2da12b9469f2f6dfd0f0ded1dd9978d36e081bebee7e01d10b16b81492c0241d

Resubmissions

14/07/2024, 10:57

240714-m2nyzazeqf 3

14/07/2024, 10:53

240714-my7lxaxcrp 3

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
14/07/2024, 10:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Natro_Macro_v1.0.0.1a/nm_image_assets/Styles/Concaved.dll
Size

3.3MB
MD5

f7fb5ba776ecece641f671d7f5f9d380
SHA1

57f169d12fabbfbd632eac41e71dac408f6fefe6
SHA256

ced8d4005fdd76789b41c7da560348b3339376d27571e45a6803cc7f72c7b6c7
SHA512

85d7438caa4b569feb81795f385efb967ab3b0fd996c1160ddf4a70df21e700c163d2b0d8ed9abbdc84e9dfdb0f816e01fdd1b60a9e3ddca6a6e3a641dc6eafe
SSDEEP

12288:HyJqSSmY/NBuai2gWBJqpCGqHmBuRS2C+1JqEa2a/qBuMKmy8ygC6ajja6sxEK6c:Lo6ajjahoc+E9ajjap6K

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\MPEG2Demultiplexer	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9902 = "Movie Clip"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32,@elscore.dll,-9 = "Microsoft Bengali to Latin Transliteration"	SearchIndexer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-177 = "Microsoft PowerPoint Macro-Enabled Slide Show"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-142 = "Microsoft OneNote Table Of Contents"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32,@elscore.dll,-4 = "Microsoft Simplified Chinese to Traditional Chinese Transliteration"	SearchIndexer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32,@elscore.dll,-10 = "Microsoft Hangul Decomposition Transliteration"	SearchIndexer.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{3DBEE9A1-C471-4B95-BBCA-F39310064458} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000f5992205ddd5da01	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{E46787A1-4629-4423-A693-BE1F003B2742} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000040467105ddd5da01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-116 = "Microsoft Excel Template"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9935 = "MPEG-2 TS Video"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{A38B883C-1682-497E-97B0-0A3A9E801682} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000330f1905ddd5da01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9908 = "Wave Sound"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-175 = "Microsoft PowerPoint Slide Show"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\wshext.dll,-4802 = "VBScript Script File"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{F81B1B56-7613-4EE4-BC05-1FAB5DE5C07E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000ac343f05ddd5da01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-101 = "Microsoft Excel Worksheet"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-174 = "Microsoft PowerPoint Presentation"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-182 = "Microsoft PowerPoint Template"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-140 = "Microsoft OneNote Section"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32,@elscore.dll,-2 = "Microsoft Script Detection"	SearchIndexer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\windows.storage.dll,-10152 = "File folder"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\ieframe.dll,-912 = "HTML Document"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9938 = "3GPP2 Audio/Video"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9933 = "MPEG-4 Audio"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\ieframe.dll,-12385 = "Favorites Bar"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia\ActiveMovie	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\notepad.exe,-469 = "Text Document"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\ieframe.dll,-914 = "SVG Document"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32,@elscore.dll,-6 = "Microsoft Cyrillic to Latin Transliteration"	SearchIndexer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@windows.storage.dll,-21825 = "3D Objects"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-176 = "Microsoft PowerPoint Macro-Enabled Presentation"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-127 = "OpenDocument Text"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-120 = "Microsoft Word 97 - 2003 Document"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\ieframe.dll,-913 = "MHTML Document"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Default DirectSound Device	SearchFilterHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{5383EF74-273B-4278-AB0C-CDAA9FD5369E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000efeb7906ddd5da01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\C:\Windows\system32,@elscore.dll,-7 = "Microsoft Devanagari to Latin Transliteration"	SearchIndexer.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\cabview.dll,-20 = "Cabinet File"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{5985FC23-2588-4D9A-B38B-7E7AFFAB3155} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000e1e85d08ddd5da01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\msxml3r.dll,-1 = "XML Document"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\wmphoto.dll,-500 = "Windows Media Photo"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9911 = "Windows Media Audio shortcut"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	SearchFilterHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{33154C99-BF49-443D-A73C-303A23ABBE97} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000035006e06ddd5da01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-194 = "Microsoft Excel Add-In"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-123 = "Microsoft Word Document"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\ieframe.dll,-10046 = "Internet Shortcut"	SearchProtocolHost.exe

Suspicious use of AdjustPrivilegeToken 26 IoCs

description	pid	Process
Token: 33	3120	SearchIndexer.exe
Token: SeIncBasePriorityPrivilege	3120	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3120	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3120	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3120	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3120	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3120	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3120	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3120	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3120	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3120	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3120	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3120	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3120	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3120	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3120	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3120	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3120	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3120	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3120	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3120	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3120	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3120	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3120	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3120	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3120	SearchIndexer.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3120 wrote to memory of 4516	3120	SearchIndexer.exe	95
PID 3120 wrote to memory of 4516	3120	SearchIndexer.exe	95
PID 3120 wrote to memory of 3160	3120	SearchIndexer.exe	96
PID 3120 wrote to memory of 3160	3120	SearchIndexer.exe	96

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Natro_Macro_v1.0.0.1a\nm_image_assets\Styles\Concaved.dll,#1
1⤵
PID:4796

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1484

C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3120
- C:\Windows\system32\SearchProtocolHost.exe
  "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
  2⤵
  - Modifies data under HKEY_USERS
  PID:4516
- C:\Windows\system32\SearchFilterHost.exe
  "C:\Windows\system32\SearchFilterHost.exe" 0 800 804 812 8192 808 784
  2⤵
  - Modifies data under HKEY_USERS
  PID:3160

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3120-0-0x000001E3D4E50000-0x000001E3D4E60000-memory.dmp

Filesize
64KB

Download
memory/3120-16-0x000001E3D5080000-0x000001E3D5090000-memory.dmp

Filesize
64KB

Download
memory/3120-32-0x000001E3D9440000-0x000001E3D9448000-memory.dmp

Filesize
32KB

Download
memory/3120-34-0x000001E3D9C70000-0x000001E3D9C78000-memory.dmp

Filesize
32KB

Download
memory/3160-38-0x0000020EA3470000-0x0000020EA3480000-memory.dmp

Filesize
64KB

Download
memory/3160-39-0x0000020EA3470000-0x0000020EA3480000-memory.dmp

Filesize
64KB

Download
memory/3160-40-0x0000020EA3470000-0x0000020EA3480000-memory.dmp

Filesize
64KB

Download
memory/3160-43-0x0000020EA3470000-0x0000020EA3480000-memory.dmp

Filesize
64KB

Download
memory/3160-41-0x0000020EA3470000-0x0000020EA3480000-memory.dmp

Filesize
64KB

Download
memory/3160-42-0x0000020EA3470000-0x0000020EA3480000-memory.dmp

Filesize
64KB

Download
memory/3160-44-0x0000020EA3470000-0x0000020EA3480000-memory.dmp

Filesize
64KB

Download
memory/3160-46-0x0000020EA3470000-0x0000020EA3480000-memory.dmp

Filesize
64KB

Download
memory/3160-49-0x0000020EA3470000-0x0000020EA3480000-memory.dmp

Filesize
64KB

Download
memory/3160-48-0x0000020EA3470000-0x0000020EA3480000-memory.dmp

Filesize
64KB

Download
memory/3160-51-0x0000020EA3470000-0x0000020EA3480000-memory.dmp

Filesize
64KB

Download
memory/3160-53-0x0000020EA3470000-0x0000020EA3480000-memory.dmp

Filesize
64KB

Download
memory/3160-52-0x0000020EA3470000-0x0000020EA3480000-memory.dmp

Filesize
64KB

Download
memory/3160-50-0x0000020EA3470000-0x0000020EA3480000-memory.dmp

Filesize
64KB

Download
memory/3160-47-0x0000020EA3470000-0x0000020EA3480000-memory.dmp

Filesize
64KB

Download
memory/3160-45-0x0000020EA3470000-0x0000020EA3480000-memory.dmp

Filesize
64KB

Download
memory/3160-54-0x0000020EA3470000-0x0000020EA3480000-memory.dmp

Filesize
64KB

Download
memory/3160-55-0x0000020EA3470000-0x0000020EA3480000-memory.dmp

Filesize
64KB

Download
memory/3160-57-0x0000020EA3470000-0x0000020EA3480000-memory.dmp

Filesize
64KB

Download
memory/3160-59-0x0000020EA3470000-0x0000020EA3480000-memory.dmp

Filesize
64KB

Download
memory/3160-58-0x0000020EA3470000-0x0000020EA3480000-memory.dmp

Filesize
64KB

Download
memory/3160-56-0x0000020EA3470000-0x0000020EA3480000-memory.dmp

Filesize
64KB

Download
memory/3160-60-0x0000020EA3470000-0x0000020EA3480000-memory.dmp

Filesize
64KB

Download
memory/3160-61-0x0000020EA3470000-0x0000020EA3480000-memory.dmp

Filesize
64KB

Download
memory/3160-62-0x0000020EA3470000-0x0000020EA3480000-memory.dmp

Filesize
64KB

Download
memory/3160-64-0x0000020EA3470000-0x0000020EA3480000-memory.dmp

Filesize
64KB

Download
memory/3160-66-0x0000020EA3470000-0x0000020EA3480000-memory.dmp

Filesize
64KB

Download
memory/3160-67-0x0000020EA3470000-0x0000020EA3480000-memory.dmp

Filesize
64KB

Download
memory/3160-65-0x0000020EA3470000-0x0000020EA3480000-memory.dmp

Filesize
64KB

Download
memory/3160-63-0x0000020EA3470000-0x0000020EA3480000-memory.dmp

Filesize
64KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads