kinsing | 4e84e2831364f0a0b9c7d552e58b9706d0de6fae139942207af33f515dcae40b

General

Target

74f37fe4cd2c65109465b9998183a657.exe
Size

96KB
MD5

74f37fe4cd2c65109465b9998183a657
SHA1

9419ff643ebd890e108c2732a40f9b3628b35a71
SHA256

4e84e2831364f0a0b9c7d552e58b9706d0de6fae139942207af33f515dcae40b
SHA512

95651b579b497f8a3f4b0eb42f90bd8a722a50b38e3b6c22133ae2390e68bad21d74f7fdc4a45fc43c8aa798c5775e87bf6cb20a6e1ed9c7e80ecb9b302b4a81
SSDEEP

1536:TE6gioIKlNjVMa3kWq46O4ont1jlZikJ4EjkBYCBsiq5u4CzUahE7jwaaHw7Kojw:IEra3kWtfnt1xZiYGBrqJI5U5jwaaHwm

Score

10^/10

kinsing ramnit banker loader spyware stealer trojan worm

Malware Config

Signatures

Kinsing
Kinsing is a loader written in Golang.
loader kinsing
Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

74f37fe4cd2c65109465b9998183a657.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Control Panel\International\Geo\Nation	74f37fe4cd2c65109465b9998183a657.exe

Executes dropped EXE 1 IoCs

Processes:

memsdiuewkoisjiv.exe

pid process

4148 memsdiuewkoisjiv.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Program crash 2 IoCs

Processes:

WerFault.exeWerFault.exe

pid pid_target process target process

1180 1520 WerFault.exe svchost.exe
4992 2536 WerFault.exe svchost.exe

pid	process
4148	memsdiuewkoisjiv.exe

pid	pid_target	process	target process
1180	1520	WerFault.exe	svchost.exe
4992	2536	WerFault.exe	svchost.exe

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

IEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXE

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31084458"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{601A1B7D-BB9D-11EE-B6AD-EAB06C7B55B6} = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "412964489"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31084458"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3e0000003e000000c4040000a3020000	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "895261160"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "895261160"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31084458"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "951199779"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31084458"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1050575181"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	IEXPLORE.EXE

Suspicious behavior: LoadsDriver 1 IoCs

Processes:

pid process

664

pid	process
664

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

74f37fe4cd2c65109465b9998183a657.exememsdiuewkoisjiv.exe

description	pid	process
Token: SeSecurityPrivilege	3908	74f37fe4cd2c65109465b9998183a657.exe
Token: SeDebugPrivilege	3908	74f37fe4cd2c65109465b9998183a657.exe
Token: SeSecurityPrivilege	4148	memsdiuewkoisjiv.exe
Token: SeLoadDriverPrivilege	4148	memsdiuewkoisjiv.exe

Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

IEXPLORE.EXE

pid process

3300 IEXPLORE.EXE
3300 IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 10 IoCs

Processes:

IEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXE

pid	process
3300	IEXPLORE.EXE
3300	IEXPLORE.EXE
2792	IEXPLORE.EXE
2792	IEXPLORE.EXE
3300	IEXPLORE.EXE
3300	IEXPLORE.EXE
3248	IEXPLORE.EXE
3248	IEXPLORE.EXE
3248	IEXPLORE.EXE
3248	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 37 IoCs

Processes:

74f37fe4cd2c65109465b9998183a657.exeiexplore.exeIEXPLORE.EXEiexplore.exe

description	pid	process	target process
PID 3908 wrote to memory of 1520	3908	74f37fe4cd2c65109465b9998183a657.exe	svchost.exe
PID 3908 wrote to memory of 1520	3908	74f37fe4cd2c65109465b9998183a657.exe	svchost.exe
PID 3908 wrote to memory of 1520	3908	74f37fe4cd2c65109465b9998183a657.exe	svchost.exe
PID 3908 wrote to memory of 1520	3908	74f37fe4cd2c65109465b9998183a657.exe	svchost.exe
PID 3908 wrote to memory of 1520	3908	74f37fe4cd2c65109465b9998183a657.exe	svchost.exe
PID 3908 wrote to memory of 1520	3908	74f37fe4cd2c65109465b9998183a657.exe	svchost.exe
PID 3908 wrote to memory of 1520	3908	74f37fe4cd2c65109465b9998183a657.exe	svchost.exe
PID 3908 wrote to memory of 1520	3908	74f37fe4cd2c65109465b9998183a657.exe	svchost.exe
PID 3908 wrote to memory of 1520	3908	74f37fe4cd2c65109465b9998183a657.exe	svchost.exe
PID 3908 wrote to memory of 492	3908	74f37fe4cd2c65109465b9998183a657.exe	iexplore.exe
PID 3908 wrote to memory of 492	3908	74f37fe4cd2c65109465b9998183a657.exe	iexplore.exe
PID 3908 wrote to memory of 492	3908	74f37fe4cd2c65109465b9998183a657.exe	iexplore.exe
PID 492 wrote to memory of 3300	492	iexplore.exe	IEXPLORE.EXE
PID 492 wrote to memory of 3300	492	iexplore.exe	IEXPLORE.EXE
PID 3300 wrote to memory of 2792	3300	IEXPLORE.EXE	IEXPLORE.EXE
PID 3300 wrote to memory of 2792	3300	IEXPLORE.EXE	IEXPLORE.EXE
PID 3300 wrote to memory of 2792	3300	IEXPLORE.EXE	IEXPLORE.EXE
PID 3908 wrote to memory of 2536	3908	74f37fe4cd2c65109465b9998183a657.exe	svchost.exe
PID 3908 wrote to memory of 2536	3908	74f37fe4cd2c65109465b9998183a657.exe	svchost.exe
PID 3908 wrote to memory of 2536	3908	74f37fe4cd2c65109465b9998183a657.exe	svchost.exe
PID 3908 wrote to memory of 2536	3908	74f37fe4cd2c65109465b9998183a657.exe	svchost.exe
PID 3908 wrote to memory of 2536	3908	74f37fe4cd2c65109465b9998183a657.exe	svchost.exe
PID 3908 wrote to memory of 2536	3908	74f37fe4cd2c65109465b9998183a657.exe	svchost.exe
PID 3908 wrote to memory of 2536	3908	74f37fe4cd2c65109465b9998183a657.exe	svchost.exe
PID 3908 wrote to memory of 2536	3908	74f37fe4cd2c65109465b9998183a657.exe	svchost.exe
PID 3908 wrote to memory of 2536	3908	74f37fe4cd2c65109465b9998183a657.exe	svchost.exe
PID 3908 wrote to memory of 2144	3908	74f37fe4cd2c65109465b9998183a657.exe	iexplore.exe
PID 3908 wrote to memory of 2144	3908	74f37fe4cd2c65109465b9998183a657.exe	iexplore.exe
PID 3908 wrote to memory of 2144	3908	74f37fe4cd2c65109465b9998183a657.exe	iexplore.exe
PID 2144 wrote to memory of 1668	2144	iexplore.exe	IEXPLORE.EXE
PID 2144 wrote to memory of 1668	2144	iexplore.exe	IEXPLORE.EXE
PID 3300 wrote to memory of 3248	3300	IEXPLORE.EXE	IEXPLORE.EXE
PID 3300 wrote to memory of 3248	3300	IEXPLORE.EXE	IEXPLORE.EXE
PID 3300 wrote to memory of 3248	3300	IEXPLORE.EXE	IEXPLORE.EXE
PID 3908 wrote to memory of 4148	3908	74f37fe4cd2c65109465b9998183a657.exe	memsdiuewkoisjiv.exe
PID 3908 wrote to memory of 4148	3908	74f37fe4cd2c65109465b9998183a657.exe	memsdiuewkoisjiv.exe
PID 3908 wrote to memory of 4148	3908	74f37fe4cd2c65109465b9998183a657.exe	memsdiuewkoisjiv.exe

C:\Users\Admin\AppData\Local\Temp\74f37fe4cd2c65109465b9998183a657.exe
"C:\Users\Admin\AppData\Local\Temp\74f37fe4cd2c65109465b9998183a657.exe"
1⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3908

C:\Windows\SysWOW64\svchost.exe
C:\Windows\system32\svchost.exe
2⤵
PID:1520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 208
3⤵
- Program crash
PID:1180

C:\Program Files (x86)\Internet Explorer\iexplore.exe
"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
2⤵
- Suspicious use of WriteProcessMemory
PID:492

C:\Program Files\Internet Explorer\IEXPLORE.EXE
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3300

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3300 CREDAT:17410 /prefetch:2
4⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2792

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3300 CREDAT:82948 /prefetch:2
4⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3248

C:\Windows\SysWOW64\svchost.exe
C:\Windows\system32\svchost.exe
2⤵
PID:2536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 204
3⤵
- Program crash
PID:4992

C:\Program Files (x86)\Internet Explorer\iexplore.exe
"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
2⤵
- Suspicious use of WriteProcessMemory
PID:2144

C:\Program Files\Internet Explorer\IEXPLORE.EXE
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
3⤵
- Modifies Internet Explorer settings
PID:1668

C:\Users\Admin\AppData\Local\Temp\memsdiuewkoisjiv.exe
"C:\Users\Admin\AppData\Local\Temp\memsdiuewkoisjiv.exe"
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1520 -ip 1520
1⤵
PID:2952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 2536 -ip 2536
1⤵
PID:1372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize
471B

MD5
1d7f25dc2d6699e79619c31ff8908f6c

SHA1
de3c1be6c3f3e7f6eadbe715ae575794e5bf1221

SHA256
845c8a47772a9c534cf13a177c83c40db250a6dbbd0a369401ea884b8d058d6e

SHA512
7a6e1765a31821e79b766ea0675ed17d735a40766d5fcd6cc305a8d33b8257d11e492d4ad8626f2909e1c2c2d93e8d04ed133effd0a3ec29324ec3ca36a22a1e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize
404B

MD5
802bcf411fe371f20072c9f15b7ffdbf

SHA1
8225c90d8a4544e167452423e06fe5b1d3181c0e

SHA256
ef61570c93b0ee4c7ed5a0e5d7dae2cfdb5c0c9ca9e73d80dc569fe49dd75bed

SHA512
065713b2c8ed9685803110ed1aa103de5195c4165de1e91df4e7659c9914ba5497e8cf0385a27208fa86dd5777735a6059579877ccee56582ff97a78278100a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\M8F18HYR\suggestions[1].en-US
Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\memsdiuewkoisjiv.exe
Filesize
96KB

MD5
74f37fe4cd2c65109465b9998183a657

SHA1
9419ff643ebd890e108c2732a40f9b3628b35a71

SHA256
4e84e2831364f0a0b9c7d552e58b9706d0de6fae139942207af33f515dcae40b

SHA512
95651b579b497f8a3f4b0eb42f90bd8a722a50b38e3b6c22133ae2390e68bad21d74f7fdc4a45fc43c8aa798c5775e87bf6cb20a6e1ed9c7e80ecb9b302b4a81

Download Submit
memory/1520-8-0x0000000001020000-0x0000000001021000-memory.dmp

Filesize
4KB

Download
memory/1520-9-0x0000000001000000-0x0000000001001000-memory.dmp

Filesize
4KB

Download
memory/3908-16-0x0000000000400000-0x000000000043A1A8-memory.dmp

Filesize
232KB

Download
memory/3908-31-0x0000000000400000-0x000000000043A1A8-memory.dmp

Filesize
232KB

Download
memory/3908-10-0x0000000000400000-0x000000000043A1A8-memory.dmp

Filesize
232KB

Download
memory/3908-12-0x00000000008E0000-0x00000000008E2000-memory.dmp

Filesize
8KB

Download
memory/3908-0-0x0000000000400000-0x000000000043A1A8-memory.dmp

Filesize
232KB

Download
memory/3908-18-0x0000000077402000-0x0000000077403000-memory.dmp

Filesize
4KB

Download
memory/3908-5-0x0000000000900000-0x0000000000901000-memory.dmp

Filesize
4KB

Download
memory/3908-6-0x0000000077402000-0x0000000077403000-memory.dmp

Filesize
4KB

Download
memory/3908-1-0x0000000000400000-0x000000000043A1A8-memory.dmp

Filesize
232KB

Download
memory/3908-2-0x00000000008E0000-0x00000000008E2000-memory.dmp

Filesize
8KB

Download
memory/3908-4-0x00000000008F0000-0x00000000008F1000-memory.dmp

Filesize
4KB

Download
memory/4148-39-0x0000000000400000-0x000000000043A1A8-memory.dmp

Filesize
232KB

Download
memory/4148-37-0x0000000000480000-0x0000000000482000-memory.dmp

Filesize
8KB

Download
memory/4148-36-0x0000000000400000-0x000000000043A1A8-memory.dmp

Filesize
232KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads