d008c9e8f618b47e4808d729d9104dbbdd238351a58f4b6071eff47be8467323

Analysis

max time kernel
160s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
15/03/2024, 10:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cb1ed66915bff236bd93218863d05dda.exe
Size

616KB
MD5

cb1ed66915bff236bd93218863d05dda
SHA1

203b5e01cd8e696971e817768bdbd0c4ea6dbebb
SHA256

d008c9e8f618b47e4808d729d9104dbbdd238351a58f4b6071eff47be8467323
SHA512

e6481682ce4cd185b6177516b80f78d2b1715eb79f33a37e724fad3ed6138e30f9fedbf6c33a25ddec4ec94e927aa6c368cfc05ba04fa1291841ce56bb987109
SSDEEP

12288:qso7xlyGjQVVHxAt8PySuBxoBvAdLGVSXh/O:qpxZ8kAvA6SRW

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4688	plog.exe
4600	plog.exe
400	plog.exe
3560	plog.exe
1520	plog.exe
3920	plog.exe
2940	plog.exe
2764	plog.exe
2736	plog.exe
3044	plog.exe
1856	plog.exe
4968	plog.exe
1908	plog.exe
368	plog.exe
412	plog.exe
4708	plog.exe
4248	plog.exe
3376	plog.exe
512	plog.exe
4440	plog.exe
2936	plog.exe
468	plog.exe
640	plog.exe
668	plog.exe
2920	plog.exe
1216	plog.exe
4744	plog.exe
2932	plog.exe
432	plog.exe
1988	plog.exe
2568	plog.exe
1372	plog.exe
1288	plog.exe
3376	plog.exe
1752	plog.exe
4808	plog.exe
3044	plog.exe
4836	plog.exe
4876	plog.exe
3660	plog.exe
4548	plog.exe
3476	plog.exe
3044	plog.exe
1080	plog.exe
4864	plog.exe
4484	plog.exe
1908	plog.exe
2772	plog.exe
2912	plog.exe
1640	plog.exe
1876	plog.exe
116	plog.exe
4800	plog.exe
320	plog.exe
756	plog.exe
3632	plog.exe
1856	plog.exe
4672	plog.exe
4876	plog.exe
1192	plog.exe
672	plog.exe
4344	plog.exe
4932	plog.exe
3248	plog.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\swon4.exe	plog.exe
File created	C:\Windows\SysWOW64\plog.exe	plog.exe
File opened for modification	C:\Windows\SysWOW64\logkey.ini	plog.exe
File opened for modification	C:\Windows\SysWOW64\logkey.ini	plog.exe
File opened for modification	C:\Windows\SysWOW64\logkey.ini	plog.exe
File created	C:\Windows\SysWOW64\plog.exe	plog.exe
File opened for modification	C:\Windows\SysWOW64\swon4.exe	plog.exe
File opened for modification	C:\Windows\SysWOW64\swon4.exe	plog.exe
File created	C:\Windows\SysWOW64\swon4.exe	plog.exe
File created	C:\Windows\SysWOW64\plog.exe	plog.exe
File opened for modification	C:\Windows\SysWOW64\logkey.ini	plog.exe
File created	C:\Windows\SysWOW64\plog.exe	plog.exe
File created	C:\Windows\SysWOW64\plog.exe	plog.exe
File created	C:\Windows\SysWOW64\swon4.exe	plog.exe
File created	C:\Windows\SysWOW64\swon4.exe	plog.exe
File created	C:\Windows\SysWOW64\plog.exe	plog.exe
File opened for modification	C:\Windows\SysWOW64\swon4.exe	plog.exe
File opened for modification	C:\Windows\SysWOW64\logkey.ini	plog.exe
File opened for modification	C:\Windows\SysWOW64\swon4.exe	plog.exe
File opened for modification	C:\Windows\SysWOW64\swon4.exe	plog.exe
File created	C:\Windows\SysWOW64\swon4.exe	cb1ed66915bff236bd93218863d05dda.exe
File created	C:\Windows\SysWOW64\plog.exe	plog.exe
File created	C:\Windows\SysWOW64\plog.exe	plog.exe
File created	C:\Windows\SysWOW64\swon4.exe	plog.exe
File created	C:\Windows\SysWOW64\swon4.exe	plog.exe
File created	C:\Windows\SysWOW64\plog.exe	plog.exe
File created	C:\Windows\SysWOW64\plog.exe	plog.exe
File opened for modification	C:\Windows\SysWOW64\logkey.ini	plog.exe
File opened for modification	C:\Windows\SysWOW64\logkey.ini	plog.exe
File opened for modification	C:\Windows\SysWOW64\swon4.exe	plog.exe
File opened for modification	C:\Windows\SysWOW64\swon4.exe	plog.exe
File opened for modification	C:\Windows\SysWOW64\swon4.exe	plog.exe
File opened for modification	C:\Windows\SysWOW64\swon4.exe	plog.exe
File opened for modification	C:\Windows\SysWOW64\logkey.ini	plog.exe
File created	C:\Windows\SysWOW64\swon4.exe	plog.exe
File created	C:\Windows\SysWOW64\swon4.exe	plog.exe
File created	C:\Windows\SysWOW64\swon4.exe	plog.exe
File opened for modification	C:\Windows\SysWOW64\swon4.exe	plog.exe
File created	C:\Windows\SysWOW64\plog.exe	plog.exe
File created	C:\Windows\SysWOW64\plog.exe	plog.exe
File opened for modification	C:\Windows\SysWOW64\logkey.ini	plog.exe
File opened for modification	C:\Windows\SysWOW64\logkey.ini	plog.exe
File created	C:\Windows\SysWOW64\swon4.exe	plog.exe
File created	C:\Windows\SysWOW64\swon4.exe	plog.exe
File opened for modification	C:\Windows\SysWOW64\logkey.ini	plog.exe
File created	C:\Windows\SysWOW64\swon4.exe	plog.exe
File opened for modification	C:\Windows\SysWOW64\logkey.ini	plog.exe
File opened for modification	C:\Windows\SysWOW64\logkey.ini	plog.exe
File created	C:\Windows\SysWOW64\plog.exe	plog.exe
File opened for modification	C:\Windows\SysWOW64\swon4.exe	plog.exe
File created	C:\Windows\SysWOW64\plog.exe	plog.exe
File created	C:\Windows\SysWOW64\plog.exe	plog.exe
File opened for modification	C:\Windows\SysWOW64\swon4.exe	plog.exe
File created	C:\Windows\SysWOW64\plog.exe	plog.exe
File opened for modification	C:\Windows\SysWOW64\logkey.ini	plog.exe
File opened for modification	C:\Windows\SysWOW64\logkey.ini	plog.exe
File opened for modification	C:\Windows\SysWOW64\swon4.exe	plog.exe
File created	C:\Windows\SysWOW64\swon4.exe	plog.exe
File created	C:\Windows\SysWOW64\swon4.exe	plog.exe
File created	C:\Windows\SysWOW64\plog.exe	plog.exe
File opened for modification	C:\Windows\SysWOW64\swon4.exe	plog.exe
File opened for modification	C:\Windows\SysWOW64\logkey.ini	plog.exe
File opened for modification	C:\Windows\SysWOW64\logkey.ini	plog.exe
File opened for modification	C:\Windows\SysWOW64\logkey.ini	plog.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe
File opened for modification	C:\Windows\sk.exe	plog.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1988 wrote to memory of 4688	1988	cb1ed66915bff236bd93218863d05dda.exe	97
PID 1988 wrote to memory of 4688	1988	cb1ed66915bff236bd93218863d05dda.exe	97
PID 1988 wrote to memory of 4688	1988	cb1ed66915bff236bd93218863d05dda.exe	97
PID 4688 wrote to memory of 4600	4688	plog.exe	98
PID 4688 wrote to memory of 4600	4688	plog.exe	98
PID 4688 wrote to memory of 4600	4688	plog.exe	98
PID 4600 wrote to memory of 400	4600	plog.exe	100
PID 4600 wrote to memory of 400	4600	plog.exe	100
PID 4600 wrote to memory of 400	4600	plog.exe	100
PID 400 wrote to memory of 3560	400	plog.exe	103
PID 400 wrote to memory of 3560	400	plog.exe	103
PID 400 wrote to memory of 3560	400	plog.exe	103
PID 3560 wrote to memory of 1520	3560	plog.exe	106
PID 3560 wrote to memory of 1520	3560	plog.exe	106
PID 3560 wrote to memory of 1520	3560	plog.exe	106
PID 1520 wrote to memory of 3920	1520	plog.exe	108
PID 1520 wrote to memory of 3920	1520	plog.exe	108
PID 1520 wrote to memory of 3920	1520	plog.exe	108
PID 3920 wrote to memory of 2940	3920	plog.exe	110
PID 3920 wrote to memory of 2940	3920	plog.exe	110
PID 3920 wrote to memory of 2940	3920	plog.exe	110
PID 2940 wrote to memory of 2764	2940	plog.exe	113
PID 2940 wrote to memory of 2764	2940	plog.exe	113
PID 2940 wrote to memory of 2764	2940	plog.exe	113
PID 2764 wrote to memory of 2736	2764	plog.exe	114
PID 2764 wrote to memory of 2736	2764	plog.exe	114
PID 2764 wrote to memory of 2736	2764	plog.exe	114
PID 2736 wrote to memory of 3044	2736	plog.exe	115
PID 2736 wrote to memory of 3044	2736	plog.exe	115
PID 2736 wrote to memory of 3044	2736	plog.exe	115
PID 3044 wrote to memory of 1856	3044	plog.exe	116
PID 3044 wrote to memory of 1856	3044	plog.exe	116
PID 3044 wrote to memory of 1856	3044	plog.exe	116
PID 1856 wrote to memory of 4968	1856	plog.exe	117
PID 1856 wrote to memory of 4968	1856	plog.exe	117
PID 1856 wrote to memory of 4968	1856	plog.exe	117
PID 4968 wrote to memory of 1908	4968	plog.exe	118
PID 4968 wrote to memory of 1908	4968	plog.exe	118
PID 4968 wrote to memory of 1908	4968	plog.exe	118
PID 1908 wrote to memory of 368	1908	plog.exe	119
PID 1908 wrote to memory of 368	1908	plog.exe	119
PID 1908 wrote to memory of 368	1908	plog.exe	119
PID 368 wrote to memory of 412	368	plog.exe	120
PID 368 wrote to memory of 412	368	plog.exe	120
PID 368 wrote to memory of 412	368	plog.exe	120
PID 412 wrote to memory of 4708	412	plog.exe	121
PID 412 wrote to memory of 4708	412	plog.exe	121
PID 412 wrote to memory of 4708	412	plog.exe	121
PID 4708 wrote to memory of 4248	4708	plog.exe	122
PID 4708 wrote to memory of 4248	4708	plog.exe	122
PID 4708 wrote to memory of 4248	4708	plog.exe	122
PID 4248 wrote to memory of 3376	4248	plog.exe	124
PID 4248 wrote to memory of 3376	4248	plog.exe	124
PID 4248 wrote to memory of 3376	4248	plog.exe	124
PID 3376 wrote to memory of 512	3376	plog.exe	125
PID 3376 wrote to memory of 512	3376	plog.exe	125
PID 3376 wrote to memory of 512	3376	plog.exe	125
PID 512 wrote to memory of 4440	512	plog.exe	126
PID 512 wrote to memory of 4440	512	plog.exe	126
PID 512 wrote to memory of 4440	512	plog.exe	126
PID 4440 wrote to memory of 2936	4440	plog.exe	127
PID 4440 wrote to memory of 2936	4440	plog.exe	127
PID 4440 wrote to memory of 2936	4440	plog.exe	127
PID 2936 wrote to memory of 468	2936	plog.exe	128

C:\Users\Admin\AppData\Local\Temp\cb1ed66915bff236bd93218863d05dda.exe
"C:\Users\Admin\AppData\Local\Temp\cb1ed66915bff236bd93218863d05dda.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1988
- C:\Windows\SysWOW64\plog.exe
  C:\Windows\system32\plog.exe
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:4688
- - C:\Windows\SysWOW64\plog.exe
    C:\Windows\system32\plog.exe
    3⤵
    - Executes dropped EXE
    - Drops file in Windows directory
    - Suspicious use of WriteProcessMemory
    PID:4600
  - - C:\Windows\SysWOW64\plog.exe
      C:\Windows\system32\plog.exe
      4⤵
      Executes dropped EXE
      Drops file in Windows directory
      Suspicious use of WriteProcessMemory
      PID:400
    - - C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        5⤵
        Executes dropped EXE
        Drops file in System32 directory
        Drops file in Windows directory
        Suspicious use of WriteProcessMemory
        
        PID:3560
      - C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        6⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1520
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        7⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:3920
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        8⤵
        Executes dropped EXE
        Drops file in System32 directory
        Drops file in Windows directory
        Suspicious use of WriteProcessMemory
        
        PID:2940
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        9⤵
        Executes dropped EXE
        Drops file in Windows directory
        Suspicious use of WriteProcessMemory
        
        PID:2764
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        10⤵
        Executes dropped EXE
        Drops file in System32 directory
        Drops file in Windows directory
        Suspicious use of WriteProcessMemory
        
        PID:2736
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        11⤵
        Executes dropped EXE
        Drops file in System32 directory
        Drops file in Windows directory
        Suspicious use of WriteProcessMemory
        
        PID:3044
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        12⤵
        Executes dropped EXE
        Drops file in System32 directory
        Drops file in Windows directory
        Suspicious use of WriteProcessMemory
        
        PID:1856
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        13⤵
        Executes dropped EXE
        Drops file in Windows directory
        Suspicious use of WriteProcessMemory
        
        PID:4968
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        14⤵
        Executes dropped EXE
        Drops file in Windows directory
        Suspicious use of WriteProcessMemory
        
        PID:1908
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        15⤵
        Executes dropped EXE
        Drops file in System32 directory
        Drops file in Windows directory
        Suspicious use of WriteProcessMemory
        
        PID:368
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        16⤵
        Executes dropped EXE
        Drops file in Windows directory
        Suspicious use of WriteProcessMemory
        
        PID:412
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        17⤵
        Executes dropped EXE
        Drops file in System32 directory
        Drops file in Windows directory
        Suspicious use of WriteProcessMemory
        
        PID:4708
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        18⤵
        Executes dropped EXE
        Drops file in System32 directory
        Drops file in Windows directory
        Suspicious use of WriteProcessMemory
        
        PID:4248
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        19⤵
        Executes dropped EXE
        Drops file in System32 directory
        Drops file in Windows directory
        Suspicious use of WriteProcessMemory
        
        PID:3376
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        20⤵
        Executes dropped EXE
        Drops file in Windows directory
        Suspicious use of WriteProcessMemory
        
        PID:512
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        21⤵
        Executes dropped EXE
        Drops file in System32 directory
        Drops file in Windows directory
        Suspicious use of WriteProcessMemory
        
        PID:4440
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        22⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:2936
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        23⤵
        Executes dropped EXE
        Drops file in System32 directory
        Drops file in Windows directory
        
        PID:468
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        24⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:640
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        25⤵
        Executes dropped EXE
        Drops file in System32 directory
        Drops file in Windows directory
        
        PID:668
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        26⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:2920
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        27⤵
        Executes dropped EXE
        Drops file in System32 directory
        Drops file in Windows directory
        
        PID:1216
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        28⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:4744
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        29⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2932
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        30⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:432
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        31⤵
        Executes dropped EXE
        Drops file in System32 directory
        Drops file in Windows directory
        
        PID:1988
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        32⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2568
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        33⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:1372
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        34⤵
        Executes dropped EXE
        Drops file in System32 directory
        Drops file in Windows directory
        
        PID:1288
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        35⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:3376
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        36⤵
        Executes dropped EXE
        Drops file in System32 directory
        Drops file in Windows directory
        
        PID:1752
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        37⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:4808
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        38⤵
        Executes dropped EXE
        Drops file in System32 directory
        Drops file in Windows directory
        
        PID:3044
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        39⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:4836
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        40⤵
        Executes dropped EXE
        Drops file in System32 directory
        Drops file in Windows directory
        
        PID:4876
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        41⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:3660
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        42⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:4548
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        43⤵
        Executes dropped EXE
        Drops file in System32 directory
        Drops file in Windows directory
        
        PID:3476
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        44⤵
        Executes dropped EXE
        Drops file in System32 directory
        Drops file in Windows directory
        
        PID:3044
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        45⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:1080
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        46⤵
        Executes dropped EXE
        Drops file in System32 directory
        Drops file in Windows directory
        
        PID:4864
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        47⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:4484
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        48⤵
        Executes dropped EXE
        Drops file in System32 directory
        Drops file in Windows directory
        
        PID:1908
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        49⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:2772
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        50⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:2912
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        51⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:1640
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        52⤵
        Executes dropped EXE
        
        PID:1876
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        53⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:116
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        54⤵
        Executes dropped EXE
        
        PID:4800
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        55⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:320
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        56⤵
        Executes dropped EXE
        
        PID:756
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        57⤵
        Executes dropped EXE
        
        PID:3632
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        58⤵
        Executes dropped EXE
        Drops file in System32 directory
        Drops file in Windows directory
        
        PID:1856
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        59⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:4672
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        60⤵
        Executes dropped EXE
        Drops file in System32 directory
        Drops file in Windows directory
        
        PID:4876
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        61⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:1192
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        62⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:672
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        63⤵
        Executes dropped EXE
        
        PID:4344
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        64⤵
        Executes dropped EXE
        Drops file in System32 directory
        Drops file in Windows directory
        
        PID:4932
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        65⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:3248
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        66⤵
        Drops file in Windows directory
        
        PID:4720
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        67⤵
        Drops file in System32 directory
        Drops file in Windows directory
        
        PID:3388
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        68⤵
        Drops file in System32 directory
        Drops file in Windows directory
        
        PID:412
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        69⤵
        Drops file in System32 directory
        Drops file in Windows directory
        
        PID:1752
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        70⤵
        Drops file in System32 directory
        Drops file in Windows directory
        
        PID:4440
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        71⤵
        Drops file in System32 directory
        Drops file in Windows directory
        
        PID:4876
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        72⤵
        Drops file in System32 directory
        Drops file in Windows directory
        
        PID:4364
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        73⤵
        Drops file in System32 directory
        Drops file in Windows directory
        
        PID:2420
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        74⤵
        Drops file in System32 directory
        Drops file in Windows directory
        
        PID:3964
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        75⤵
        Drops file in System32 directory
        Drops file in Windows directory
        
        PID:3376
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        76⤵
        
        PID:4796
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        77⤵
        Drops file in System32 directory
        Drops file in Windows directory
        
        PID:468
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        78⤵
        Drops file in Windows directory
        
        PID:1688
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        79⤵
        
        PID:4008
        
        C:\Windows\SysWOW64\plog.exe
        
        C:\Windows\system32\plog.exe
        80⤵
        
        PID:3648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3528 --field-trial-handle=2256,i,6057863739127169200,6895476048812676039,262144 --variations-seed-version /prefetch:8
1⤵
PID:2312

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\logkey.ini

Filesize
49B

MD5
32ef43c0ff7c19c471f26f0adf79552f

SHA1
6b95614e9f517433b069514c30fe28c63b700704

SHA256
aefd2987974a7604fcfd13fa48ad624a5c0f94b93c83d208f7c56785c0b68f00

SHA512
dcf34d3b4def6ae2822f63493652adc57cb79a6a7430aae8438571e4425c1643818094aac3832d8d470b46783da984addc336c581bb4806cc56e3c909524aa09

Download Submit
C:\Windows\SysWOW64\plog.exe

Filesize
616KB

MD5
cb1ed66915bff236bd93218863d05dda

SHA1
203b5e01cd8e696971e817768bdbd0c4ea6dbebb

SHA256
d008c9e8f618b47e4808d729d9104dbbdd238351a58f4b6071eff47be8467323

SHA512
e6481682ce4cd185b6177516b80f78d2b1715eb79f33a37e724fad3ed6138e30f9fedbf6c33a25ddec4ec94e927aa6c368cfc05ba04fa1291841ce56bb987109

Download Submit
C:\Windows\sk.exe

Filesize
616KB

MD5
c5b008946f3af6f66312ad2b10467d01

SHA1
169390cb60e59afb97943d8d2290b12ba191dabd

SHA256
d91d99478b237d7f8f1e7f8047fe22c85e33a8f5c9edf2208967695912acfc23

SHA512
6156c3a2381169606782c87f17a1ebb1c1f7818fb494c017acdcdb5f0976a616ef1aa22d0834132d62b442ebeb990c9f497544448fa517366a2ba057a6565493

Download Submit
C:\Windows\sk.exe

Filesize
79KB

MD5
38b3bb097c50727c84b2734a23afeda7

SHA1
890d15e0d9f55485a27078c642d7b871e1c28e5f

SHA256
f3b47f8e443f531e5e730e65736b309b261b297eed02e3a5622f02503191d485

SHA512
26b0bad4cd0e6b12bd4f3e844a91464fb8f0c2101c4babdd60affc50e461e6368d1313a12319686f8d7c4e26608b423ee354578851c0fae2c91a4b89ba8feece

Download Submit
memory/116-325-0x0000000000660000-0x0000000000661000-memory.dmp

Filesize
4KB

Download
memory/116-329-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/320-335-0x0000000000980000-0x0000000000981000-memory.dmp

Filesize
4KB

Download
memory/320-339-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/368-134-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/368-127-0x0000000000860000-0x0000000000861000-memory.dmp

Filesize
4KB

Download
memory/400-34-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/400-27-0x0000000000840000-0x0000000000841000-memory.dmp

Filesize
4KB

Download
memory/412-136-0x0000000000770000-0x0000000000771000-memory.dmp

Filesize
4KB

Download
memory/412-143-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/432-211-0x0000000002020000-0x0000000002021000-memory.dmp

Filesize
4KB

Download
memory/432-215-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/468-180-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/468-176-0x0000000000870000-0x0000000000871000-memory.dmp

Filesize
4KB

Download
memory/512-165-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/512-161-0x0000000002110000-0x0000000002111000-memory.dmp

Filesize
4KB

Download
memory/640-185-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/640-181-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/668-190-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/668-186-0x0000000000560000-0x0000000000561000-memory.dmp

Filesize
4KB

Download
memory/672-369-0x0000000000630000-0x0000000000631000-memory.dmp

Filesize
4KB

Download
memory/672-373-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/756-340-0x00000000020F0000-0x00000000020F1000-memory.dmp

Filesize
4KB

Download
memory/756-344-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/1080-285-0x0000000000650000-0x0000000000651000-memory.dmp

Filesize
4KB

Download
memory/1080-289-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/1192-368-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/1216-196-0x0000000000860000-0x0000000000861000-memory.dmp

Filesize
4KB

Download
memory/1216-200-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/1288-231-0x0000000000800000-0x0000000000801000-memory.dmp

Filesize
4KB

Download
memory/1288-235-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/1372-230-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/1372-226-0x0000000000760000-0x0000000000761000-memory.dmp

Filesize
4KB

Download
memory/1520-53-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/1520-45-0x0000000000760000-0x0000000000761000-memory.dmp

Filesize
4KB

Download
memory/1640-315-0x0000000000780000-0x0000000000781000-memory.dmp

Filesize
4KB

Download
memory/1640-319-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/1752-241-0x0000000002200000-0x0000000002201000-memory.dmp

Filesize
4KB

Download
memory/1752-245-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/1856-100-0x00000000005A0000-0x00000000005A1000-memory.dmp

Filesize
4KB

Download
memory/1856-350-0x0000000000600000-0x0000000000601000-memory.dmp

Filesize
4KB

Download
memory/1856-354-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/1856-107-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/1876-324-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/1876-320-0x0000000000670000-0x0000000000671000-memory.dmp

Filesize
4KB

Download
memory/1908-304-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/1908-117-0x0000000000740000-0x0000000000741000-memory.dmp

Filesize
4KB

Download
memory/1908-300-0x0000000000680000-0x0000000000681000-memory.dmp

Filesize
4KB

Download
memory/1908-125-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/1988-0-0x0000000000AA0000-0x0000000000AA1000-memory.dmp

Filesize
4KB

Download
memory/1988-220-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/1988-7-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/1988-216-0x0000000000780000-0x0000000000781000-memory.dmp

Filesize
4KB

Download
memory/2568-225-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/2568-221-0x0000000002320000-0x0000000002321000-memory.dmp

Filesize
4KB

Download
memory/2736-81-0x0000000000670000-0x0000000000671000-memory.dmp

Filesize
4KB

Download
memory/2736-89-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/2764-73-0x0000000002210000-0x0000000002211000-memory.dmp

Filesize
4KB

Download
memory/2764-80-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/2772-305-0x0000000000860000-0x0000000000861000-memory.dmp

Filesize
4KB

Download
memory/2772-309-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/2912-310-0x0000000000650000-0x0000000000651000-memory.dmp

Filesize
4KB

Download
memory/2912-314-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/2920-195-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/2920-191-0x00000000005A0000-0x00000000005A1000-memory.dmp

Filesize
4KB

Download
memory/2932-210-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/2932-206-0x0000000000670000-0x0000000000671000-memory.dmp

Filesize
4KB

Download
memory/2936-175-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/2936-171-0x0000000000660000-0x0000000000661000-memory.dmp

Filesize
4KB

Download
memory/2940-71-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/2940-63-0x0000000000A40000-0x0000000000A41000-memory.dmp

Filesize
4KB

Download
memory/3044-284-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/3044-98-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/3044-280-0x0000000000660000-0x0000000000661000-memory.dmp

Filesize
4KB

Download
memory/3044-251-0x0000000000670000-0x0000000000671000-memory.dmp

Filesize
4KB

Download
memory/3044-255-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/3044-90-0x0000000002210000-0x0000000002211000-memory.dmp

Filesize
4KB

Download
memory/3248-380-0x0000000000630000-0x0000000000631000-memory.dmp

Filesize
4KB

Download
memory/3376-236-0x0000000000660000-0x0000000000661000-memory.dmp

Filesize
4KB

Download
memory/3376-240-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/3376-160-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/3376-156-0x0000000002300000-0x0000000002301000-memory.dmp

Filesize
4KB

Download
memory/3388-390-0x0000000000860000-0x0000000000861000-memory.dmp

Filesize
4KB

Download
memory/3476-275-0x0000000000630000-0x0000000000631000-memory.dmp

Filesize
4KB

Download
memory/3476-279-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/3560-44-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/3560-37-0x0000000000530000-0x0000000000531000-memory.dmp

Filesize
4KB

Download
memory/3632-345-0x0000000002220000-0x0000000002221000-memory.dmp

Filesize
4KB

Download
memory/3632-349-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/3660-269-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/3920-61-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/3920-54-0x0000000000800000-0x0000000000801000-memory.dmp

Filesize
4KB

Download
memory/4248-155-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/4248-151-0x0000000000760000-0x0000000000761000-memory.dmp

Filesize
4KB

Download
memory/4344-374-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/4440-166-0x0000000002120000-0x0000000002121000-memory.dmp

Filesize
4KB

Download
memory/4440-170-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/4484-299-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/4484-295-0x0000000000660000-0x0000000000661000-memory.dmp

Filesize
4KB

Download
memory/4548-274-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/4548-270-0x0000000000760000-0x0000000000761000-memory.dmp

Filesize
4KB

Download
memory/4600-18-0x0000000002220000-0x0000000002221000-memory.dmp

Filesize
4KB

Download
memory/4600-26-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/4672-359-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/4672-355-0x00000000005A0000-0x00000000005A1000-memory.dmp

Filesize
4KB

Download
memory/4688-10-0x0000000002110000-0x0000000002111000-memory.dmp

Filesize
4KB

Download
memory/4688-16-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/4708-150-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/4708-144-0x0000000000670000-0x0000000000671000-memory.dmp

Filesize
4KB

Download
memory/4720-385-0x0000000000660000-0x0000000000661000-memory.dmp

Filesize
4KB

Download
memory/4744-201-0x0000000000660000-0x0000000000661000-memory.dmp

Filesize
4KB

Download
memory/4744-205-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/4800-330-0x0000000000760000-0x0000000000761000-memory.dmp

Filesize
4KB

Download
memory/4800-334-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/4808-246-0x0000000000640000-0x0000000000641000-memory.dmp

Filesize
4KB

Download
memory/4808-250-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/4836-256-0x0000000000960000-0x0000000000961000-memory.dmp

Filesize
4KB

Download
memory/4836-260-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/4864-294-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/4864-290-0x0000000000680000-0x0000000000681000-memory.dmp

Filesize
4KB

Download
memory/4876-261-0x00000000022F0000-0x00000000022F1000-memory.dmp

Filesize
4KB

Download
memory/4876-265-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/4876-364-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/4876-360-0x0000000000660000-0x0000000000661000-memory.dmp

Filesize
4KB

Download
memory/4932-375-0x0000000000670000-0x0000000000671000-memory.dmp

Filesize
4KB

Download
memory/4932-379-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/4968-116-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/4968-109-0x0000000000760000-0x0000000000761000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads