net
behavioral1/memory/3336-257-0x0000000005A80000-0x0000000005C6E000-memory.dmp	agile_net
behavioral1/memory/3336-259-0x0000000005A80000-0x0000000005C6E000-memory.dmp	agile_net
behavioral1/memory/3336-263-0x0000000005A80000-0x0000000005C6E000-memory.dmp	agile_net
behavioral1/memory/3336-265-0x0000000005A80000-0x0000000005C6E000-memory.dmp	agile_net
behavioral1/memory/3336-267-0x0000000005A80000-0x0000000005C6E000-memory.dmp	agile_net
behavioral1/memory/3336-269-0x0000000005A80000-0x0000000005C6E000-memory.dmp	agile_net
behavioral1/memory/3336-274-0x0000000005A80000-0x0000000005C6E000-memory.dmp	agile_net
behavioral1/memory/3336-277-0x0000000005A80000-0x0000000005C6E000-memory.dmp	agile_net
behavioral1/memory/3336-281-0x0000000005A80000-0x0000000005C6E000-memory.dmp	agile_net
behavioral1/memory/3336-283-0x0000000005A80000-0x0000000005C6E000-memory.dmp	agile_net

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Drops file in Program Files directory 64 IoCs

Processes:

BlitzedGrabberV12.exe

description	ioc	process
File opened for modification	C:\PROGRA~3\Adobe\Setup\{AC76B~1\setup.exe	BlitzedGrabberV12.exe
File opened for modification	C:\PROGRA~2\Adobe\ACROBA~1\Reader\ACROBR~1.EXE	BlitzedGrabberV12.exe
File opened for modification	C:\PROGRA~2\Adobe\ACROBA~1\Reader\READER~1.EXE	BlitzedGrabberV12.exe
File opened for modification	C:\PROGRA~2\Google\Update\1336~1.151\GO664E~1.EXE	BlitzedGrabberV12.exe
File opened for modification	C:\PROGRA~2\INTERN~1\ExtExport.exe	BlitzedGrabberV12.exe
File opened for modification	C:\PROGRA~2\WI8A19~1\ImagingDevices.exe	BlitzedGrabberV12.exe
File opened for modification	C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\PWAHEL~1.EXE	BlitzedGrabberV12.exe
File opened for modification	C:\PROGRA~2\WINDOW~4\wmplayer.exe	BlitzedGrabberV12.exe
File opened for modification	C:\PROGRA~3\MICROS~1\CLICKT~1\{9AC08~1\INTEGR~1.EXE	BlitzedGrabberV12.exe
File opened for modification	C:\PROGRA~2\COMMON~1\Adobe\ARM\1.0\ADOBEA~1.EXE	BlitzedGrabberV12.exe
File opened for modification	C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~3.EXE	BlitzedGrabberV12.exe
File opened for modification	C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~1.EXE	BlitzedGrabberV12.exe
File opened for modification	C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\IDENTI~1.EXE	BlitzedGrabberV12.exe
File opened for modification	C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\NOTIFI~1.EXE	BlitzedGrabberV12.exe
File opened for modification	C:\PROGRA~3\PACKAG~1\{57A73~1\VC_RED~1.EXE	BlitzedGrabberV12.exe
File opened for modification	C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\MSEDGE~1.EXE	BlitzedGrabberV12.exe
File opened for modification	C:\PROGRA~2\MICROS~1\EDGEUP~1\13173~1.45\MIA062~1.EXE	BlitzedGrabberV12.exe
File opened for modification	C:\PROGRA~2\MOZILL~1\UNINST~1.EXE	BlitzedGrabberV12.exe
File opened for modification	C:\PROGRA~2\Google\Update\1336~1.151\GOOGLE~2.EXE	BlitzedGrabberV12.exe
File opened for modification	C:\PROGRA~2\MICROS~1\EDGEUP~1\13173~1.45\MI9C33~1.EXE	BlitzedGrabberV12.exe
File opened for modification	C:\PROGRA~2\WINDOW~3\ACCESS~1\wordpad.exe	BlitzedGrabberV12.exe
File opened for modification	C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\msedge.exe	BlitzedGrabberV12.exe
File opened for modification	C:\PROGRA~2\MICROS~1\EDGEUP~1\13173~1.45\MICROS~2.EXE	BlitzedGrabberV12.exe
File opened for modification	C:\PROGRA~2\Adobe\ACROBA~1\Reader\Browser\WCCHRO~1\WCCHRO~1.EXE	BlitzedGrabberV12.exe
File opened for modification	C:\PROGRA~2\MOZILL~1\MAINTE~1.EXE	BlitzedGrabberV12.exe
File opened for modification	C:\PROGRA~3\PACKAG~1\{4D8DC~1\VC_RED~1.EXE	BlitzedGrabberV12.exe
File opened for modification	C:\PROGRA~2\MICROS~1\EDGEUP~1\13173~1.45\MI391D~1.EXE	BlitzedGrabberV12.exe
File opened for modification	C:\PROGRA~2\WINDOW~4\wmprph.exe	BlitzedGrabberV12.exe
File opened for modification	C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroCEF\RdrCEF.exe	BlitzedGrabberV12.exe
File opened for modification	C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroRd32.exe	BlitzedGrabberV12.exe
File opened for modification	C:\PROGRA~2\Adobe\ACROBA~1\Reader\plug_ins\PI_BRO~1\32BITM~1.EXE	BlitzedGrabberV12.exe
File opened for modification	C:\PROGRA~2\COMMON~1\Java\JAVAUP~1\jucheck.exe	BlitzedGrabberV12.exe
File opened for modification	C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\ELEVAT~1.EXE	BlitzedGrabberV12.exe
File opened for modification	C:\PROGRA~2\Adobe\ACROBA~1\Reader\plug_ins\PI_BRO~1\64BITM~1.EXE	BlitzedGrabberV12.exe
File opened for modification	C:\PROGRA~2\Google\Update\1336~1.151\GOBD5D~1.EXE	BlitzedGrabberV12.exe
File opened for modification	C:\PROGRA~2\MICROS~1\EDGEUP~1\Download\{F3C4F~1\13173~1.45\MICROS~1.EXE	BlitzedGrabberV12.exe
File opened for modification	C:\PROGRA~2\WINDOW~4\wmlaunch.exe	BlitzedGrabberV12.exe
File opened for modification	C:\PROGRA~3\PACKAG~1\{CA675~1\VCREDI~1.EXE	BlitzedGrabberV12.exe
File opened for modification	C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\COOKIE~1.EXE	BlitzedGrabberV12.exe
File opened for modification	C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\msedge.exe	BlitzedGrabberV12.exe
File opened for modification	C:\PROGRA~2\Adobe\ACROBA~1\Reader\Eula.exe	BlitzedGrabberV12.exe
File opened for modification	C:\PROGRA~2\Adobe\ACROBA~1\Reader\FULLTR~1.EXE	BlitzedGrabberV12.exe
File opened for modification	C:\PROGRA~2\COMMON~1\Java\JAVAUP~1\jusched.exe	BlitzedGrabberV12.exe
File opened for modification	C:\PROGRA~2\INTERN~1\iexplore.exe	BlitzedGrabberV12.exe
File opened for modification	C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\BHO\IE_TO_~1.EXE	BlitzedGrabberV12.exe
File opened for modification	C:\PROGRA~2\Adobe\ACROBA~1\Reader\WOW_HE~1.EXE	BlitzedGrabberV12.exe
File opened for modification	C:\PROGRA~2\Google\Update\1336~1.151\GOF5E2~1.EXE	BlitzedGrabberV12.exe
File opened for modification	C:\PROGRA~2\Google\Update\DISABL~1.EXE	BlitzedGrabberV12.exe
File opened for modification	C:\PROGRA~2\WINDOW~4\wmpconfig.exe	BlitzedGrabberV12.exe
File opened for modification	C:\PROGRA~2\WINDOW~2\wabmig.exe	BlitzedGrabberV12.exe
File opened for modification	C:\PROGRA~2\Adobe\ACROBA~1\Reader\arh.exe	BlitzedGrabberV12.exe
File opened for modification	C:\PROGRA~2\INTERN~1\ieinstal.exe	BlitzedGrabberV12.exe
File opened for modification	C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\MSEDGE~1.EXE	BlitzedGrabberV12.exe
File opened for modification	C:\PROGRA~2\MICROS~1\EDGEUP~1\13173~1.45\MICROS~1.EXE	BlitzedGrabberV12.exe
File opened for modification	C:\PROGRA~2\MICROS~1\EDGEUP~1\MicrosoftEdgeUpdate.exe	BlitzedGrabberV12.exe
File opened for modification	C:\PROGRA~2\Adobe\ACROBA~1\Reader\ACROTE~1.EXE	BlitzedGrabberV12.exe
File opened for modification	C:\PROGRA~2\Adobe\ACROBA~1\Reader\ADelRCP.exe	BlitzedGrabberV12.exe
File opened for modification	C:\PROGRA~2\COMMON~1\MICROS~1\VSTO\10.0\VSTOIN~1.EXE	BlitzedGrabberV12.exe
File opened for modification	C:\PROGRA~2\INTERN~1\ielowutil.exe	BlitzedGrabberV12.exe
File opened for modification	C:\PROGRA~2\WINDOW~2\wab.exe	BlitzedGrabberV12.exe
File opened for modification	C:\PROGRA~2\WINDOW~4\wmpshare.exe	BlitzedGrabberV12.exe
File opened for modification	C:\PROGRA~2\Adobe\ACROBA~1\Reader\LOGTRA~1.EXE	BlitzedGrabberV12.exe
File opened for modification	C:\PROGRA~2\COMMON~1\Java\JAVAUP~1\jaureg.exe	BlitzedGrabberV12.exe
File opened for modification	C:\PROGRA~2\COMMON~1\MICROS~1\MSInfo\msinfo32.exe	BlitzedGrabberV12.exe

Drops file in Windows directory 1 IoCs

Processes:

BlitzedGrabberV12.exe

description ioc process

File opened for modification C:\Windows\svchost.com BlitzedGrabberV12.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

description	ioc	process
File opened for modification	C:\Windows\svchost.com	BlitzedGrabberV12.exe

Modifies registry class 1 IoCs

Processes:

BlitzedGrabberV12.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*"	BlitzedGrabberV12.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

BlitzedGrabberV12.exe

description	pid	process	target process
PID 400 wrote to memory of 3336	400	BlitzedGrabberV12.exe	BlitzedGrabberV12.exe
PID 400 wrote to memory of 3336	400	BlitzedGrabberV12.exe	BlitzedGrabberV12.exe
PID 400 wrote to memory of 3336	400	BlitzedGrabberV12.exe	BlitzedGrabberV12.exe

C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12.exe
"C:\Users\Admin\AppData\Local\Temp\BlitzedGrabberV12.exe"
1⤵
- Checks computer location settings
- Modifies system executable filetype association
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:400

C:\Users\Admin\AppData\Local\Temp\3582-490\BlitzedGrabberV12.exe
"C:\Users\Admin\AppData\Local\Temp\3582-490\BlitzedGrabberV12.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3336

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

1

T1042

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Credentials in Files

1

T1081

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Data from Local System

1

T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroRd32.exe
Filesize
2.4MB

MD5
8ffc3bdf4a1903d9e28b99d1643fc9c7

SHA1
919ba8594db0ae245a8abd80f9f3698826fc6fe5

SHA256
8268d3fefe8ca96a25a73690d14bacf644170ab5e9e70d2f8eeb350a4c83f9f6

SHA512
0b94ead97374d74eaee87e7614ddd3911d2cf66d4c49abbfd06b02c03e5dd56fd00993b4947e8a4bcd9d891fa39cab18cc6b61efc7d0812e91eb3aea9cd1a427

Download Submit
C:\Users\Admin\AppData\Local\Temp\3582-490\BlitzedGrabberV12.exe
Filesize
1.6MB

MD5
228a69dc15032fd0fb7100ff8561185e

SHA1
f8dbc89fed8078da7f306cb78b92ce04a0bdeb00

SHA256
920bec9d500f6446b84399ab4c84858d0f0d7d1abb2e0377399ebbc4bafad709

SHA512
373621c4743fa72571b3c8375aa6f7852303a821558b016b002d2af07154787d978f66696db89eeed8fe41f4aed5d66b690d4f87469939f9b1dea2ac2b9101f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\3582-490\BlitzedGrabberV12.exe
Filesize
1.6MB

MD5
228a69dc15032fd0fb7100ff8561185e

SHA1
f8dbc89fed8078da7f306cb78b92ce04a0bdeb00

SHA256
920bec9d500f6446b84399ab4c84858d0f0d7d1abb2e0377399ebbc4bafad709

SHA512
373621c4743fa72571b3c8375aa6f7852303a821558b016b002d2af07154787d978f66696db89eeed8fe41f4aed5d66b690d4f87469939f9b1dea2ac2b9101f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\3582-490\BlitzedGrabberV12.exe
Filesize
1.6MB

MD5
228a69dc15032fd0fb7100ff8561185e

SHA1
f8dbc89fed8078da7f306cb78b92ce04a0bdeb00

SHA256
920bec9d500f6446b84399ab4c84858d0f0d7d1abb2e0377399ebbc4bafad709

SHA512
373621c4743fa72571b3c8375aa6f7852303a821558b016b002d2af07154787d978f66696db89eeed8fe41f4aed5d66b690d4f87469939f9b1dea2ac2b9101f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\dcfb00f9-5ae7-4197-ba59-e48107e40d35\GunaDotNetRT.dll
Filesize
136KB

MD5
9af5eb006bb0bab7f226272d82c896c7

SHA1
c2a5bb42a5f08f4dc821be374b700652262308f0

SHA256
77dc05a6bda90757f66552ee3f469b09f1e00732b4edca0f542872fb591ed9db

SHA512
7badd41be4c1039302fda9bba19d374ec9446ce24b7db33b66bee4ef38180d1abcd666d2aea468e7e452aa1e1565eedfefed582bf1c2fe477a4171d99d48772a

Download Submit
C:\Users\Admin\AppData\Local\Temp\dcfb00f9-5ae7-4197-ba59-e48107e40d35\GunaDotNetRT.dll
Filesize
136KB

MD5
9af5eb006bb0bab7f226272d82c896c7

SHA1
c2a5bb42a5f08f4dc821be374b700652262308f0

SHA256
77dc05a6bda90757f66552ee3f469b09f1e00732b4edca0f542872fb591ed9db

SHA512
7badd41be4c1039302fda9bba19d374ec9446ce24b7db33b66bee4ef38180d1abcd666d2aea468e7e452aa1e1565eedfefed582bf1c2fe477a4171d99d48772a

Download Submit
memory/3336-179-0x0000000005A80000-0x0000000005C6E000-memory.dmp

Filesize
1.9MB

Download
memory/3336-222-0x0000000005A80000-0x0000000005C6E000-memory.dmp

Filesize
1.9MB

Download
memory/3336-149-0x00000000057C0000-0x00000000057CA000-memory.dmp

Filesize
40KB

Download
memory/3336-148-0x00000000056C0000-0x0000000005752000-memory.dmp

Filesize
584KB

Download
memory/3336-158-0x00000000727B0000-0x0000000072839000-memory.dmp

Filesize
548KB

Download
memory/3336-159-0x0000000005A80000-0x0000000005C6E000-memory.dmp

Filesize
1.9MB

Download
memory/3336-160-0x0000000005A80000-0x0000000005C6E000-memory.dmp

Filesize
1.9MB

Download
memory/3336-162-0x0000000005A80000-0x0000000005C6E000-memory.dmp

Filesize
1.9MB

Download
memory/3336-164-0x0000000005A80000-0x0000000005C6E000-memory.dmp

Filesize
1.9MB

Download
memory/3336-166-0x0000000005A80000-0x0000000005C6E000-memory.dmp

Filesize
1.9MB

Download
memory/3336-168-0x0000000005A80000-0x0000000005C6E000-memory.dmp

Filesize
1.9MB

Download
memory/3336-171-0x0000000005A80000-0x0000000005C6E000-memory.dmp

Filesize
1.9MB

Download
memory/3336-170-0x0000000070B00000-0x0000000070B37000-memory.dmp

Filesize
220KB

Download
memory/3336-173-0x0000000005A80000-0x0000000005C6E000-memory.dmp

Filesize
1.9MB

Download
memory/3336-175-0x0000000005A80000-0x0000000005C6E000-memory.dmp

Filesize
1.9MB

Download
memory/3336-177-0x0000000005A80000-0x0000000005C6E000-memory.dmp

Filesize
1.9MB

Download
memory/3336-147-0x0000000005E30000-0x00000000063D4000-memory.dmp

Filesize
5.6MB

Download
memory/3336-146-0x0000000000AE0000-0x0000000000C8C000-memory.dmp

Filesize
1.7MB

Download
memory/3336-187-0x0000000005A80000-0x0000000005C6E000-memory.dmp

Filesize
1.9MB

Download
memory/3336-197-0x0000000005A80000-0x0000000005C6E000-memory.dmp

Filesize
1.9MB

Download
memory/3336-220-0x0000000005A80000-0x0000000005C6E000-memory.dmp

Filesize
1.9MB

Download
memory/3336-150-0x0000000005870000-0x0000000005880000-memory.dmp

Filesize
64KB

Download
memory/3336-228-0x0000000005A80000-0x0000000005C6E000-memory.dmp

Filesize
1.9MB

Download
memory/3336-231-0x0000000005A80000-0x0000000005C6E000-memory.dmp

Filesize
1.9MB

Download
memory/3336-236-0x0000000005A80000-0x0000000005C6E000-memory.dmp

Filesize
1.9MB

Download
memory/3336-240-0x0000000005A80000-0x0000000005C6E000-memory.dmp

Filesize
1.9MB

Download
memory/3336-249-0x0000000005A80000-0x0000000005C6E000-memory.dmp

Filesize
1.9MB

Download
memory/3336-253-0x0000000005A80000-0x0000000005C6E000-memory.dmp

Filesize
1.9MB

Download
memory/3336-255-0x0000000005A80000-0x0000000005C6E000-memory.dmp

Filesize
1.9MB

Download
memory/3336-257-0x0000000005A80000-0x0000000005C6E000-memory.dmp

Filesize
1.9MB

Download
memory/3336-259-0x0000000005A80000-0x0000000005C6E000-memory.dmp

Filesize
1.9MB

Download
memory/3336-263-0x0000000005A80000-0x0000000005C6E000-memory.dmp

Filesize
1.9MB

Download
memory/3336-265-0x0000000005A80000-0x0000000005C6E000-memory.dmp

Filesize
1.9MB

Download
memory/3336-267-0x0000000005A80000-0x0000000005C6E000-memory.dmp

Filesize
1.9MB

Download
memory/3336-269-0x0000000005A80000-0x0000000005C6E000-memory.dmp

Filesize
1.9MB

Download
memory/3336-274-0x0000000005A80000-0x0000000005C6E000-memory.dmp

Filesize
1.9MB

Download
memory/3336-277-0x0000000005A80000-0x0000000005C6E000-memory.dmp

Filesize
1.9MB

Download
memory/3336-281-0x0000000005A80000-0x0000000005C6E000-memory.dmp

Filesize
1.9MB

Download
memory/3336-283-0x0000000005A80000-0x0000000005C6E000-memory.dmp

Filesize
1.9MB

Download
memory/3336-434-0x0000000005870000-0x0000000005880000-memory.dmp

Filesize
64KB

Download
memory/3336-463-0x0000000070B00000-0x0000000070B37000-memory.dmp

Filesize
220KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads