9c00e8dd5a6c9a8d22a4ae2e5a8bdeecf73b7ba6dbe12e787e5e8bf9bbb0c1c9

Analysis

max time kernel
93s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
22/02/2024, 18:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MinecraftInstaller.exe
Size

32.3MB
MD5

cfd9316537bf9aebd4c98e4939085948
SHA1

2b2e14d098308c0204ab57f4c6abfb230ae19762
SHA256

9c00e8dd5a6c9a8d22a4ae2e5a8bdeecf73b7ba6dbe12e787e5e8bf9bbb0c1c9
SHA512

cb9fd36106b915811bcfaaa4359ac2cdd8caad562f4954b9cc21b09b60111c0fb3d2ce06714d0de5339ca7fd62cc658c494b873f4a7062e309746e6a92552975
SSDEEP

393216:kbekuyo9nMK50UGRXLePuq2ZWy/c5zFviMKe2OHmwv9CsTmsueFFza9y5:/Zn/G4Gqk1cWe2iTVCMue3X

Score

5^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000\Control Panel\International\Geo\Nation	MinecraftInstaller.exe
Key value queried	\REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000\Control Panel\International\Geo\Nation	GamingRepair.exe

Checks system information in the registry 2 TTPs 2 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	GamingRepair.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	GamingRepair.exe

Executes dropped EXE 1 IoCs

pid	Process
3848	GamingRepair.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	GamingRepair.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	GamingRepair.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	GamingRepair.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	GamingRepair.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	GamingRepair.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	GamingRepair.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

description	pid	Process
Token: SeDebugPrivilege	2152	MinecraftInstaller.exe
Token: SeSecurityPrivilege	1368	wevtutil.exe
Token: SeBackupPrivilege	1368	wevtutil.exe
Token: SeSecurityPrivilege	4812	wevtutil.exe
Token: SeBackupPrivilege	4812	wevtutil.exe
Token: SeSecurityPrivilege	3240	wevtutil.exe
Token: SeBackupPrivilege	3240	wevtutil.exe
Token: SeSecurityPrivilege	1180	wevtutil.exe
Token: SeBackupPrivilege	1180	wevtutil.exe

Suspicious use of WriteProcessMemory 44 IoCs

description	pid	Process	procid_target
PID 2152 wrote to memory of 3848	2152	MinecraftInstaller.exe	90
PID 2152 wrote to memory of 3848	2152	MinecraftInstaller.exe	90
PID 3848 wrote to memory of 1368	3848	GamingRepair.exe	93
PID 3848 wrote to memory of 1368	3848	GamingRepair.exe	93
PID 3848 wrote to memory of 4812	3848	GamingRepair.exe	95
PID 3848 wrote to memory of 4812	3848	GamingRepair.exe	95
PID 3848 wrote to memory of 3240	3848	GamingRepair.exe	97
PID 3848 wrote to memory of 3240	3848	GamingRepair.exe	97
PID 3848 wrote to memory of 1180	3848	GamingRepair.exe	99
PID 3848 wrote to memory of 1180	3848	GamingRepair.exe	99
PID 3848 wrote to memory of 1684	3848	GamingRepair.exe	101
PID 3848 wrote to memory of 1684	3848	GamingRepair.exe	101
PID 1684 wrote to memory of 4064	1684	wscollect.exe	103
PID 1684 wrote to memory of 4064	1684	wscollect.exe	103
PID 1684 wrote to memory of 472	1684	wscollect.exe	104
PID 1684 wrote to memory of 472	1684	wscollect.exe	104
PID 3848 wrote to memory of 3008	3848	GamingRepair.exe	105
PID 3848 wrote to memory of 3008	3848	GamingRepair.exe	105
PID 3848 wrote to memory of 4732	3848	GamingRepair.exe	107
PID 3848 wrote to memory of 4732	3848	GamingRepair.exe	107
PID 3848 wrote to memory of 5096	3848	GamingRepair.exe	109
PID 3848 wrote to memory of 5096	3848	GamingRepair.exe	109
PID 3848 wrote to memory of 3060	3848	GamingRepair.exe	111
PID 3848 wrote to memory of 3060	3848	GamingRepair.exe	111
PID 3848 wrote to memory of 2324	3848	GamingRepair.exe	113
PID 3848 wrote to memory of 2324	3848	GamingRepair.exe	113
PID 3848 wrote to memory of 1136	3848	GamingRepair.exe	115
PID 3848 wrote to memory of 1136	3848	GamingRepair.exe	115
PID 3848 wrote to memory of 4348	3848	GamingRepair.exe	117
PID 3848 wrote to memory of 4348	3848	GamingRepair.exe	117
PID 3848 wrote to memory of 876	3848	GamingRepair.exe	119
PID 3848 wrote to memory of 876	3848	GamingRepair.exe	119
PID 3848 wrote to memory of 560	3848	GamingRepair.exe	121
PID 3848 wrote to memory of 560	3848	GamingRepair.exe	121
PID 3848 wrote to memory of 5076	3848	GamingRepair.exe	123
PID 3848 wrote to memory of 5076	3848	GamingRepair.exe	123
PID 3848 wrote to memory of 3748	3848	GamingRepair.exe	125
PID 3848 wrote to memory of 3748	3848	GamingRepair.exe	125
PID 3848 wrote to memory of 4788	3848	GamingRepair.exe	127
PID 3848 wrote to memory of 4788	3848	GamingRepair.exe	127
PID 3848 wrote to memory of 1244	3848	GamingRepair.exe	129
PID 3848 wrote to memory of 1244	3848	GamingRepair.exe	129
PID 3848 wrote to memory of 3208	3848	GamingRepair.exe	131
PID 3848 wrote to memory of 3208	3848	GamingRepair.exe	131

C:\Users\Admin\AppData\Local\Temp\MinecraftInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\MinecraftInstaller.exe"
1⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2152
- C:\Users\Admin\AppData\Local\Temp\GamingRepair.exe
  "C:\Users\Admin\AppData\Local\Temp\GamingRepair.exe" scenarioMinecraft
  2⤵
  - Checks computer location settings
  - Checks system information in the registry
  - Executes dropped EXE
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious use of WriteProcessMemory
  PID:3848
- - C:\Windows\system32\wevtutil.exe
    "C:\Windows\system32\wevtutil.exe" epl Microsoft-Windows-AppXDeploymentServer/Operational C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\Microsoft-Windows-AppXDeploymentServer_Operational.evtx /ow:true
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1368
- - C:\Windows\system32\wevtutil.exe
    "C:\Windows\system32\wevtutil.exe" epl Microsoft-Windows-AppXDeployment/Operational C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\Microsoft-Windows-AppXDeployment_Operational.evtx /ow:true
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4812
- - C:\Windows\system32\wevtutil.exe
    "C:\Windows\system32\wevtutil.exe" epl Microsoft-Windows-AppxPackaging/Operational C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\Microsoft-Windows-AppxPackaging_Operational.evtx /ow:true
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3240
- - C:\Windows\system32\wevtutil.exe
    "C:\Windows\system32\wevtutil.exe" epl Microsoft-Windows-AppModel-Runtime/Admin C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\Microsoft-Windows-AppModel-Runtime_Admin.evtx /ow:true
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1180
- - C:\Windows\system32\wscollect.exe
    "C:\Windows\system32\wscollect.exe" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\wscollect_gr.cab
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1684
  - - C:\Windows\System32\reg.exe
      C:\Windows\System32\reg.exe export "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SIH" "C:\Users\Admin\AppData\Local\Temp\registry_SIH.txt" /y
      4⤵
      PID:4064
  - - C:\Windows\System32\reg.exe
      C:\Windows\System32\reg.exe export "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\DnsPolicyConfig" "C:\Users\Admin\AppData\Local\Temp\registry_DNSPolicy.txt" /y
      4⤵
      PID:472
- - C:\Windows\system32\reg.exe
    "C:\Windows\system32\reg.exe" export "HKLM\Software\Microsoft\GamingServices" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\HKLM_GRTS.reg /y
    3⤵
    PID:3008
- - C:\Windows\system32\reg.exe
    "C:\Windows\system32\reg.exe" export "HKCU\Software\Microsoft\GamingServices" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\HKCU_GRTS.reg /y
    3⤵
    PID:4732
- - C:\Windows\system32\reg.exe
    "C:\Windows\system32\reg.exe" export "HKLM\SYSTEM\CurrentControlSet\Services\GamingServices" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\GS_Service.reg /y
    3⤵
    PID:5096
- - C:\Windows\system32\reg.exe
    "C:\Windows\system32\reg.exe" export "HKLM\SYSTEM\CurrentControlSet\Services\GamingServicesNet" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\GSNet_Service.reg /y
    3⤵
    PID:3060
- - C:\Windows\system32\reg.exe
    "C:\Windows\system32\reg.exe" export "HKLM\SYSTEM\CurrentControlSet\Services\GameFlt" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\GameFlt_Service.reg /y
    3⤵
    PID:2324
- - C:\Windows\system32\reg.exe
    "C:\Windows\system32\reg.exe" export "HKLM\SYSTEM\CurrentControlSet\Services\Xvdd" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\Xvdd_Service.reg /y
    3⤵
    PID:1136
- - C:\Windows\system32\reg.exe
    "C:\Windows\system32\reg.exe" export "HKLM\SYSTEM\CurrentControlSet\Services\XblAuthManager" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\XblAuthManager_Service.reg /y
    3⤵
    PID:4348
- - C:\Windows\system32\reg.exe
    "C:\Windows\system32\reg.exe" export "HKLM\SYSTEM\CurrentControlSet\Services\XblGameSave" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\XblGameSave_Service.reg /y
    3⤵
    PID:876
- - C:\Windows\system32\reg.exe
    "C:\Windows\system32\reg.exe" export "HKLM\SYSTEM\CurrentControlSet\Services\GameInput Service" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\GameInput_Service.reg /y
    3⤵
    PID:560
- - C:\Windows\system32\reg.exe
    "C:\Windows\system32\reg.exe" export "HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\HKCU_AppModel.reg /y
    3⤵
    PID:5076
- - C:\Windows\system32\reg.exe
    "C:\Windows\system32\reg.exe" export "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\HKLM_AppModel.reg /y
    3⤵
    PID:3748
- - C:\Windows\system32\reg.exe
    "C:\Windows\system32\reg.exe" export "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\HKLM_Appx.reg /y
    3⤵
    PID:4788
- - C:\Windows\system32\reg.exe
    "C:\Windows\system32\reg.exe" export "HKCU\SOFTWARE\Classes\ActivatableClasses\Package" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\HKCU_Package.reg /y
    3⤵
    PID:1244
- - C:\Windows\system32\reg.exe
    "C:\Windows\system32\reg.exe" export "HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate" C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\HKLM_WuPolicy.reg /y
    3⤵
    PID:3208

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\MinecraftInstaller\deviceId.txt

Filesize
36B

MD5
a2d16430534b9a45c2a171809c5f2083

SHA1
321f1d6aa9031471d7015000fecaea6790f47cde

SHA256
09ebb834be08052e618dfcbf745356ee90c1bb2e946a5c9a4b4b7088004813d5

SHA512
47fb6ca3912c9f171a4b2b18e23dbd5a50dbc08cbf2ada57b8b69d6cdb8c21424eabce23783b276ae77fa1c25c959434d2cc79b85b3515d37f1aecea31e0c7ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\DiagOutputDir\GamingRepair\WerLogs\wscollect_gr.cab

Filesize
652KB

MD5
58516279b92d76f3ecaaf7d2e0ef8a82

SHA1
6868f5e091656921a9b2e3340595324d3863e6e3

SHA256
57d2f45b8c50dd9547afff081f1dc8186ee4096708e715fd1cbcd6f3af56aeae

SHA512
d75ec2b514521596208eed62f58e294440082157db12a40ff2562b084c19bf09dc2ad6fd56ed097ef214412b303e74e50a8fe75650f29b34d88063cbca7998a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\GamingRepair.exe

Filesize
573KB

MD5
0d05a797214e62f36e15d2149e6f4005

SHA1
bf634ecf71e833be051672aebb5367392fee44b2

SHA256
2dea72909788e997892e7219f859b3361910291eb3feb156dafa8b1ceee20c86

SHA512
3b5f3bcb1c54c010bcc9e19a5cbec06061fede5a2a56a730fbf920214af02bdec2c2d602bb51a800c543c011368c4eecbc5aa50fd494e719925d2a80a91283b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\REG9942.tmp

Filesize
270B

MD5
edcaaed49057b04d804ef38622dcfeca

SHA1
200458ae3a380983860136acca9b18d62c5bac76

SHA256
b9532ca922a984f207d3a82499308fa038e1d78169b534b8d7fc116aefe5a05e

SHA512
052065767b3bf96cf1314dd8c42940ace0d256eb7f536de0b642f5816dc0b5e6db3ce9a10450e9564b7c932e9261a9d78ca7929a4537646cbf7d5ee8c363b5fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\REG99DE.tmp

Filesize
336B

MD5
c3047ec19fe673d02a9d74d9a9d4deba

SHA1
87a9a959f02252fb5226333fe7b197aecc9dabb5

SHA256
6f9fae20e0186b6a5b6946538d57b4ded658ab804f72e6e385e9ee717cfe3fbd

SHA512
3c65a1fe5ac2f3418dd1acc74e671dee1caaef5b44b1843f522670640fc09116db58e968274cdee461f9776bfbd60684628613680d2d71fa9d24fdf99c85d33a

Download Submit
C:\Users\Admin\AppData\Local\Temp\REG9A5B.tmp

Filesize
3KB

MD5
f90a03d152e8202c3eb57c6e6eb710a8

SHA1
cab5b11304ebbb9a1ca9c191fbc737082bcb49b9

SHA256
89eb956a0ac5a7ebd558eaaebe485c87c40c47baf1954b272b26b0b8724a6352

SHA512
2e3e8c359ee1b97e5a01aff6192fd39236f14cd75812fb9ec2488e938c52db294c859062d89b84f6593d3c492d310fe6b514df235b52dec189e7b62e02bd86fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\REG9A6B.tmp

Filesize
3KB

MD5
cca36a379e81a944c607e4f4d544c565

SHA1
d09aef7d6cf0bd140f121a85ae2b92307119db89

SHA256
8975303228de2bf10d7a55bfbd591bce14e4a124910265eefbeb58229347268c

SHA512
8a851c8054c694dcf0b942550de764915f0c860277f910fa0fa6d66962f7e6c7a7c8498a0abd55e51e6725fb585820a957c079351883429242e4c0abf7f79158

Download Submit
C:\Users\Admin\AppData\Local\Temp\REG9A9A.tmp

Filesize
430KB

MD5
a81d5a5c3b38dd773343ac8e540cf212

SHA1
1f2176745bb6695e52b0b1a0af04b151bf4f5e42

SHA256
38e998f771b00af885a5d381b2d9af660a7074476281503dff9a3e419509a19c

SHA512
4ae172803a42149512d8c94b686b23ff7089961d882bb1612ea602381e062da9c1c286861f456376c9892627872f0f4c87b683cf0c57343ce4a6d0f7ea3c74a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\REG9B17.tmp

Filesize
4.3MB

MD5
dcdd546fe7b591536b3c274d5afdd0ce

SHA1
8b14eff9e48a3f9291c132265b5e11bb4d096bd6

SHA256
49112750313927b0da06f6d733ed9ee5314c27c25c4670572004a32125a10787

SHA512
73b83c5b1117e4da57cd1cb34561f08a4b1c88984781915e40804e5a854eeac5055069ad26f6742514058c492bdb9b57ffbab103eb39531dc09518a9375dfe94

Download Submit
C:\Users\Admin\AppData\Local\Temp\REG9D1B.tmp

Filesize
392KB

MD5
bf31810f5e9e5a1ad03e9154a9975eb8

SHA1
c153dc858f2daf95e058232766e8b11f762d476c

SHA256
8b470908be8626812da004bec17b8075cc913a26b8f009a4dff285120b00d13d

SHA512
75aa5a0cfac84b1a79419abc5915c23417e7edac1440aff845a06f110b8155bbe1f43020eea3320f0fd6c248791985510fc80e2457fb434c698c55b716d60811

Download Submit
C:\Users\Admin\AppData\Local\Temp\REG9DB7.tmp

Filesize
12KB

MD5
2d07d0b34d1dd17462658c6c7bba7168

SHA1
0b3fd4038c4e64c4416d205516776281e210132d

SHA256
63ba82b1465971c59973d1bf80d88bedbf67a237e5ef54d040e165aceae8734d

SHA512
ac8b8e363c87545009447af1af18e66db8e4a92cfe49e92cb7ee5364399681f0be747a4366af0231ccdb062e923ebfa12a72dcb1f103a322b14d568a5f1c838e

Download Submit
C:\Users\Admin\AppData\Local\Temp\REG9E24.tmp

Filesize
740B

MD5
5b20f739acefbfc6237c04f216466883

SHA1
738af05cf8a177e14726ae4c4affc6d9b94da6a1

SHA256
f787f543d052d4000d007bdcd71bb6b7024293f2ad2d543b02b4121b1da3ebf8

SHA512
c82cf736af02ffe5e76b88d802e7800787826bbe5cbc59b64b4f77f9ff1168f9ed43a9c68e3a9d13407e38f16822755660d359b42ae339d0d2bac754f192651f

Download Submit
memory/2152-9-0x000000000B020000-0x000000000B058000-memory.dmp

Filesize
224KB

Download
memory/2152-0-0x00000000747D0000-0x0000000074F80000-memory.dmp

Filesize
7.7MB

Download
memory/2152-28-0x0000000006F90000-0x0000000006FA0000-memory.dmp

Filesize
64KB

Download
memory/2152-26-0x00000000747D0000-0x0000000074F80000-memory.dmp

Filesize
7.7MB

Download
memory/2152-13-0x000000000D630000-0x000000000D656000-memory.dmp

Filesize
152KB

Download
memory/2152-12-0x000000000B280000-0x000000000B28A000-memory.dmp

Filesize
40KB

Download
memory/2152-10-0x000000000ABC0000-0x000000000ABCE000-memory.dmp

Filesize
56KB

Download
memory/2152-27-0x0000000006F90000-0x0000000006FA0000-memory.dmp

Filesize
64KB

Download
memory/2152-80-0x0000000006F90000-0x0000000006FA0000-memory.dmp

Filesize
64KB

Download
memory/2152-8-0x000000000AB50000-0x000000000AB58000-memory.dmp

Filesize
32KB

Download
memory/2152-7-0x0000000006F90000-0x0000000006FA0000-memory.dmp

Filesize
64KB

Download
memory/2152-5-0x0000000007ED0000-0x0000000007ED8000-memory.dmp

Filesize
32KB

Download
memory/2152-3-0x0000000007210000-0x00000000073D2000-memory.dmp

Filesize
1.8MB

Download
memory/2152-2-0x0000000006F90000-0x0000000006FA0000-memory.dmp

Filesize
64KB

Download
memory/2152-1-0x00000000004C0000-0x000000000251A000-memory.dmp

Filesize
32.4MB

Download
memory/2152-158-0x00000000747D0000-0x0000000074F80000-memory.dmp

Filesize
7.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads