e3ad881428ac2b2840d5ecb728aa4a9ba4a0538548be41a62ee6954f525c1844

Analysis

max time kernel
142s
max time network
154s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/03/2024, 20:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TLLauncherCracked-2024.exe
Size

4.5MB
MD5

19f2f9f101f6a1018e1a37f0aec62d51
SHA1

94b2446dd6c11495b9022401bae8117ff3458a37
SHA256

e919ae7d21d27145b580beb65bb568efb6092d1863b3423bcb683367d6cc72d4
SHA512

06118ccf3844a986986c05b78b4bacce15e78f68134f3d9ad292323dfbd924aaf7981d6e61443adb1e008209fc3b00492d78ee1acb96f2355b9c70525f3e3ce5
SSDEEP

98304:et2qYSI7x8nquqk9OU602w8Eog5fafmOolbmsk:esPNvkvP2TSXosk

Score

9^/10

evasion themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	TLLauncherCracked-2024.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	TLLauncherCracked-2024.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	TLLauncherCracked-2024.exe

Themida packer 10 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/memory/2096-0-0x000000013F310000-0x000000013FEBA000-memory.dmp	themida
behavioral1/memory/2096-2-0x000000013F310000-0x000000013FEBA000-memory.dmp	themida
behavioral1/memory/2096-3-0x000000013F310000-0x000000013FEBA000-memory.dmp	themida
behavioral1/memory/2096-4-0x000000013F310000-0x000000013FEBA000-memory.dmp	themida
behavioral1/memory/2096-5-0x000000013F310000-0x000000013FEBA000-memory.dmp	themida
behavioral1/memory/2096-6-0x000000013F310000-0x000000013FEBA000-memory.dmp	themida
behavioral1/memory/2096-7-0x000000013F310000-0x000000013FEBA000-memory.dmp	themida
behavioral1/memory/2096-8-0x000000013F310000-0x000000013FEBA000-memory.dmp	themida
behavioral1/memory/2096-9-0x000000013F310000-0x000000013FEBA000-memory.dmp	themida
behavioral1/memory/2096-11-0x000000013F310000-0x000000013FEBA000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	TLLauncherCracked-2024.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
2096	TLLauncherCracked-2024.exe

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009d182698a4727943a65bc6c9ecfd0fc50000000002000000000010660000000100002000000025d57254d9250cb3a8e1b04013088f0ab345639226aba40f305e5d4835dec789000000000e80000000020000200000008fdfbda8c6cf9f746b51b3ebc03c1ae5abf95089d927362165346bc701a7b82e900000003c74b1147567ab88f032f19734157da3758feb123b74a631420a83da541b62d21c289f9fdb484cbfb070319ae97bebe967be1ed0ebefae302ae4e74ffc55cbf9fdd6e032d1b66470287e091a57e78ed54321bb000affd366cda365fc62563352b1c6e106edffb4f81bafd98320cb64baabdce498a8e1bf63fe8ee9925c530fad8782f6d215a83b9b3b5caab732523ba2400000006cc60b6b6d4ccf79e41a3627e50e92396f8f9af47684d74adca79ce1a1d22b563ee6c94d3b42d852a19de8b2f4fd1d51d2044014c8613bf8dfd55c5f09c52684	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0ba787e1977da01	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009d182698a4727943a65bc6c9ecfd0fc500000000020000000000106600000001000020000000fdeed67ecf202ee06457864d1b093fc3ec7a5e134cea66d6038e0d94fdeeb570000000000e8000000002000020000000126f556cb9f80b94966af1540ef64958727589e959e962172456e597c896a13f20000000a873d22aff1058b217c85b334116269f3c061b9805482bc2e6ad6828466c82e940000000a8927e66a53b8a8f204a4f29a6844469eb932f230af514b83e40803ba9ae1d3a8ae7bae969afce2ae862a2e4bf798e447915c4781b8848ff988fcc991ff87607	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A9834081-E30C-11EE-ACBC-CAFA5A0A62FD} = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-406356229-2805545415-1236085040-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE

Suspicious behavior: AddClipboardFormatListener 3 IoCs

pid	Process
2980	vlc.exe
2304	vlc.exe
1564	vlc.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
2980	vlc.exe
2304	vlc.exe
1564	vlc.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2096	TLLauncherCracked-2024.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2980	vlc.exe
2980	vlc.exe
2980	vlc.exe
2980	vlc.exe
2980	vlc.exe
2980	vlc.exe
2980	vlc.exe
2980	vlc.exe
2304	vlc.exe
2304	vlc.exe
2304	vlc.exe
2304	vlc.exe
2304	vlc.exe
2304	vlc.exe
2304	vlc.exe
2304	vlc.exe
2980	vlc.exe
2980	vlc.exe
2980	vlc.exe
1564	vlc.exe
1564	vlc.exe
1564	vlc.exe
2304	vlc.exe
2304	vlc.exe
560	IEXPLORE.EXE

Suspicious use of SendNotifyMessage 16 IoCs

pid	Process
2980	vlc.exe
2980	vlc.exe
2980	vlc.exe
2980	vlc.exe
2980	vlc.exe
2980	vlc.exe
2980	vlc.exe
2304	vlc.exe
2304	vlc.exe
2304	vlc.exe
2304	vlc.exe
2304	vlc.exe
2304	vlc.exe
2304	vlc.exe
1564	vlc.exe
1564	vlc.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
2096	TLLauncherCracked-2024.exe
2980	vlc.exe
2304	vlc.exe
1564	vlc.exe
560	IEXPLORE.EXE
560	IEXPLORE.EXE
1392	IEXPLORE.EXE
1392	IEXPLORE.EXE
1392	IEXPLORE.EXE
1392	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 2416 wrote to memory of 2428	2416	wmplayer.exe	29
PID 2416 wrote to memory of 2428	2416	wmplayer.exe	29
PID 2416 wrote to memory of 2428	2416	wmplayer.exe	29
PID 2416 wrote to memory of 2428	2416	wmplayer.exe	29
PID 2416 wrote to memory of 2428	2416	wmplayer.exe	29
PID 2416 wrote to memory of 2428	2416	wmplayer.exe	29
PID 2416 wrote to memory of 2428	2416	wmplayer.exe	29
PID 1964 wrote to memory of 560	1964	iexplore.exe	39
PID 1964 wrote to memory of 560	1964	iexplore.exe	39
PID 1964 wrote to memory of 560	1964	iexplore.exe	39
PID 1964 wrote to memory of 560	1964	iexplore.exe	39
PID 560 wrote to memory of 1392	560	IEXPLORE.EXE	40
PID 560 wrote to memory of 1392	560	IEXPLORE.EXE	40
PID 560 wrote to memory of 1392	560	IEXPLORE.EXE	40
PID 560 wrote to memory of 1392	560	IEXPLORE.EXE	40

C:\Users\Admin\AppData\Local\Temp\TLLauncherCracked-2024.exe
"C:\Users\Admin\AppData\Local\Temp\TLLauncherCracked-2024.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2096

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Enqueue -Embedding
1⤵
- Suspicious use of WriteProcessMemory
PID:2416
- C:\Program Files (x86)\Windows Media Player\setup_wm.exe
  "C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Enqueue -Embedding
  2⤵
  PID:2428

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "C:\Users\Admin\Desktop\ResetTrace.asx"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2980

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "C:\Users\Admin\Desktop\ResetTrace.asx"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2304

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\ResetTrace.asx"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1564

C:\Program Files (x86)\Internet Explorer\iexplore.exe
"C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
1⤵
- Suspicious use of WriteProcessMemory
PID:1964
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:560
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:560 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:1392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4b6e5096d95b0bf351f1e31de6782e30

SHA1
11769fc2c234e9add3fb523e333ebbd6d5e05d84

SHA256
f392f3970552024cb2afa311fd3ec989b9ecfeb080e972b14b2fb9c1c5d3bb1b

SHA512
74b7f84e76cc27d906732ca01979771b331a7a5b6afcf6392956052653d4cb7586c7e611a83b3453e20f6721a09563097406836524f4c314e8becc39e630d238

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab2E54.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6915.tmp

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar46A7.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6939.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
76B

MD5
698d700d02e9ccb33881c2c55d35a3e6

SHA1
333710b999756b01d6d9f5005abbaf73c972ae7b

SHA256
207ca57d56b5a7d3f0b10d78aa967f42adc92a0571fbb01aa7aca8e63718f4db

SHA512
2ce1b3e80b2bef36041c7e5c1932ecda585f5657a0540aa83261a8c37fb799186aefecc01a5fa938d781eef15246428c819ddbb3a30404f94bfba22f4023e49c

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlcrc

Filesize
93KB

MD5
478a4a09f4f74e97335cd4d5e9da7ab5

SHA1
3c4f1dc52a293f079095d0b0370428ec8e8f9315

SHA256
884b59950669842f3c45e6da3480cd9a553538b951fb155b435b48ff38683974

SHA512
e96719663cd264132a8e1ea8c3f8a148c778a0c68caa2468ba47629393605b197dd9e00efad91f389de9fcc77b04981a0cf87f785f3c645cdc9e4ebd98060ca1

Download Submit
memory/2096-3-0x000000013F310000-0x000000013FEBA000-memory.dmp

Filesize
11.7MB

Download
memory/2096-2-0x000000013F310000-0x000000013FEBA000-memory.dmp

Filesize
11.7MB

Download
memory/2096-4-0x000000013F310000-0x000000013FEBA000-memory.dmp

Filesize
11.7MB

Download
memory/2096-5-0x000000013F310000-0x000000013FEBA000-memory.dmp

Filesize
11.7MB

Download
memory/2096-6-0x000000013F310000-0x000000013FEBA000-memory.dmp

Filesize
11.7MB

Download
memory/2096-7-0x000000013F310000-0x000000013FEBA000-memory.dmp

Filesize
11.7MB

Download
memory/2096-8-0x000000013F310000-0x000000013FEBA000-memory.dmp

Filesize
11.7MB

Download
memory/2096-9-0x000000013F310000-0x000000013FEBA000-memory.dmp

Filesize
11.7MB

Download
memory/2096-10-0x0000000077A30000-0x0000000077BD9000-memory.dmp

Filesize
1.7MB

Download
memory/2096-11-0x000000013F310000-0x000000013FEBA000-memory.dmp

Filesize
11.7MB

Download
memory/2096-1-0x0000000077A30000-0x0000000077BD9000-memory.dmp

Filesize
1.7MB

Download
memory/2096-0-0x000000013F310000-0x000000013FEBA000-memory.dmp

Filesize
11.7MB

Download
memory/2980-31-0x000007FEF4CD0000-0x000007FEF4CE1000-memory.dmp

Filesize
68KB

Download
memory/2980-44-0x000007FEF4A00000-0x000007FEF4A21000-memory.dmp

Filesize
132KB

Download
memory/2980-21-0x000007FEF60B0000-0x000007FEF60C1000-memory.dmp

Filesize
68KB

Download
memory/2980-19-0x000007FEF60F0000-0x000007FEF6101000-memory.dmp

Filesize
68KB

Download
memory/2980-18-0x000007FEF6110000-0x000007FEF6127000-memory.dmp

Filesize
92KB

Download
memory/2980-17-0x000007FEF6130000-0x000007FEF6141000-memory.dmp

Filesize
68KB

Download
memory/2980-15-0x000007FEF6B50000-0x000007FEF6B68000-memory.dmp

Filesize
96KB

Download
memory/2980-14-0x000007FEF62E0000-0x000007FEF6594000-memory.dmp

Filesize
2.7MB

Download
memory/2980-22-0x000007FEF5000000-0x000007FEF60AB000-memory.dmp

Filesize
16.7MB

Download
memory/2980-23-0x000007FEF4E00000-0x000007FEF5000000-memory.dmp

Filesize
2.0MB

Download
memory/2980-24-0x000007FEF4DC0000-0x000007FEF4DFF000-memory.dmp

Filesize
252KB

Download
memory/2980-25-0x000007FEF4D90000-0x000007FEF4DB1000-memory.dmp

Filesize
132KB

Download
memory/2980-26-0x000007FEF4D70000-0x000007FEF4D88000-memory.dmp

Filesize
96KB

Download
memory/2980-27-0x000007FEF4D50000-0x000007FEF4D61000-memory.dmp

Filesize
68KB

Download
memory/2980-28-0x000007FEF4D30000-0x000007FEF4D41000-memory.dmp

Filesize
68KB

Download
memory/2980-29-0x000007FEF4D10000-0x000007FEF4D21000-memory.dmp

Filesize
68KB

Download
memory/2980-30-0x000007FEF4CF0000-0x000007FEF4D0B000-memory.dmp

Filesize
108KB

Download
memory/2980-16-0x000007FEF6150000-0x000007FEF6167000-memory.dmp

Filesize
92KB

Download
memory/2980-32-0x000007FEF4CB0000-0x000007FEF4CC8000-memory.dmp

Filesize
96KB

Download
memory/2980-33-0x000007FEF4C80000-0x000007FEF4CB0000-memory.dmp

Filesize
192KB

Download
memory/2980-34-0x000007FEF4C10000-0x000007FEF4C77000-memory.dmp

Filesize
412KB

Download
memory/2980-35-0x000007FEF4BA0000-0x000007FEF4C0F000-memory.dmp

Filesize
444KB

Download
memory/2980-37-0x000007FEF4B20000-0x000007FEF4B76000-memory.dmp

Filesize
344KB

Download
memory/2980-36-0x000007FEF4B80000-0x000007FEF4B91000-memory.dmp

Filesize
68KB

Download
memory/2980-38-0x000007FEF4AF0000-0x000007FEF4B18000-memory.dmp

Filesize
160KB

Download
memory/2980-39-0x000007FEF4AC0000-0x000007FEF4AE4000-memory.dmp

Filesize
144KB

Download
memory/2980-40-0x000007FEF4AA0000-0x000007FEF4AB7000-memory.dmp

Filesize
92KB

Download
memory/2980-20-0x000007FEF60D0000-0x000007FEF60ED000-memory.dmp

Filesize
116KB

Download
memory/2980-43-0x000007FEF4A30000-0x000007FEF4A42000-memory.dmp

Filesize
72KB

Download
memory/2980-45-0x000007FEF49E0000-0x000007FEF49F3000-memory.dmp

Filesize
76KB

Download
memory/2980-46-0x000007FEF49C0000-0x000007FEF49D2000-memory.dmp

Filesize
72KB

Download
memory/2980-42-0x000007FEF4A50000-0x000007FEF4A61000-memory.dmp

Filesize
68KB

Download
memory/2980-41-0x000007FEF4A70000-0x000007FEF4A93000-memory.dmp

Filesize
140KB

Download
memory/2980-47-0x000007FEF4880000-0x000007FEF49BB000-memory.dmp

Filesize
1.2MB

Download
memory/2980-48-0x000007FEF4850000-0x000007FEF487C000-memory.dmp

Filesize
176KB

Download
memory/2980-50-0x000007FEF4630000-0x000007FEF468C000-memory.dmp

Filesize
368KB

Download
memory/2980-51-0x000007FEF4610000-0x000007FEF4621000-memory.dmp

Filesize
68KB

Download
memory/2980-49-0x000007FEF4690000-0x000007FEF4842000-memory.dmp

Filesize
1.7MB

Download
memory/2980-53-0x000007FEF4550000-0x000007FEF4562000-memory.dmp

Filesize
72KB

Download
memory/2980-57-0x000007FEF4280000-0x000007FEF4291000-memory.dmp

Filesize
68KB

Download
memory/2980-59-0x000007FEF41F0000-0x000007FEF4201000-memory.dmp

Filesize
68KB

Download
memory/2980-61-0x000007FEF41B0000-0x000007FEF41C3000-memory.dmp

Filesize
76KB

Download
memory/2980-62-0x000007FEF4110000-0x000007FEF41AF000-memory.dmp

Filesize
636KB

Download
memory/2980-63-0x000007FEF40F0000-0x000007FEF4101000-memory.dmp

Filesize
68KB

Download
memory/2980-64-0x000007FEF3FE0000-0x000007FEF40E2000-memory.dmp

Filesize
1.0MB

Download
memory/2980-65-0x000007FEF3FC0000-0x000007FEF3FD1000-memory.dmp

Filesize
68KB

Download
memory/2980-60-0x000007FEF41D0000-0x000007FEF41E2000-memory.dmp

Filesize
72KB

Download
memory/2980-58-0x000007FEF4210000-0x000007FEF4271000-memory.dmp

Filesize
388KB

Download
memory/2980-66-0x000007FEF3E40000-0x000007FEF3FB8000-memory.dmp

Filesize
1.5MB

Download
memory/2980-13-0x000007FEF65A0000-0x000007FEF65D4000-memory.dmp

Filesize
208KB

Download
memory/2980-12-0x000000013F460000-0x000000013F558000-memory.dmp

Filesize
992KB

Download
memory/2980-67-0x000007FEF3E20000-0x000007FEF3E37000-memory.dmp

Filesize
92KB

Download
memory/2980-56-0x000007FEF42A0000-0x000007FEF42C5000-memory.dmp

Filesize
148KB

Download
memory/2980-55-0x000007FEF42D0000-0x000007FEF4305000-memory.dmp

Filesize
212KB

Download
memory/2980-54-0x000007FEF4310000-0x000007FEF4541000-memory.dmp

Filesize
2.2MB

Download
memory/2980-52-0x000007FEF4570000-0x000007FEF4607000-memory.dmp

Filesize
604KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads