c5827cba898daa04abe3be3f7f45ad99ca81804233f366dfa2b50866a1dd0183

General

Target

081c1414ecc3581b94a5e4baa72a4220_NeikiAnalytics.exe
Size

64KB
MD5

081c1414ecc3581b94a5e4baa72a4220
SHA1

db72ae06316149884f6f6e7ce8943f5e947842a2
SHA256

c5827cba898daa04abe3be3f7f45ad99ca81804233f366dfa2b50866a1dd0183
SHA512

7b16d85817fe7094f31181002ed2b8d239cc02c1e83b01fd6ff8e4c84d795ec5d71a2edfeb4419eee7d1949535997e9be2a89a2f5ba15de60baf9a8c333b3467
SSDEEP

768:Ie2rYsf6OagWl0vv9L54gLbjrOjuZ9UnDynFev01YuUpCJ2p/1H5/iXdnh0Usb0x:Z28cam9t4gTSjweiH1fUK2L2rDWBi

Score

10^/10

persistence

Malware Config

Signatures

Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 14 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Bhblllfo.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Dddllkbf.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Aopemh32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Bhkfkmmg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Bhblllfo.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Aopemh32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Bhmbqm32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Coegoe32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Dddllkbf.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	081c1414ecc3581b94a5e4baa72a4220_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Bhkfkmmg.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Coegoe32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	081c1414ecc3581b94a5e4baa72a4220_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Bhmbqm32.exe

Executes dropped EXE 7 IoCs

pid	Process
4896	Aopemh32.exe
840	Bhkfkmmg.exe
4352	Bhmbqm32.exe
2360	Bhblllfo.exe
1380	Coegoe32.exe
1496	Dddllkbf.exe
116	Dkqaoe32.exe

Drops file in System32 directory 21 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\Coegoe32.exe	Bhblllfo.exe
File created	C:\Windows\SysWOW64\Dddllkbf.exe	Coegoe32.exe
File created	C:\Windows\SysWOW64\Nalhik32.dll	Coegoe32.exe
File created	C:\Windows\SysWOW64\Dkqaoe32.exe	Dddllkbf.exe
File opened for modification	C:\Windows\SysWOW64\Aopemh32.exe	081c1414ecc3581b94a5e4baa72a4220_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\Dkbnla32.dll	Bhmbqm32.exe
File created	C:\Windows\SysWOW64\Fbjieo32.dll	Aopemh32.exe
File created	C:\Windows\SysWOW64\Pjllddpj.dll	Bhkfkmmg.exe
File opened for modification	C:\Windows\SysWOW64\Bhblllfo.exe	Bhmbqm32.exe
File opened for modification	C:\Windows\SysWOW64\Dkqaoe32.exe	Dddllkbf.exe
File created	C:\Windows\SysWOW64\Aopemh32.exe	081c1414ecc3581b94a5e4baa72a4220_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\Gdlfcb32.dll	081c1414ecc3581b94a5e4baa72a4220_NeikiAnalytics.exe
File created	C:\Windows\SysWOW64\Fmamhbhe.dll	Bhblllfo.exe
File opened for modification	C:\Windows\SysWOW64\Dddllkbf.exe	Coegoe32.exe
File created	C:\Windows\SysWOW64\Bhkfkmmg.exe	Aopemh32.exe
File opened for modification	C:\Windows\SysWOW64\Bhkfkmmg.exe	Aopemh32.exe
File created	C:\Windows\SysWOW64\Bhblllfo.exe	Bhmbqm32.exe
File created	C:\Windows\SysWOW64\Coegoe32.exe	Bhblllfo.exe
File created	C:\Windows\SysWOW64\Glfdiedd.dll	Dddllkbf.exe
File created	C:\Windows\SysWOW64\Bhmbqm32.exe	Bhkfkmmg.exe
File opened for modification	C:\Windows\SysWOW64\Bhmbqm32.exe	Bhkfkmmg.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
624	116	WerFault.exe	97

Modifies registry class 24 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	081c1414ecc3581b94a5e4baa72a4220_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Bhmbqm32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Glfdiedd.dll"	Dddllkbf.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Gdlfcb32.dll"	081c1414ecc3581b94a5e4baa72a4220_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Aopemh32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Fbjieo32.dll"	Aopemh32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Bhmbqm32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Dddllkbf.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node	081c1414ecc3581b94a5e4baa72a4220_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID	081c1414ecc3581b94a5e4baa72a4220_NeikiAnalytics.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}	081c1414ecc3581b94a5e4baa72a4220_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Fmamhbhe.dll"	Bhblllfo.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Coegoe32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Dddllkbf.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Pjllddpj.dll"	Bhkfkmmg.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Bhkfkmmg.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Bhblllfo.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Dkbnla32.dll"	Bhmbqm32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Bhblllfo.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Nalhik32.dll"	Coegoe32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Coegoe32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	081c1414ecc3581b94a5e4baa72a4220_NeikiAnalytics.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Aopemh32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Bhkfkmmg.exe

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 4888 wrote to memory of 4896	4888	081c1414ecc3581b94a5e4baa72a4220_NeikiAnalytics.exe	91
PID 4888 wrote to memory of 4896	4888	081c1414ecc3581b94a5e4baa72a4220_NeikiAnalytics.exe	91
PID 4888 wrote to memory of 4896	4888	081c1414ecc3581b94a5e4baa72a4220_NeikiAnalytics.exe	91
PID 4896 wrote to memory of 840	4896	Aopemh32.exe	92
PID 4896 wrote to memory of 840	4896	Aopemh32.exe	92
PID 4896 wrote to memory of 840	4896	Aopemh32.exe	92
PID 840 wrote to memory of 4352	840	Bhkfkmmg.exe	93
PID 840 wrote to memory of 4352	840	Bhkfkmmg.exe	93
PID 840 wrote to memory of 4352	840	Bhkfkmmg.exe	93
PID 4352 wrote to memory of 2360	4352	Bhmbqm32.exe	94
PID 4352 wrote to memory of 2360	4352	Bhmbqm32.exe	94
PID 4352 wrote to memory of 2360	4352	Bhmbqm32.exe	94
PID 2360 wrote to memory of 1380	2360	Bhblllfo.exe	95
PID 2360 wrote to memory of 1380	2360	Bhblllfo.exe	95
PID 2360 wrote to memory of 1380	2360	Bhblllfo.exe	95
PID 1380 wrote to memory of 1496	1380	Coegoe32.exe	96
PID 1380 wrote to memory of 1496	1380	Coegoe32.exe	96
PID 1380 wrote to memory of 1496	1380	Coegoe32.exe	96
PID 1496 wrote to memory of 116	1496	Dddllkbf.exe	97
PID 1496 wrote to memory of 116	1496	Dddllkbf.exe	97
PID 1496 wrote to memory of 116	1496	Dddllkbf.exe	97

C:\Users\Admin\AppData\Local\Temp\081c1414ecc3581b94a5e4baa72a4220_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\081c1414ecc3581b94a5e4baa72a4220_NeikiAnalytics.exe"
1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4888
- C:\Windows\SysWOW64\Aopemh32.exe
  C:\Windows\system32\Aopemh32.exe
  2⤵
  - Adds autorun key to be loaded by Explorer.exe on startup
  - Executes dropped EXE
  - Drops file in System32 directory
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:4896
- - C:\Windows\SysWOW64\Bhkfkmmg.exe
    C:\Windows\system32\Bhkfkmmg.exe
    3⤵
    - Adds autorun key to be loaded by Explorer.exe on startup
    - Executes dropped EXE
    - Drops file in System32 directory
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:840
  - - C:\Windows\SysWOW64\Bhmbqm32.exe
      C:\Windows\system32\Bhmbqm32.exe
      4⤵
      Adds autorun key to be loaded by Explorer.exe on startup
      Executes dropped EXE
      Drops file in System32 directory
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:4352
    - - C:\Windows\SysWOW64\Bhblllfo.exe
        
        C:\Windows\system32\Bhblllfo.exe
        5⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:2360
      - C:\Windows\SysWOW64\Coegoe32.exe
        
        C:\Windows\system32\Coegoe32.exe
        6⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1380
        
        C:\Windows\SysWOW64\Dddllkbf.exe
        
        C:\Windows\system32\Dddllkbf.exe
        7⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:1496
        
        C:\Windows\SysWOW64\Dkqaoe32.exe
        
        C:\Windows\system32\Dkqaoe32.exe
        8⤵
        Executes dropped EXE
        
        PID:116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 116 -s 224
        9⤵
        Program crash
        
        PID:624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 116 -ip 116
1⤵
PID:1424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3704 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8
1⤵
PID:2148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1

T1547

Registry Run Keys / Startup Folder

1

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1

T1547

Registry Run Keys / Startup Folder

1

T1547.001

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\Aopemh32.exe

Filesize
64KB

MD5
55199ce597211e828193907b625bde95

SHA1
1957b83dc044efaa7203c9f556560ecdbb37cbac

SHA256
001704957679f432c6eac4a7c4996255e2d8cd435dc72360248554101fc4894f

SHA512
cfaf5193beb1fd97d3877aad9d3a91340dd4c62625f20d595c4029382e40c47912269023c88de3a903258e5aed0c66c7be0555c532298a517a65bfb8562e211e

Download Submit
C:\Windows\SysWOW64\Bhblllfo.exe

Filesize
64KB

MD5
985711664275aa34571a8a03047d70df

SHA1
a3db078a987feee9e9d8141950df190a5454c536

SHA256
4b6127e0b4e2c8f39cd7c18bc0008ad41590ce3217981e6e72c5e11147080288

SHA512
6a5b47dd2f6857e9d3dac780a379c486b2c3243ac2b9b1f0160793302d98c19866111046f6a4e45a291fa4f28183451d0d373eb05188614acd07bd624c84fda5

Download Submit
C:\Windows\SysWOW64\Bhkfkmmg.exe

Filesize
64KB

MD5
afe9ba30e36e7d2c7c1b3e1422adac37

SHA1
d597ccdffd079bc7cd941256dba56c50779f4997

SHA256
829797d332fd178c9f120766b801bb3a72d7a19c0a682d671b9c237e7523d602

SHA512
8365b87eabac4ee0e47371fb7787abebaef05cfa1cf91be6a8369108be7c7d16682e49bc752048d52a3f0e0a7b8a770e83f89f30f26829df8338a0e762c29253

Download Submit
C:\Windows\SysWOW64\Bhmbqm32.exe

Filesize
64KB

MD5
e5dabd4c308dac0df3e28ee8790b5099

SHA1
a19fbbaf73ad796e92586ee886fa1ecd97b1835d

SHA256
7431ff83d114715dd911946dd681e388aa06933491d05efc16ea3c72025613fa

SHA512
7f28c2b60d284d26938c6dd7ea535a18dd6c7e1f48cb050bbfc39ba3ca6663a42bfed0c6574277ca6a63d7aadb3e8699687063801f37b6d2fca618d35e4595f0

Download Submit
C:\Windows\SysWOW64\Coegoe32.exe

Filesize
64KB

MD5
d6a613ee0cca2c10765a1640e6c7d73d

SHA1
efa50093c5ecea8fed3929a220962886189c5994

SHA256
09a43bdbf70402f553bf3a9d499cbef5978791453282e198bf48bd52aeef7be7

SHA512
3af89f99f34787c0d5902ac240bea0440e92fb06c0caa26f8eb3b504a8295baf503ddce9aa7b3051a68bc44a1c767060df3aac6e467706788f01b98155298bc1

Download Submit
C:\Windows\SysWOW64\Dddllkbf.exe

Filesize
64KB

MD5
0ab97217e298e956463cefa41ace5eaa

SHA1
77cf25c7bb19edaf8042addce694d08e9dbecb4e

SHA256
0e582a87f4d84589cc6f6633937c799d14fd813a02189128f91def3619a73e24

SHA512
24d05aeb97257347636ee24f7e0870cfebf97dafeac0faac4f083a8164c2618df2afd8c7e3a0268149b728881fdaa30d73d441b56a3a483f1f1adbcd3600f785

Download Submit
C:\Windows\SysWOW64\Dkqaoe32.exe

Filesize
64KB

MD5
08e90668c6894b9842bea302d7735af6

SHA1
6054aba9423beed66c27c5862ac415338395292b

SHA256
ed05d670109210589d118298c74d963a5fe02b110e64f9dc7c8b9af345963fcb

SHA512
9e0051dd445404c712bab1a8a267b5616be2a5a633d37392eeae39b35aa68aec6930ff8e990594a70e608e5fb32f8544c75af44f1c84e2455d128c223986d880

Download Submit
memory/116-65-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/116-57-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/840-61-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/840-17-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1380-40-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1380-69-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1496-67-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/1496-48-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2360-32-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/2360-63-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/4352-62-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/4352-24-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/4888-1-0x0000000000431000-0x0000000000432000-memory.dmp

Filesize
4KB

Download
memory/4888-58-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/4888-0-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/4896-60-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/4896-8-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads