44caliber | 72ec0572620cb474a46ee2a6092f3d080c25b66b07d76fd2dd72d3f2388f04a0

General

Target

fly vw.exe
Size

3.0MB
MD5

e9741cbf19fc1947d6c586564585f53f
SHA1

6580de244f3f2f77548376aabf1671a2b76e0b4e
SHA256

72ec0572620cb474a46ee2a6092f3d080c25b66b07d76fd2dd72d3f2388f04a0
SHA512

4560eb4fb3706967e24a0cbcf34387564ab1b0e340a910ed7b925ec5dc80661c7b39a46650586c3991badfd343f3ad3cf67506f5afda4af859784629988b047a
SSDEEP

49152:tM3r1CyUBpXb9OZxkjBJrlrCZ9eZHtFs6SC5bAPLERCpydSECwKWvtY0:qJC1pb9OZ+9dlKwZHtFg8czE0pydSECW

Score

10^/10

44caliber spyware stealer

Malware Config

Extracted

Family

44caliber

C2

https://discordapp.com/api/webhooks/1192569430484463717/I6Kwe8DzntI6vhtlBS66UU8vV05EYfDX3mK1x5PPRmeEfRH9iurdtdMxHmv2ZZuW3Ev5

Signatures

44Caliber
An open source infostealer written in C#.
stealer 44caliber

Executes dropped EXE 2 IoCs

pid	Process
2688	FreeRobux.exe
1876	FreeRobux.exe

Loads dropped DLL 7 IoCs

pid	Process
1404	Process not Found
1404	Process not Found
1404	Process not Found
1404	Process not Found
1404	Process not Found
1404	Process not Found
1404	Process not Found

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\L:	mstsc.exe
File opened (read-only)	\??\P:	mstsc.exe
File opened (read-only)	\??\U:	mstsc.exe
File opened (read-only)	\??\X:	mstsc.exe
File opened (read-only)	\??\Y:	mstsc.exe
File opened (read-only)	\??\G:	mstsc.exe
File opened (read-only)	\??\H:	mstsc.exe
File opened (read-only)	\??\K:	mstsc.exe
File opened (read-only)	\??\N:	mstsc.exe
File opened (read-only)	\??\S:	mstsc.exe
File opened (read-only)	\??\Z:	mstsc.exe
File opened (read-only)	\??\A:	mstsc.exe
File opened (read-only)	\??\R:	mstsc.exe
File opened (read-only)	\??\T:	mstsc.exe
File opened (read-only)	\??\V:	mstsc.exe
File opened (read-only)	\??\I:	mstsc.exe
File opened (read-only)	\??\E:	mstsc.exe
File opened (read-only)	\??\J:	mstsc.exe
File opened (read-only)	\??\M:	mstsc.exe
File opened (read-only)	\??\O:	mstsc.exe
File opened (read-only)	\??\Q:	mstsc.exe
File opened (read-only)	\??\W:	mstsc.exe
File opened (read-only)	\??\B:	mstsc.exe

Looks up external IP address via web service 3 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
4	freegeoip.app
5	freegeoip.app
16	freegeoip.app

Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs

pid	Process
2688	FreeRobux.exe
2688	FreeRobux.exe
1876	FreeRobux.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0	FreeRobux.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	FreeRobux.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0	FreeRobux.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	FreeRobux.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3470981204-343661084-3367201002-1000\Software\Microsoft\Internet Explorer\Main	fly vw.exe

Modifies system certificate store 2 TTPs 4 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C	FreeRobux.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030806082b06010505070309060a2b0601040182370a030406082b0601050507030606082b0601050507030706082b060105050802025300000001000000230000003021301f06092b06010401a032010130123010060a2b0601040182373c0101030200c00b000000010000001600000047006c006f00620061006c005300690067006e000000140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b999236030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	FreeRobux.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c1d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b0b000000010000001600000047006c006f00620061006c005300690067006e0000005300000001000000230000003021301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030806082b06010505070309060a2b0601040182370a030406082b0601050507030606082b0601050507030706082b060105050802020f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	FreeRobux.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 190000000100000010000000a823b4a20180beb460cab955c24d7e210f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030106082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030806082b06010505070309060a2b0601040182370a030406082b0601050507030606082b0601050507030706082b060105050802025300000001000000230000003021301f06092b06010401a032010130123010060a2b0601040182373c0101030200c00b000000010000001600000047006c006f00620061006c005300690067006e000000140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b999236030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	FreeRobux.exe

Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs

pid	Process
2688	FreeRobux.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2688	FreeRobux.exe
2688	FreeRobux.exe
2688	FreeRobux.exe
2688	FreeRobux.exe
2688	FreeRobux.exe
1876	FreeRobux.exe
1876	FreeRobux.exe
1876	FreeRobux.exe
1876	FreeRobux.exe
1876	FreeRobux.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2900	fly vw.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2688	FreeRobux.exe
Token: SeDebugPrivilege	1876	FreeRobux.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2900	fly vw.exe
2900	fly vw.exe
2688	FreeRobux.exe
1876	FreeRobux.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2900 wrote to memory of 2740	2900	fly vw.exe	28
PID 2900 wrote to memory of 2740	2900	fly vw.exe	28
PID 2900 wrote to memory of 2740	2900	fly vw.exe	28
PID 2900 wrote to memory of 2740	2900	fly vw.exe	28
PID 2900 wrote to memory of 2740	2900	fly vw.exe	28
PID 2740 wrote to memory of 2688	2740	cmd.exe	30
PID 2740 wrote to memory of 2688	2740	cmd.exe	30
PID 2740 wrote to memory of 2688	2740	cmd.exe	30
PID 2740 wrote to memory of 2688	2740	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\fly vw.exe
"C:\Users\Admin\AppData\Local\Temp\fly vw.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2900
- C:\Windows\system32\cmd.exe
  cmd /c ""C:\Users\Admin\Downloads\Setup.bat" "
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2740
- - C:\Users\Admin\Downloads\FreeRobux.exe
    FreeRobux.exe -p111 -dC:\Users\Admin\AppData\Roaming
    3⤵
    - Executes dropped EXE
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Checks processor information in registry
    - Modifies system certificate store
    - Suspicious behavior: CmdExeWriteProcessMemorySpam
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:2688

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2124

C:\Users\Admin\Downloads\FreeRobux.exe
"C:\Users\Admin\Downloads\FreeRobux.exe"
1⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1876

C:\Windows\system32\mstsc.exe
"C:\Windows\system32\mstsc.exe"
1⤵
- Enumerates connected drives
PID:1944

C:\Windows\system32\control.exe
"C:\Windows\system32\control.exe" /name Microsoft.DefaultPrograms
1⤵
PID:2924

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:2916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Subvert Trust Controls

1

T1553

Install Root Certificate

1

T1553.004

Credential Access

Unsecured Credentials

2

T1552

Credentials In Files

2

T1552.001

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

3

T1082

Lateral Movement

Collection

Data from Local System

2

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\44\Browsers\Firefox\Bookmarks.txt

Filesize
105B

MD5
2e9d094dda5cdc3ce6519f75943a4ff4

SHA1
5d989b4ac8b699781681fe75ed9ef98191a5096c

SHA256
c84c98bbf5e0ef9c8d0708b5d60c5bb656b7d6be5135d7f7a8d25557e08cf142

SHA512
d1f7eed00959e902bdb2125b91721460d3ff99f3bdfc1f2a343d4f58e8d4e5e5a06c0c6cdc0379211c94510f7c00d7a8b34fa7d0ca0c3d54cbbe878f1e9812b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp8086.tmp.dat

Filesize
92KB

MD5
b9858d49711b377343dad7336af34a75

SHA1
807eee110edcaf45772bf902d32adfe72d7aa7e0

SHA256
29796e50a6e69754ef1bb64d0dd9ca2e657c8de2843e06d689c0b5125c9d3ce3

SHA512
9525413e6bf14f24f2dedccac36a153ddee2d88f3ee0ce87d8ac4cd3ea63d33fa439cf28d3e155e9e7be0d0856d0b01e2813dc67e890724c4cd71714490cff5d

Download Submit
C:\Users\Admin\Downloads\FreeRobux.exe

Filesize
1.2MB

MD5
3c0a10912d34140b0dcbbb6ddd982f56

SHA1
9c07774e8ce009629dbddb43fa73cb3f5dafe39b

SHA256
d3e166dfd64f0f5e63ef46ccf340937393242433a872d77d8d6afc974a8e6cfd

SHA512
c95140ef1abe995c210a620727db4e0627f2fda20d248a29c9216e96992f23096435ee248f3d2d69b71e4e9c4215e7ecf6048cc983142f67b371d7c35b15bb4b

Download Submit
C:\Users\Admin\Downloads\Setup.bat

Filesize
31B

MD5
7a1224f5b93470ba772698dba9bbc8dc

SHA1
5cbabe8cb347a350f75108efb101f7aa29f1ac6f

SHA256
5ea7797532c3ed291e4a9b5f40f07140ac073737bc280de5bc5fc1bf7dc90e99

SHA512
f6071c4edb7e7cc013cc8791c96b048672ca7eb71b0098ce5fa565309d8f9767e470b35b9172bfbaa6d42f91cb7792789828195c4f041e81066cbd8b45f61c05

Download Submit
\Users\Admin\Downloads\FreeRobux.sfx.exe

Filesize
1.6MB

MD5
a7ee48c9bc8343c20978cd2bb27648d5

SHA1
1667b8481a81965d494b349cbca761e443e00fa3

SHA256
7d0a0f28fb323e4c2432696be7d445da107407beee50cf29c0a28bacfa88c649

SHA512
4dad06de44c6e9cf7534c9164d70e9a3bc2340370784bc5b681e9c3f50e0438021efca8449da61ed9aacf8921d46d45849f66da3175ba0d07888157f66ee834c

Download Submit
memory/1876-114-0x0000000005590000-0x00000000055D0000-memory.dmp

Filesize
256KB

Download
memory/1876-111-0x0000000000340000-0x00000000006EE000-memory.dmp

Filesize
3.7MB

Download
memory/1876-113-0x0000000073F00000-0x00000000745EE000-memory.dmp

Filesize
6.9MB

Download
memory/1876-112-0x0000000000340000-0x00000000006EE000-memory.dmp

Filesize
3.7MB

Download
memory/1876-168-0x0000000000340000-0x00000000006EE000-memory.dmp

Filesize
3.7MB

Download
memory/1876-169-0x0000000073F00000-0x00000000745EE000-memory.dmp

Filesize
6.9MB

Download
memory/1944-170-0x00000000001A0000-0x00000000001A1000-memory.dmp

Filesize
4KB

Download
memory/2688-102-0x0000000000C40000-0x0000000000FEE000-memory.dmp

Filesize
3.7MB

Download
memory/2688-103-0x0000000073EE0000-0x00000000745CE000-memory.dmp

Filesize
6.9MB

Download
memory/2688-35-0x0000000005DA0000-0x0000000005DE0000-memory.dmp

Filesize
256KB

Download
memory/2688-33-0x0000000000C40000-0x0000000000FEE000-memory.dmp

Filesize
3.7MB

Download
memory/2688-34-0x0000000073EE0000-0x00000000745CE000-memory.dmp

Filesize
6.9MB

Download
memory/2688-32-0x0000000000C40000-0x0000000000FEE000-memory.dmp

Filesize
3.7MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads