9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8

Analysis

max time kernel
30s
max time network
35s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
29/08/2023, 18:09

Sharing

Copy URL Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe
Size

2.8MB
MD5

5019c23d46df2cfe1c904ea28b0b14b4
SHA1

3b86003d5d9abaf1deb5be445348f63f1cf47cb6
SHA256

9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8
SHA512

e3f397f2ec4e413cd1ed5c37dd82566c5578ea7cbc293b779dadd3f5b1ad0de8d53efb9033defec1fc81d80b0bb4070db4b1d3d7fd9e0a6daf20198134956af2
SSDEEP

49152:hkjrl341G+I5Gk0s9EuULF6ubJrWbrKWoVY88QZGZfqHMzLUdsNiivLB33pcGAzf:hkj+vI5GnsxUk0VgrKWom80pUdUi8B3G

Score

8^/10

evasion

Malware Config

Signatures

Disables Task Manager via registry modification
evasion

Drops startup file 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe

Executes dropped EXE 2 IoCs

pid	Process
560	7z.exe
2056	lock.exe

Loads dropped DLL 2 IoCs

pid	Process
560	7z.exe
2056	lock.exe

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Favorites\desktop.ini	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\desktop.ini	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe

AutoIT Executable 2 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral2/memory/2920-4-0x0000000000400000-0x000000000059A000-memory.dmp	autoit_exe
behavioral2/memory/2920-49-0x0000000000400000-0x000000000059A000-memory.dmp	autoit_exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 9 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Page_URL = "http://dh.xiongmaoxitong.net"	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe
Key created	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\Software\Microsoft\Internet Explorer\Main	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Page_URL = "http://dh.xiongmaoxitong.net"	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\First Home Page = "http://dh.xiongmaoxitong.net"	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\Main\First Home Page = "http://dh.xiongmaoxitong.net"	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Main	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\Default_Page_URL = "http://dh.xiongmaoxitong.net"	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\First Home Page = "http://dh.xiongmaoxitong.net"	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe

Modifies Internet Explorer start page 1 TTPs 3 IoCs

stealer

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\Start Page = "http://dh.xiongmaoxitong.net"	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page = "http://dh.xiongmaoxitong.net"	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page = "http://dh.xiongmaoxitong.net"	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe

Modifies data under HKEY_USERS 15 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "194"	LogonUI.exe

Runs ping.exe 1 TTPs 2 IoCs

Remote System Discovery

T1018

pid	Process
2932	PING.EXE
4808	PING.EXE

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	2920	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe
Token: SeDebugPrivilege	2056	lock.exe
Token: SeShutdownPrivilege	1152	shutdown.exe
Token: SeRemoteShutdownPrivilege	1152	shutdown.exe

Suspicious use of FindShellTrayWindow 7 IoCs

pid	Process
2920	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe
2920	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe
2920	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe
2920	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe
2056	lock.exe
2056	lock.exe
2056	lock.exe

Suspicious use of SendNotifyMessage 4 IoCs

pid	Process
2920	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe
2920	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe
2920	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe
2920	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2056	lock.exe
2056	lock.exe
2056	lock.exe
4572	LogonUI.exe

Suspicious use of WriteProcessMemory 19 IoCs

description	pid	Process	procid_target
PID 2920 wrote to memory of 560	2920	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe	82
PID 2920 wrote to memory of 560	2920	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe	82
PID 2920 wrote to memory of 560	2920	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe	82
PID 2920 wrote to memory of 2056	2920	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe	86
PID 2920 wrote to memory of 2056	2920	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe	86
PID 2920 wrote to memory of 2056	2920	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe	86
PID 2920 wrote to memory of 4560	2920	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe	87
PID 2920 wrote to memory of 4560	2920	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe	87
PID 4560 wrote to memory of 2932	4560	cmd.exe	89
PID 4560 wrote to memory of 2932	4560	cmd.exe	89
PID 2056 wrote to memory of 996	2056	lock.exe	92
PID 2056 wrote to memory of 996	2056	lock.exe	92
PID 2056 wrote to memory of 996	2056	lock.exe	92
PID 996 wrote to memory of 4808	996	cmd.exe	94
PID 996 wrote to memory of 4808	996	cmd.exe	94
PID 996 wrote to memory of 4808	996	cmd.exe	94
PID 996 wrote to memory of 1152	996	cmd.exe	95
PID 996 wrote to memory of 1152	996	cmd.exe	95
PID 996 wrote to memory of 1152	996	cmd.exe	95

C:\Users\Admin\AppData\Local\Temp\9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe
"C:\Users\Admin\AppData\Local\Temp\9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe"
1⤵
- Drops startup file
- Drops desktop.ini file(s)
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2920
- C:\Users\Admin\AppData\Local\Temp\7z.exe
  C:\Users\Admin\AppData\Local\Temp\7z.exe x "C:\Users\Admin\AppData\Local\Temp\9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe" -y -o"C:\Users\Admin\AppData\Local\Temp" -p"QQ3012262930"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:560
- C:\Users\Admin\AppData\Local\Temp\lock.exe
  C:\Users\Admin\AppData\Local\Temp\lock.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2056
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\0Pcv49TZ58.bat" "
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:996
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 1
      4⤵
      Runs ping.exe
      PID:4808
  - - C:\Windows\SysWOW64\shutdown.exe
      Shutdown -r -t 0
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:1152
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ping 127.0.0.1 -n 3&del /q "C:\Users\Admin\AppData\Local\Temp\9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4560
- - C:\Windows\system32\PING.EXE
    ping 127.0.0.1 -n 3
    3⤵
    - Runs ping.exe
    PID:2932

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa39ad055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:4572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\0Pcv49TZ58.bat

Filesize
319B

MD5
2cf1d986045f165fb359238bf0072bca

SHA1
b972c494a3b2cd3b1f995f06e19a58997e28addd

SHA256
2945d56b41fc6322f845ec10ccac88daf070b310fe397e7a36dd4fbab88e6af6

SHA512
b3988a969059c332c5a5cbb1b6bd5e0950d9879623562d70458c8887d921e6ca5a65cd0b663e127933a88fff7d4ed3fce220eeeb99e8bfb007ddb996d270fd83

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z.dll

Filesize
893KB

MD5
04ad4b80880b32c94be8d0886482c774

SHA1
344faf61c3eb76f4a2fb6452e83ed16c9cce73e0

SHA256
a1e1d1f0fff4fcccfbdfa313f3bdfea4d3dfe2c2d9174a615bbc39a0a6929338

SHA512
3e3aaf01b769471b18126e443a721c9e9a0269e9f5e48d0a10251bc1ee309855bd71ede266caa6828b007359b21ba562c2a5a3469078760f564fb7bd43acabfb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z.dll

Filesize
893KB

MD5
04ad4b80880b32c94be8d0886482c774

SHA1
344faf61c3eb76f4a2fb6452e83ed16c9cce73e0

SHA256
a1e1d1f0fff4fcccfbdfa313f3bdfea4d3dfe2c2d9174a615bbc39a0a6929338

SHA512
3e3aaf01b769471b18126e443a721c9e9a0269e9f5e48d0a10251bc1ee309855bd71ede266caa6828b007359b21ba562c2a5a3469078760f564fb7bd43acabfb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z.exe

Filesize
160KB

MD5
a51d90f2f9394f5ea0a3acae3bd2b219

SHA1
20fea1314dbed552d5fedee096e2050369172ee1

SHA256
ac9674feb8f2fad20c1e046de67f899419276ae79a60e8cc021a4bf472ae044f

SHA512
c11f981136db7d9bde01046b1953fd924ff29447d41257da09dd762451e27390cea9b69e43206a8fff825ebcd4ddec5a6247bb502aefbd6e8285622caa985bf6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z.exe

Filesize
160KB

MD5
a51d90f2f9394f5ea0a3acae3bd2b219

SHA1
20fea1314dbed552d5fedee096e2050369172ee1

SHA256
ac9674feb8f2fad20c1e046de67f899419276ae79a60e8cc021a4bf472ae044f

SHA512
c11f981136db7d9bde01046b1953fd924ff29447d41257da09dd762451e27390cea9b69e43206a8fff825ebcd4ddec5a6247bb502aefbd6e8285622caa985bf6

Download Submit
C:\Users\Admin\AppData\Local\Temp\LOCK.exe

Filesize
2.6MB

MD5
94e774adace269fd6fe582fb9fe71e6a

SHA1
c4704a7fb0dd51b2ca4070c6303aa4ee6e529f13

SHA256
cda44d8718352a0cee3a0e55f3aa67fd70db3511be8136e761b4fb45bba18181

SHA512
4e5a40acf50450c1d58286c50f24cc0990e6dd54bcdd16c7a507589367e0824155bf9d0350ce38c19c8e56c6686da46d3eb6bfc75e87d39ec1b64563ab29ee98

Download Submit
C:\Users\Admin\AppData\Local\Temp\LockHook.dll

Filesize
4.0MB

MD5
d6d3bb932810f061d0cf74eb5209e582

SHA1
7310165d68b6b8b80f41f9f8ba3a3f0893dfc1ca

SHA256
d595f05e178bab7421a6afece9ae6bca06ce287445af7c2cb1b9cc4da5152fe5

SHA512
d9efc00d211ba46a2c64906ef6bfe170eb086241d63a620f3e92e1eb5af9abc2a038d5e00d8fffc3eab979ee5e3117142979caabdaaa9ede9680b77a9414e189

Download Submit
C:\Users\Admin\AppData\Local\Temp\LockHook.dll

Filesize
4.0MB

MD5
d6d3bb932810f061d0cf74eb5209e582

SHA1
7310165d68b6b8b80f41f9f8ba3a3f0893dfc1ca

SHA256
d595f05e178bab7421a6afece9ae6bca06ce287445af7c2cb1b9cc4da5152fe5

SHA512
d9efc00d211ba46a2c64906ef6bfe170eb086241d63a620f3e92e1eb5af9abc2a038d5e00d8fffc3eab979ee5e3117142979caabdaaa9ede9680b77a9414e189

Download Submit
C:\Users\Admin\AppData\Local\Temp\lock.exe

Filesize
2.6MB

MD5
94e774adace269fd6fe582fb9fe71e6a

SHA1
c4704a7fb0dd51b2ca4070c6303aa4ee6e529f13

SHA256
cda44d8718352a0cee3a0e55f3aa67fd70db3511be8136e761b4fb45bba18181

SHA512
4e5a40acf50450c1d58286c50f24cc0990e6dd54bcdd16c7a507589367e0824155bf9d0350ce38c19c8e56c6686da46d3eb6bfc75e87d39ec1b64563ab29ee98

Download Submit
C:\Users\Admin\Favorites\链接\网止导航.url

Filesize
54B

MD5
29e69469aa10b444ad1dff7c525291ab

SHA1
eaf4fdef46a085a5658220906a54713f9481f5a5

SHA256
5f71cf00d7917c16705ea1e5f5f5bf4d4f629fbfd093b89ccec1db72a29e01fd

SHA512
5629304eb5097a32f1f941a62172a518de3f9f0e5a7db8d189cd5a6464894b3a78ae8c4a3b8e83e188e866f3f1431c2843619b41a7e48a427860d2e79c1bc025

Download Submit
memory/2920-7-0x0000000000BC0000-0x0000000000BC1000-memory.dmp

Filesize
4KB

Download
memory/2920-10-0x0000000000BF0000-0x0000000000BF3000-memory.dmp

Filesize
12KB

Download
memory/2920-12-0x0000000000C10000-0x0000000000C11000-memory.dmp

Filesize
4KB

Download
memory/2920-13-0x0000000000C20000-0x0000000000C21000-memory.dmp

Filesize
4KB

Download
memory/2920-14-0x0000000000C30000-0x0000000000C31000-memory.dmp

Filesize
4KB

Download
memory/2920-15-0x0000000000C40000-0x0000000000C41000-memory.dmp

Filesize
4KB

Download
memory/2920-16-0x0000000003920000-0x0000000003921000-memory.dmp

Filesize
4KB

Download
memory/2920-17-0x0000000003930000-0x0000000003931000-memory.dmp

Filesize
4KB

Download
memory/2920-18-0x0000000003940000-0x0000000003941000-memory.dmp

Filesize
4KB

Download
memory/2920-11-0x0000000000C00000-0x0000000000C01000-memory.dmp

Filesize
4KB

Download
memory/2920-9-0x0000000000BE0000-0x0000000000BE1000-memory.dmp

Filesize
4KB

Download
memory/2920-8-0x0000000000BD0000-0x0000000000BD1000-memory.dmp

Filesize
4KB

Download
memory/2920-0-0x0000000000400000-0x000000000059A000-memory.dmp

Filesize
1.6MB

Download
memory/2920-6-0x0000000000BB0000-0x0000000000BB1000-memory.dmp

Filesize
4KB

Download
memory/2920-5-0x0000000000B10000-0x0000000000B11000-memory.dmp

Filesize
4KB

Download
memory/2920-4-0x0000000000400000-0x000000000059A000-memory.dmp

Filesize
1.6MB

Download
memory/2920-3-0x0000000000AF0000-0x0000000000AF1000-memory.dmp

Filesize
4KB

Download
memory/2920-1-0x0000000000AE0000-0x0000000000AE1000-memory.dmp

Filesize
4KB

Download
memory/2920-49-0x0000000000400000-0x000000000059A000-memory.dmp

Filesize
1.6MB

Download
memory/2920-2-0x0000000000B00000-0x0000000000B01000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads