871ec8bf2237716e219a648c32f24cf8ad584a0f929076aa68dba0abe147b861

Analysis

max time kernel
42s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03/02/2025, 14:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FreeSpoofer.exe
Size

3.6MB
MD5

d8caeb46f4e99d53b24a27bc62e06551
SHA1

6aa211685157b0a76435da5e40dd1c95c018e913
SHA256

871ec8bf2237716e219a648c32f24cf8ad584a0f929076aa68dba0abe147b861
SHA512

9b9797919fb26fd4a97a20c18a5292015ce3512211c5666487a09d5ab70ae6680be4d1e570bbc95bc47341675a51dad2fd9797be5d4d337421f40ab6fefad3bf
SSDEEP

49152:7yWRDINFfPPHf/2sKVJOZqybgQccCRar1TVejyhTmhOoA6DCHoFIx71DuGLt:mWRQf/+ebgQccSaRuE76NKBDuG

Score

9^/10

defense_evasion discovery execution themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

defense_evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	FreeSpoofer.exe

Stops running service(s) 4 TTPs
defense_evasion execution

Windows Service
T1543.003

Impair Defenses
T1562

Service Stop
T1489

Service Execution
T1569.002

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	FreeSpoofer.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	FreeSpoofer.exe

Themida packer 6 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/memory/2532-0-0x0000000140000000-0x00000001409C9000-memory.dmp	themida
behavioral1/memory/2532-2-0x0000000140000000-0x00000001409C9000-memory.dmp	themida
behavioral1/memory/2532-3-0x0000000140000000-0x00000001409C9000-memory.dmp	themida
behavioral1/memory/2532-4-0x0000000140000000-0x00000001409C9000-memory.dmp	themida
behavioral1/memory/2532-8-0x0000000140000000-0x00000001409C9000-memory.dmp	themida
behavioral1/memory/2532-9-0x0000000140000000-0x00000001409C9000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 1 IoCs

defense_evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	FreeSpoofer.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
2532	FreeSpoofer.exe

Launches sc.exe 4 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
688	sc.exe
944	sc.exe
1720	sc.exe
1548	sc.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 6 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
2696	cmd.exe
2992	cmd.exe
2944	cmd.exe
2356	cmd.exe
2672	cmd.exe
1424	cmd.exe

Kills process with taskkill 23 IoCs

defense_evasion

pid	Process
272	taskkill.exe
1080	taskkill.exe
2592	taskkill.exe
332	taskkill.exe
1092	taskkill.exe
2392	taskkill.exe
832	taskkill.exe
2760	taskkill.exe
2772	taskkill.exe
2996	taskkill.exe
1552	taskkill.exe
2576	taskkill.exe
2728	taskkill.exe
2716	taskkill.exe
1472	taskkill.exe
972	taskkill.exe
2116	taskkill.exe
1356	taskkill.exe
2648	taskkill.exe
576	taskkill.exe
2868	taskkill.exe
2132	taskkill.exe
1724	taskkill.exe

Suspicious use of AdjustPrivilegeToken 23 IoCs

description	pid	Process
Token: SeDebugPrivilege	2728	taskkill.exe
Token: SeDebugPrivilege	2760	taskkill.exe
Token: SeDebugPrivilege	2592	taskkill.exe
Token: SeDebugPrivilege	2716	taskkill.exe
Token: SeDebugPrivilege	2648	taskkill.exe
Token: SeDebugPrivilege	576	taskkill.exe
Token: SeDebugPrivilege	1472	taskkill.exe
Token: SeDebugPrivilege	2868	taskkill.exe
Token: SeDebugPrivilege	332	taskkill.exe
Token: SeDebugPrivilege	972	taskkill.exe
Token: SeDebugPrivilege	2132	taskkill.exe
Token: SeDebugPrivilege	1092	taskkill.exe
Token: SeDebugPrivilege	1724	taskkill.exe
Token: SeDebugPrivilege	2772	taskkill.exe
Token: SeDebugPrivilege	2116	taskkill.exe
Token: SeDebugPrivilege	2392	taskkill.exe
Token: SeDebugPrivilege	2996	taskkill.exe
Token: SeDebugPrivilege	832	taskkill.exe
Token: SeDebugPrivilege	1552	taskkill.exe
Token: SeDebugPrivilege	2576	taskkill.exe
Token: SeDebugPrivilege	1356	taskkill.exe
Token: SeDebugPrivilege	272	taskkill.exe
Token: SeDebugPrivilege	1080	taskkill.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2532 wrote to memory of 2164	2532	FreeSpoofer.exe	31
PID 2532 wrote to memory of 2164	2532	FreeSpoofer.exe	31
PID 2532 wrote to memory of 2164	2532	FreeSpoofer.exe	31
PID 2532 wrote to memory of 2824	2532	FreeSpoofer.exe	33
PID 2532 wrote to memory of 2824	2532	FreeSpoofer.exe	33
PID 2532 wrote to memory of 2824	2532	FreeSpoofer.exe	33
PID 2532 wrote to memory of 2752	2532	FreeSpoofer.exe	34
PID 2532 wrote to memory of 2752	2532	FreeSpoofer.exe	34
PID 2532 wrote to memory of 2752	2532	FreeSpoofer.exe	34
PID 2532 wrote to memory of 2720	2532	FreeSpoofer.exe	35
PID 2532 wrote to memory of 2720	2532	FreeSpoofer.exe	35
PID 2532 wrote to memory of 2720	2532	FreeSpoofer.exe	35
PID 2720 wrote to memory of 2728	2720	cmd.exe	36
PID 2720 wrote to memory of 2728	2720	cmd.exe	36
PID 2720 wrote to memory of 2728	2720	cmd.exe	36
PID 2532 wrote to memory of 2944	2532	FreeSpoofer.exe	38
PID 2532 wrote to memory of 2944	2532	FreeSpoofer.exe	38
PID 2532 wrote to memory of 2944	2532	FreeSpoofer.exe	38
PID 2944 wrote to memory of 2760	2944	cmd.exe	39
PID 2944 wrote to memory of 2760	2944	cmd.exe	39
PID 2944 wrote to memory of 2760	2944	cmd.exe	39
PID 2532 wrote to memory of 2356	2532	FreeSpoofer.exe	40
PID 2532 wrote to memory of 2356	2532	FreeSpoofer.exe	40
PID 2532 wrote to memory of 2356	2532	FreeSpoofer.exe	40
PID 2356 wrote to memory of 2592	2356	cmd.exe	41
PID 2356 wrote to memory of 2592	2356	cmd.exe	41
PID 2356 wrote to memory of 2592	2356	cmd.exe	41
PID 2532 wrote to memory of 2672	2532	FreeSpoofer.exe	42
PID 2532 wrote to memory of 2672	2532	FreeSpoofer.exe	42
PID 2532 wrote to memory of 2672	2532	FreeSpoofer.exe	42
PID 2672 wrote to memory of 2716	2672	cmd.exe	43
PID 2672 wrote to memory of 2716	2672	cmd.exe	43
PID 2672 wrote to memory of 2716	2672	cmd.exe	43
PID 2532 wrote to memory of 2304	2532	FreeSpoofer.exe	44
PID 2532 wrote to memory of 2304	2532	FreeSpoofer.exe	44
PID 2532 wrote to memory of 2304	2532	FreeSpoofer.exe	44
PID 2304 wrote to memory of 2648	2304	cmd.exe	45
PID 2304 wrote to memory of 2648	2304	cmd.exe	45
PID 2304 wrote to memory of 2648	2304	cmd.exe	45
PID 2532 wrote to memory of 1936	2532	FreeSpoofer.exe	46
PID 2532 wrote to memory of 1936	2532	FreeSpoofer.exe	46
PID 2532 wrote to memory of 1936	2532	FreeSpoofer.exe	46
PID 1936 wrote to memory of 576	1936	cmd.exe	47
PID 1936 wrote to memory of 576	1936	cmd.exe	47
PID 1936 wrote to memory of 576	1936	cmd.exe	47
PID 2532 wrote to memory of 1856	2532	FreeSpoofer.exe	48
PID 2532 wrote to memory of 1856	2532	FreeSpoofer.exe	48
PID 2532 wrote to memory of 1856	2532	FreeSpoofer.exe	48
PID 1856 wrote to memory of 1472	1856	cmd.exe	49
PID 1856 wrote to memory of 1472	1856	cmd.exe	49
PID 1856 wrote to memory of 1472	1856	cmd.exe	49
PID 2532 wrote to memory of 1744	2532	FreeSpoofer.exe	50
PID 2532 wrote to memory of 1744	2532	FreeSpoofer.exe	50
PID 2532 wrote to memory of 1744	2532	FreeSpoofer.exe	50
PID 1744 wrote to memory of 2868	1744	cmd.exe	51
PID 1744 wrote to memory of 2868	1744	cmd.exe	51
PID 1744 wrote to memory of 2868	1744	cmd.exe	51
PID 2532 wrote to memory of 320	2532	FreeSpoofer.exe	52
PID 2532 wrote to memory of 320	2532	FreeSpoofer.exe	52
PID 2532 wrote to memory of 320	2532	FreeSpoofer.exe	52
PID 320 wrote to memory of 332	320	cmd.exe	53
PID 320 wrote to memory of 332	320	cmd.exe	53
PID 320 wrote to memory of 332	320	cmd.exe	53
PID 2532 wrote to memory of 1364	2532	FreeSpoofer.exe	54

C:\Users\Admin\AppData\Local\Temp\FreeSpoofer.exe
"C:\Users\Admin\AppData\Local\Temp\FreeSpoofer.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:2532
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2164
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2824
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2752
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c TASKKILL /f /im epicgameslauncher.EXE >nul 2>&1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2720
- - C:\Windows\system32\taskkill.exe
    TASKKILL /f /im epicgameslauncher.EXE
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:2728
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c TASKKILL /f /im FortniteClient-Win64-Shipping_EAC.EXE >nul 2>&1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  - Suspicious use of WriteProcessMemory
  PID:2944
- - C:\Windows\system32\taskkill.exe
    TASKKILL /f /im FortniteClient-Win64-Shipping_EAC.EXE
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:2760
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c TASKKILL /f /im FortniteClient-Win64-Shipping.EXE >nul 2>&1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  - Suspicious use of WriteProcessMemory
  PID:2356
- - C:\Windows\system32\taskkill.exe
    TASKKILL /f /im FortniteClient-Win64-Shipping.EXE
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:2592
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c TASKKILL /f /im FortniteClient-Win64-Shipping_BE.EXE >nul 2>&1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  - Suspicious use of WriteProcessMemory
  PID:2672
- - C:\Windows\system32\taskkill.exe
    TASKKILL /f /im FortniteClient-Win64-Shipping_BE.EXE
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:2716
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c TASKKILL /f /im FortniteLauncher.EXE >nul 2>&1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2304
- - C:\Windows\system32\taskkill.exe
    TASKKILL /f /im FortniteLauncher.EXE
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:2648
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c TASKKILL /f /im UnrealCEFSubProcess.EXE >nul 2>&1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1936
- - C:\Windows\system32\taskkill.exe
    TASKKILL /f /im UnrealCEFSubProcess.EXE
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:576
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c TASKKILL /f /im CEFProcess.EXE >nul 2>&1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1856
- - C:\Windows\system32\taskkill.exe
    TASKKILL /f /im CEFProcess.EXE
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:1472
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c TASKKILL /f /im EasyAntiCheat.EXE >nul 2>&1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1744
- - C:\Windows\system32\taskkill.exe
    TASKKILL /f /im EasyAntiCheat.EXE
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:2868
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c TASKKILL /f /im BEService.EXE >nul 2>&1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:320
- - C:\Windows\system32\taskkill.exe
    TASKKILL /f /im BEService.EXE
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:332
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c TASKKILL /f /im BEServices.EXE >nul 2>&1
  2⤵
  PID:1364
- - C:\Windows\system32\taskkill.exe
    TASKKILL /f /im BEServices.EXE
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:972
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c TASKKILL /f /im BattleEye.EXE >nul 2>&1
  2⤵
  PID:1928
- - C:\Windows\system32\taskkill.exe
    TASKKILL /f /im BattleEye.EXE
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:2132
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c TASKKILL /f /im epicgameslauncher.EXE >nul 2>&1
  2⤵
  PID:2500
- - C:\Windows\system32\taskkill.exe
    TASKKILL /f /im epicgameslauncher.EXE
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:1092
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c TASKKILL /f /im FortniteClient-Win64-Shipping_EAC.EXE >nul 2>&1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:1424
- - C:\Windows\system32\taskkill.exe
    TASKKILL /f /im FortniteClient-Win64-Shipping_EAC.EXE
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:1724
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c TASKKILL /f /im FortniteClient-Win64-Shipping.EXE >nul 2>&1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:2696
- - C:\Windows\system32\taskkill.exe
    TASKKILL /f /im FortniteClient-Win64-Shipping.EXE
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:2772
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c TASKKILL /f /im FortniteClient-Win64-Shipping_BE.EXE >nul 2>&1
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:2992
- - C:\Windows\system32\taskkill.exe
    TASKKILL /f /im FortniteClient-Win64-Shipping_BE.EXE
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:2116
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c TASKKILL /f /im FortniteLauncher.EXE >nul 2>&1
  2⤵
  PID:2960
- - C:\Windows\system32\taskkill.exe
    TASKKILL /f /im FortniteLauncher.EXE
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:2392
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c TASKKILL /f /im UnrealCEFSubProcess.EXE >nul 2>&1
  2⤵
  PID:3000
- - C:\Windows\system32\taskkill.exe
    TASKKILL /f /im UnrealCEFSubProcess.EXE
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:2996
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c TASKKILL /f /im CEFProcess.EXE >nul 2>&1
  2⤵
  PID:1852
- - C:\Windows\system32\taskkill.exe
    TASKKILL /f /im CEFProcess.EXE
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:832
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c TASKKILL /f /im EasyAntiCheat.EXE >nul 2>&1
  2⤵
  PID:2128
- - C:\Windows\system32\taskkill.exe
    TASKKILL /f /im EasyAntiCheat.EXE
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:1552
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c TASKKILL /f /im BEService.EXE >nul 2>&1
  2⤵
  PID:2052
- - C:\Windows\system32\taskkill.exe
    TASKKILL /f /im BEService.EXE
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:2576
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c TASKKILL /f /im BEServices.EXE >nul 2>&1
  2⤵
  PID:2032
- - C:\Windows\system32\taskkill.exe
    TASKKILL /f /im BEServices.EXE
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:1356
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c TASKKILL /f /im BattleEye.EXE >nul 2>&1
  2⤵
  PID:1864
- - C:\Windows\system32\taskkill.exe
    TASKKILL /f /im BattleEye.EXE
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:272
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c TASKKILL /f /im epicgameslauncher.EXE >nul 2>&1
  2⤵
  PID:1376
- - C:\Windows\system32\taskkill.exe
    TASKKILL /f /im epicgameslauncher.EXE
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:1080
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop BEService >nul 2>&1
  2⤵
  PID:2184
- - C:\Windows\system32\sc.exe
    sc stop BEService
    3⤵
    - Launches sc.exe
    PID:1720
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop BEDaisy >nul 2>&1
  2⤵
  PID:1560
- - C:\Windows\system32\sc.exe
    sc stop BEDaisy
    3⤵
    - Launches sc.exe
    PID:1548
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop EasyAntiCheat >nul 2>&1
  2⤵
  PID:1700
- - C:\Windows\system32\sc.exe
    sc stop EasyAntiCheat
    3⤵
    - Launches sc.exe
    PID:688
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop EasyAntiCheatSys >nul 2>&1
  2⤵
  PID:1088
- - C:\Windows\system32\sc.exe
    sc stop EasyAntiCheatSys
    3⤵
    - Launches sc.exe
    PID:944
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c curl -L -o Clean.zip https://gitea.com/Jaxploit/VuxCheats/raw/branch/main/Clean.zip
  2⤵
  PID:2424
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

T1569

Service Execution

T1569.002

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

T1489

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2532-0-0x0000000140000000-0x00000001409C9000-memory.dmp

Filesize
9.8MB

Download
memory/2532-1-0x00000000770E0000-0x00000000770E2000-memory.dmp

Filesize
8KB

Download
memory/2532-2-0x0000000140000000-0x00000001409C9000-memory.dmp

Filesize
9.8MB

Download
memory/2532-3-0x0000000140000000-0x00000001409C9000-memory.dmp

Filesize
9.8MB

Download
memory/2532-4-0x0000000140000000-0x00000001409C9000-memory.dmp

Filesize
9.8MB

Download
memory/2532-8-0x0000000140000000-0x00000001409C9000-memory.dmp

Filesize
9.8MB

Download
memory/2532-9-0x0000000140000000-0x00000001409C9000-memory.dmp

Filesize
9.8MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads