7213f30970c9764e1e0f85f15125f9241cf2619fb4724d322b5fe6f8ee3d9da0

Analysis

max time kernel
149s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230703-es
resource tags

arch:x64arch:x86image:win10v2004-20230703-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
04/07/2023, 17:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

setup.exe
Size

2.4MB
MD5

d1be561690e1d91e515faf9581cf81a6
SHA1

9fed9a02c3845ca78bd72319bbfcf5140e64a36a
SHA256

7213f30970c9764e1e0f85f15125f9241cf2619fb4724d322b5fe6f8ee3d9da0
SHA512

919e7bd14b65bf4fc778ce3409a92fdb5a59516cdb43d5dd3626ff2d18be9389951a289afe7453aeb6f8b9e314007c007a6f3bb7137f4fd167ce5688cebf28f5
SSDEEP

49152:Ytavs+rX1wXzrf7XC4yY86lG8mFMRkoma4ftd0B8K4QH9SsmHFDTWU:Yn+j1wHzyb38mORkdtdCzdSsmHRTn

Score

9^/10

discovery evasion persistence

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 2 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	fraps.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	fraps.exe

Checks BIOS information in registry 2 TTPs 4 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	fraps.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	fraps.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	fraps.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	fraps.exe

Identifies Wine through registry keys 2 TTPs 2 IoCs

Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Wine	fraps.exe
Key opened	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Wine	fraps.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Windows\CurrentVersion\Run	fraps.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run	fraps.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\frapsvid.dll	setup.exe
File created	C:\Windows\system32\frapsv64.dll	setup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Executes dropped EXE 4 IoCs

pid	Process
312	fraps.exe
2036	fraps.exe
5108	fraps64.dat
2872	Process not Found

Loads dropped DLL 8 IoCs

pid	Process
4852	setup.exe
4852	setup.exe
4852	setup.exe
4852	setup.exe
2036	fraps.exe
2036	fraps.exe
5108	fraps64.dat
3180	Process not Found

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Media Type\Extensions\.avi	fraps.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Media Type\{E436EB83-524F-11CE-9F53-0020AF0BA770}\{3E264436-F54B-4E06-91E2-5B40A583BFB5}	fraps.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\Extensions\.avi	fraps.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Media Type\{E436EB83-524F-11CE-9F53-0020AF0BA770}\{3E264436-F54B-4E06-91E2-5B40A583BFB5}	fraps.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	2036	fraps.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2036	fraps.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2036	fraps.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2036	fraps.exe
2036	fraps.exe
2036	fraps.exe
2036	fraps.exe
2036	fraps.exe
5108	fraps64.dat
5108	fraps64.dat
5108	fraps64.dat
5108	fraps64.dat
2036	fraps.exe
2036	fraps.exe
2036	fraps.exe
2036	fraps.exe
2036	fraps.exe
2036	fraps.exe
2036	fraps.exe
2036	fraps.exe
2036	fraps.exe
2036	fraps.exe
2036	fraps.exe
2036	fraps.exe
2036	fraps.exe
2036	fraps.exe
2036	fraps.exe
2036	fraps.exe
2036	fraps.exe
2036	fraps.exe
2036	fraps.exe
2036	fraps.exe
2036	fraps.exe
2036	fraps.exe
2036	fraps.exe
2036	fraps.exe
2036	fraps.exe
2036	fraps.exe
2036	fraps.exe
2036	fraps.exe
2036	fraps.exe
2036	fraps.exe
2036	fraps.exe
2036	fraps.exe
2036	fraps.exe
2036	fraps.exe
2036	fraps.exe
2036	fraps.exe
2036	fraps.exe
2036	fraps.exe
2036	fraps.exe
2036	fraps.exe
2036	fraps.exe
2036	fraps.exe
2036	fraps.exe
2036	fraps.exe
2036	fraps.exe
2036	fraps.exe
2036	fraps.exe
2036	fraps.exe
2036	fraps.exe
2036	fraps.exe
2036	fraps.exe
2036	fraps.exe
2036	fraps.exe
2036	fraps.exe
2036	fraps.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 4852 wrote to memory of 312	4852	setup.exe	80
PID 4852 wrote to memory of 312	4852	setup.exe	80
PID 4852 wrote to memory of 312	4852	setup.exe	80
PID 2036 wrote to memory of 5108	2036	fraps.exe	84
PID 2036 wrote to memory of 5108	2036	fraps.exe	84

C:\Users\Admin\AppData\Local\Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\setup.exe"
1⤵
- Drops file in System32 directory
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:4852
- C:\Fraps\fraps.exe
  "C:\Fraps\fraps.exe" /exit
  2⤵
  - Identifies VirtualBox via ACPI registry values (likely anti-VM)
  - Checks BIOS information in registry
  - Identifies Wine through registry keys
  - Executes dropped EXE
  PID:312

C:\Fraps\fraps.exe
"C:\Fraps\fraps.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Identifies Wine through registry keys
- Adds Run key to start application
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2036
- C:\Fraps\fraps64.dat
  "C:\Fraps\fraps64.dat"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:5108

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Fraps\FRAPS32.DLL

Filesize
263KB

MD5
6328007efe11f2ad0a50f122367ce743

SHA1
3f48580a32d0c5cd2551dcbcbce885c9337ce044

SHA256
e800f37cb2efa8ba13a25278cdd578dae4a2c86d23d4247349673160b0301e4f

SHA512
67d38b4dadecf020d1dc1e567327b5c0ebb72391448956e3e5a99943b6552851a94236d407da47c70abeed841898d2681382d78c522a40f28f22bbb654f7a8ec

Download Submit
C:\Fraps\FRAPSLCD.DLL

Filesize
170KB

MD5
895c32a4eefd648d62e92201e4954cd2

SHA1
5d7753f95ab95176da45473eaa0d7de29ca02973

SHA256
1376f53554c5977a627a7e749dd147cd10e7735ef4b860fd69b7ae31a7b15e74

SHA512
76823f00376aff72b7ddf7fad259a43cdc5feec5486e3d79f6d63758f7325059d8e83dc10beb9447254501fe606b9f17fa6ed4d54f98a59dd4571453ff58fb35

Download Submit
C:\Fraps\fraps.exe

Filesize
2.5MB

MD5
0ff5b5161a78bf5721811779376db71d

SHA1
35308429117b514237d34bd8015bfe4efa8e7d55

SHA256
da7f61f2b04266a2ae897a0b001e721f1920cb579d5e08a8e5930a79c5d2fb80

SHA512
d701440fa49f287a9631c8fb98cef5ea89b4f135901519d3ff3c45d0a7b8c464901514078bcf5ea8d2ffd23dbc7e30816ec0beaf06a531af045fdd1f5aec0204

Download Submit
C:\Fraps\fraps.exe

Filesize
2.5MB

MD5
0ff5b5161a78bf5721811779376db71d

SHA1
35308429117b514237d34bd8015bfe4efa8e7d55

SHA256
da7f61f2b04266a2ae897a0b001e721f1920cb579d5e08a8e5930a79c5d2fb80

SHA512
d701440fa49f287a9631c8fb98cef5ea89b4f135901519d3ff3c45d0a7b8c464901514078bcf5ea8d2ffd23dbc7e30816ec0beaf06a531af045fdd1f5aec0204

Download Submit
C:\Fraps\fraps.exe

Filesize
2.5MB

MD5
0ff5b5161a78bf5721811779376db71d

SHA1
35308429117b514237d34bd8015bfe4efa8e7d55

SHA256
da7f61f2b04266a2ae897a0b001e721f1920cb579d5e08a8e5930a79c5d2fb80

SHA512
d701440fa49f287a9631c8fb98cef5ea89b4f135901519d3ff3c45d0a7b8c464901514078bcf5ea8d2ffd23dbc7e30816ec0beaf06a531af045fdd1f5aec0204

Download Submit
C:\Fraps\fraps.exe

Filesize
2.5MB

MD5
0ff5b5161a78bf5721811779376db71d

SHA1
35308429117b514237d34bd8015bfe4efa8e7d55

SHA256
da7f61f2b04266a2ae897a0b001e721f1920cb579d5e08a8e5930a79c5d2fb80

SHA512
d701440fa49f287a9631c8fb98cef5ea89b4f135901519d3ff3c45d0a7b8c464901514078bcf5ea8d2ffd23dbc7e30816ec0beaf06a531af045fdd1f5aec0204

Download Submit
C:\Fraps\fraps32.dll

Filesize
263KB

MD5
6328007efe11f2ad0a50f122367ce743

SHA1
3f48580a32d0c5cd2551dcbcbce885c9337ce044

SHA256
e800f37cb2efa8ba13a25278cdd578dae4a2c86d23d4247349673160b0301e4f

SHA512
67d38b4dadecf020d1dc1e567327b5c0ebb72391448956e3e5a99943b6552851a94236d407da47c70abeed841898d2681382d78c522a40f28f22bbb654f7a8ec

Download Submit
C:\Fraps\fraps64.dat

Filesize
112KB

MD5
79856998086dec03fa34a614708ae1e2

SHA1
f858dd68780063527953aeccdcbfc955b3ea2cb9

SHA256
a62a9241f3bf39176956d6fa45cec7a9aae12908c7156e4b533b81d35e902a9e

SHA512
ca63ea0f8f269b957efa65faf4c836133c93cbe38b76f5c0117bdb3e9a1719ef1b1943a9a3f2f7e51e31e08fdc0a02b24233baaa12aa6087112db9b4b7bb7f48

Download Submit
C:\Fraps\fraps64.dat

Filesize
112KB

MD5
79856998086dec03fa34a614708ae1e2

SHA1
f858dd68780063527953aeccdcbfc955b3ea2cb9

SHA256
a62a9241f3bf39176956d6fa45cec7a9aae12908c7156e4b533b81d35e902a9e

SHA512
ca63ea0f8f269b957efa65faf4c836133c93cbe38b76f5c0117bdb3e9a1719ef1b1943a9a3f2f7e51e31e08fdc0a02b24233baaa12aa6087112db9b4b7bb7f48

Download Submit
C:\Fraps\fraps64.dll

Filesize
224KB

MD5
5fd7bee98d14dacdf2f206dad278a621

SHA1
03181ad2c9ff23f679f4276ed6c34bdcc7a7282c

SHA256
6acebecb8934508832a44fdd92823e8026ea4878c81e6eb18ae03eaa7b5b5c6f

SHA512
12886a63450ed203dad5f4e485ae8cb0bad97e2d4ab76e136c37e4679f2fd83918786dd5c2c3b593766835447c9d4e320f8d82161281c097c5b852b741c13f56

Download Submit
C:\Fraps\fraps64.dll

Filesize
224KB

MD5
5fd7bee98d14dacdf2f206dad278a621

SHA1
03181ad2c9ff23f679f4276ed6c34bdcc7a7282c

SHA256
6acebecb8934508832a44fdd92823e8026ea4878c81e6eb18ae03eaa7b5b5c6f

SHA512
12886a63450ed203dad5f4e485ae8cb0bad97e2d4ab76e136c37e4679f2fd83918786dd5c2c3b593766835447c9d4e320f8d82161281c097c5b852b741c13f56

Download Submit
C:\Fraps\fraps64.dll

Filesize
224KB

MD5
5fd7bee98d14dacdf2f206dad278a621

SHA1
03181ad2c9ff23f679f4276ed6c34bdcc7a7282c

SHA256
6acebecb8934508832a44fdd92823e8026ea4878c81e6eb18ae03eaa7b5b5c6f

SHA512
12886a63450ed203dad5f4e485ae8cb0bad97e2d4ab76e136c37e4679f2fd83918786dd5c2c3b593766835447c9d4e320f8d82161281c097c5b852b741c13f56

Download Submit
C:\Fraps\fraps64.dll

Filesize
224KB

MD5
5fd7bee98d14dacdf2f206dad278a621

SHA1
03181ad2c9ff23f679f4276ed6c34bdcc7a7282c

SHA256
6acebecb8934508832a44fdd92823e8026ea4878c81e6eb18ae03eaa7b5b5c6f

SHA512
12886a63450ed203dad5f4e485ae8cb0bad97e2d4ab76e136c37e4679f2fd83918786dd5c2c3b593766835447c9d4e320f8d82161281c097c5b852b741c13f56

Download Submit
C:\Fraps\frapslcd.dll

Filesize
170KB

MD5
895c32a4eefd648d62e92201e4954cd2

SHA1
5d7753f95ab95176da45473eaa0d7de29ca02973

SHA256
1376f53554c5977a627a7e749dd147cd10e7735ef4b860fd69b7ae31a7b15e74

SHA512
76823f00376aff72b7ddf7fad259a43cdc5feec5486e3d79f6d63758f7325059d8e83dc10beb9447254501fe606b9f17fa6ed4d54f98a59dd4571453ff58fb35

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslBC3D.tmp\AdvSplash.dll

Filesize
6KB

MD5
13cc92f90a299f5b2b2f795d0d2e47dc

SHA1
aa69ead8520876d232c6ed96021a4825e79f542f

SHA256
eb1ca2b3a6e564c32677d0cdc388e26b74ef686e071d7dbca44d0bfa10488feb

SHA512
ff4e6e6e7104568fc85ef3a3f0494a5c7822a4ceaf65c584ad534f08f9a472a8d86f0a62f1f86343c61e2540b2254714b7ea43e4b312ff13d8271ff069386fa3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslBC3D.tmp\AdvSplash.dll

Filesize
6KB

MD5
13cc92f90a299f5b2b2f795d0d2e47dc

SHA1
aa69ead8520876d232c6ed96021a4825e79f542f

SHA256
eb1ca2b3a6e564c32677d0cdc388e26b74ef686e071d7dbca44d0bfa10488feb

SHA512
ff4e6e6e7104568fc85ef3a3f0494a5c7822a4ceaf65c584ad534f08f9a472a8d86f0a62f1f86343c61e2540b2254714b7ea43e4b312ff13d8271ff069386fa3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslBC3D.tmp\StartMenu.dll

Filesize
7KB

MD5
a4173b381625f9f12aadb4e1cdaefdb8

SHA1
cf1680c2bc970d5675adbf5e89292a97e6724713

SHA256
7755ff2707ca19344d489a5acec02d9e310425fa6e100d2f13025761676b875b

SHA512
fcac79d42862da6bdd3ecad9d887a975cdff2301a8322f321be58f754a26b27077b452faa4751bbd09cd3371b4afce65255fbbb443e2c93dd2cba0ba652f4a82

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslBC3D.tmp\StartMenu.dll

Filesize
7KB

MD5
a4173b381625f9f12aadb4e1cdaefdb8

SHA1
cf1680c2bc970d5675adbf5e89292a97e6724713

SHA256
7755ff2707ca19344d489a5acec02d9e310425fa6e100d2f13025761676b875b

SHA512
fcac79d42862da6bdd3ecad9d887a975cdff2301a8322f321be58f754a26b27077b452faa4751bbd09cd3371b4afce65255fbbb443e2c93dd2cba0ba652f4a82

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslBC3D.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslBC3D.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nslBC3D.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
memory/312-180-0x0000000004CF0000-0x0000000004CF1000-memory.dmp

Filesize
4KB

Download
memory/312-178-0x0000000000400000-0x0000000000C03000-memory.dmp

Filesize
8.0MB

Download
memory/312-179-0x0000000000400000-0x0000000000C03000-memory.dmp

Filesize
8.0MB

Download
memory/2036-200-0x0000000004CC0000-0x0000000004CC1000-memory.dmp

Filesize
4KB

Download
memory/2036-194-0x0000000004CD0000-0x0000000004CD1000-memory.dmp

Filesize
4KB

Download
memory/2036-201-0x0000000004E10000-0x0000000004E11000-memory.dmp

Filesize
4KB

Download
memory/2036-202-0x0000000004DC0000-0x0000000004DC1000-memory.dmp

Filesize
4KB

Download
memory/2036-203-0x0000000004DA0000-0x0000000004DA1000-memory.dmp

Filesize
4KB

Download
memory/2036-205-0x0000000004DD0000-0x0000000004DD1000-memory.dmp

Filesize
4KB

Download
memory/2036-206-0x0000000004D80000-0x0000000004D81000-memory.dmp

Filesize
4KB

Download
memory/2036-207-0x0000000004D90000-0x0000000004D91000-memory.dmp

Filesize
4KB

Download
memory/2036-210-0x0000000004D40000-0x0000000004D41000-memory.dmp

Filesize
4KB

Download
memory/2036-211-0x0000000004D30000-0x0000000004D31000-memory.dmp

Filesize
4KB

Download
memory/2036-213-0x0000000004DF0000-0x0000000004DF1000-memory.dmp

Filesize
4KB

Download
memory/2036-209-0x0000000004E00000-0x0000000004E01000-memory.dmp

Filesize
4KB

Download
memory/2036-208-0x0000000004D50000-0x0000000004D51000-memory.dmp

Filesize
4KB

Download
memory/2036-204-0x0000000004DB0000-0x0000000004DB1000-memory.dmp

Filesize
4KB

Download
memory/2036-214-0x0000000004D60000-0x0000000004D62000-memory.dmp

Filesize
8KB

Download
memory/2036-212-0x0000000004D70000-0x0000000004D71000-memory.dmp

Filesize
4KB

Download
memory/2036-215-0x0000000004DE0000-0x0000000004DE1000-memory.dmp

Filesize
4KB

Download
memory/2036-198-0x0000000004D20000-0x0000000004D21000-memory.dmp

Filesize
4KB

Download
memory/2036-197-0x0000000004CF0000-0x0000000004CF1000-memory.dmp

Filesize
4KB

Download
memory/2036-199-0x0000000004CB0000-0x0000000004CB1000-memory.dmp

Filesize
4KB

Download
memory/2036-196-0x0000000004CE0000-0x0000000004CE1000-memory.dmp

Filesize
4KB

Download
memory/2036-221-0x0000000004E30000-0x0000000004E31000-memory.dmp

Filesize
4KB

Download
memory/2036-195-0x0000000004D00000-0x0000000004D01000-memory.dmp

Filesize
4KB

Download
memory/2036-193-0x0000000000400000-0x0000000000C03000-memory.dmp

Filesize
8.0MB

Download
memory/2036-224-0x0000000000400000-0x0000000000C03000-memory.dmp

Filesize
8.0MB

Download
memory/2036-225-0x0000000000400000-0x0000000000C03000-memory.dmp

Filesize
8.0MB

Download
memory/2036-226-0x0000000000400000-0x0000000000C03000-memory.dmp

Filesize
8.0MB

Download
memory/2036-227-0x0000000000400000-0x0000000000C03000-memory.dmp

Filesize
8.0MB

Download
memory/2036-228-0x0000000004E20000-0x0000000004E21000-memory.dmp

Filesize
4KB

Download
memory/2036-229-0x0000000000400000-0x0000000000C03000-memory.dmp

Filesize
8.0MB

Download
memory/2036-230-0x0000000000400000-0x0000000000C03000-memory.dmp

Filesize
8.0MB

Download
memory/2036-231-0x0000000000400000-0x0000000000C03000-memory.dmp

Filesize
8.0MB

Download
memory/2036-232-0x0000000000400000-0x0000000000C03000-memory.dmp

Filesize
8.0MB

Download
memory/2036-233-0x0000000000400000-0x0000000000C03000-memory.dmp

Filesize
8.0MB

Download
memory/2036-234-0x0000000000400000-0x0000000000C03000-memory.dmp

Filesize
8.0MB

Download
memory/2036-235-0x0000000000400000-0x0000000000C03000-memory.dmp

Filesize
8.0MB

Download
memory/2036-236-0x0000000000400000-0x0000000000C03000-memory.dmp

Filesize
8.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads