adwind | b206e15fe9cbe718aec07a99519d7227ceb1ecabeaba00a42c694ff07099b168

Analysis

max time kernel
206s
max time network
203s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
04-02-2025 14:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

INVOICE 15-05-2017.jar
Size

793KB
MD5

e3bf553a0d1f101f3d3e8198bf36fefa
SHA1

c35726ae5ea990e32aa8f77c1062eb8b9cc3b96c
SHA256

b206e15fe9cbe718aec07a99519d7227ceb1ecabeaba00a42c694ff07099b168
SHA512

29008c66f3dca4eb86bf6c525c1384c11c0886fd07ddebc80ac5abf461b0ea34753ba57b8c852d134844a3860349a31ff2ede689f26f541b3f29fdbfe6c2cc74
SSDEEP

24576:c7FJQ2MYN+jTK1SMdyPWSF9GY2i+u0jG/n:CPQrjTK1SJlFv2fuQGf

Score

10^/10

adwind trojan

Malware Config

Signatures

AdWind
A Java-based RAT family operated as malware-as-a-service.
trojan adwind
Adwind family
adwind

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\System32\test.txt	java.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1620	java.exe
4108	java.exe

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 1620 wrote to memory of 4108	1620	java.exe	78
PID 1620 wrote to memory of 4108	1620	java.exe	78
PID 1620 wrote to memory of 3024	1620	java.exe	80
PID 1620 wrote to memory of 3024	1620	java.exe	80
PID 4108 wrote to memory of 2856	4108	java.exe	82
PID 4108 wrote to memory of 2856	4108	java.exe	82
PID 3024 wrote to memory of 4940	3024	cmd.exe	84
PID 3024 wrote to memory of 4940	3024	cmd.exe	84
PID 2856 wrote to memory of 3012	2856	cmd.exe	85
PID 2856 wrote to memory of 3012	2856	cmd.exe	85
PID 4108 wrote to memory of 1856	4108	java.exe	86
PID 4108 wrote to memory of 1856	4108	java.exe	86
PID 1620 wrote to memory of 3476	1620	java.exe	88
PID 1620 wrote to memory of 3476	1620	java.exe	88
PID 1856 wrote to memory of 424	1856	cmd.exe	90
PID 1856 wrote to memory of 424	1856	cmd.exe	90
PID 3476 wrote to memory of 2316	3476	cmd.exe	91
PID 3476 wrote to memory of 2316	3476	cmd.exe	91
PID 4108 wrote to memory of 4560	4108	java.exe	92
PID 4108 wrote to memory of 4560	4108	java.exe	92
PID 1620 wrote to memory of 1308	1620	java.exe	94
PID 1620 wrote to memory of 1308	1620	java.exe	94
PID 4108 wrote to memory of 3412	4108	java.exe	96
PID 4108 wrote to memory of 3412	4108	java.exe	96

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar "C:\Users\Admin\AppData\Local\Temp\INVOICE 15-05-2017.jar"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1620
- C:\Program Files\Java\jre-1.8\bin\java.exe
  "C:\Program Files\Java\jre-1.8\bin\java.exe" -jar C:\Users\Admin\AppData\Local\Temp\_0.0289471384478613427155059551657273970.class
  2⤵
  - Drops file in System32 directory
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4108
- - C:\Windows\SYSTEM32\cmd.exe
    cmd.exe /C cscript.exe C:\Users\Admin\AppData\Local\Temp\Retrive2506675123679493670.vbs
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2856
  - - C:\Windows\system32\cscript.exe
      cscript.exe C:\Users\Admin\AppData\Local\Temp\Retrive2506675123679493670.vbs
      4⤵
      PID:3012
- - C:\Windows\SYSTEM32\cmd.exe
    cmd.exe /C cscript.exe C:\Users\Admin\AppData\Local\Temp\Retrive1688275518966077601.vbs
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1856
  - - C:\Windows\system32\cscript.exe
      cscript.exe C:\Users\Admin\AppData\Local\Temp\Retrive1688275518966077601.vbs
      4⤵
      PID:424
- - C:\Windows\SYSTEM32\xcopy.exe
    xcopy "C:\Program Files\Java\jre-1.8" "C:\Users\Admin\AppData\Roaming\Oracle\" /e
    3⤵
    PID:4560
- - C:\Windows\SYSTEM32\cmd.exe
    cmd.exe
    3⤵
    PID:3412
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /C cscript.exe C:\Users\Admin\AppData\Local\Temp\Retrive1613278965459820224.vbs
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3024
- - C:\Windows\system32\cscript.exe
    cscript.exe C:\Users\Admin\AppData\Local\Temp\Retrive1613278965459820224.vbs
    3⤵
    PID:4940
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /C cscript.exe C:\Users\Admin\AppData\Local\Temp\Retrive7149896872582250528.vbs
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3476
- - C:\Windows\system32\cscript.exe
    cscript.exe C:\Users\Admin\AppData\Local\Temp\Retrive7149896872582250528.vbs
    3⤵
    PID:2316
- C:\Windows\SYSTEM32\xcopy.exe
  xcopy "C:\Program Files\Java\jre-1.8" "C:\Users\Admin\AppData\Roaming\Oracle\" /e
  2⤵
  PID:1308

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
8ea88c17586b45c65585558690181702

SHA1
18585834ea1c0d94bcfdc87f3f1996dc0f599561

SHA256
acf832d7bb1a2b4faa556f501a41812300ec5d749894b6f42f62fc89a423ac42

SHA512
d657f424dd7514ab5ba725f9a157da3738847d8ca675ea860023da46beb5da726da5071fc97ed0ad378f14c086bcceee008184e8d1ca8b8a45c1d6000c0bca38

Download Submit
C:\Users\Admin\AppData\Local\Temp\Retrive1688275518966077601.vbs

Filesize
281B

MD5
a32c109297ed1ca155598cd295c26611

SHA1
dc4a1fdbaad15ddd6fe22d3907c6b03727b71510

SHA256
45bfe34aa3ef932f75101246eb53d032f5e7cf6d1f5b4e495334955a255f32e7

SHA512
70372552dc86fe02ece9fe3b7721463f80be07a34126b2c75b41e30078cda9e90744c7d644df623f63d4fb985482e345b3351c4d3da873162152c67fc6ecc887

Download Submit
C:\Users\Admin\AppData\Local\Temp\Retrive2506675123679493670.vbs

Filesize
276B

MD5
3bdfd33017806b85949b6faa7d4b98e4

SHA1
f92844fee69ef98db6e68931adfaa9a0a0f8ce66

SHA256
9da575dd2d5b7c1e9bab8b51a16cde457b3371c6dcdb0537356cf1497fa868f6

SHA512
ae5e5686ae71edef53e71cd842cb6799e4383b9c238a5c361b81647efa128d2fedf3bf464997771b5b0c47a058fecae7829aeedcd098c80a11008581e5781429

Download Submit
C:\Users\Admin\AppData\Local\Temp\_0.0289471384478613427155059551657273970.class

Filesize
241KB

MD5
781fb531354d6f291f1ccab48da6d39f

SHA1
9ce4518ebcb5be6d1f0b5477fa00c26860fe9a68

SHA256
97d585b6aff62fb4e43e7e6a5f816dcd7a14be11a88b109a9ba9e8cd4c456eb9

SHA512
3e6630f5feb4a3eb1dac7e9125ce14b1a2a45d7415cf44cea42bc51b2a9aa37169ee4a4c36c888c8f2696e7d6e298e2ad7b2f4c22868aaa5948210eb7db220d8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3587106988-279496464-3440778474-1000\83aa4cc77f591dfc2374580bbd95f6ba_605430f4-93cf-4c59-84cd-e6cd51bd2585

Filesize
45B

MD5
c8366ae350e7019aefc9d1e6e6a498c6

SHA1
5731d8a3e6568a5f2dfbbc87e3db9637df280b61

SHA256
11e6aca8e682c046c83b721eeb5c72c5ef03cb5936c60df6f4993511ddc61238

SHA512
33c980d5a638bfc791de291ebf4b6d263b384247ab27f261a54025108f2f85374b579a026e545f81395736dd40fa4696f2163ca17640dd47f1c42bc9971b18cd

Download Submit
C:\Users\Admin\AppData\Roaming\Oracle\bin\plugin2\msvcp140.dll

Filesize
558KB

MD5
bf78c15068d6671693dfcdfa5770d705

SHA1
4418c03c3161706a4349dfe3f97278e7a5d8962a

SHA256
a88b8c1c8f27bf90fe960e0e8bd56984ad48167071af92d96ec1051f89f827fb

SHA512
5b6b0ab4e82cc979eaa619d387c6995198fd19aa0c455bef44bd37a765685575d57448b3b4accd70d3bd20a6cd408b1f518eda0f6dae5aa106f225bee8291372

Download Submit
C:\Users\Admin\AppData\Roaming\Oracle\bin\plugin2\vcruntime140.dll

Filesize
95KB

MD5
7415c1cc63a0c46983e2a32581daefee

SHA1
5f8534d79c84ac45ad09b5a702c8c5c288eae240

SHA256
475ab98b7722e965bd38c8fa6ed23502309582ccf294ff1061cb290c7988f0d1

SHA512
3d4b24061f72c0e957c7b04a0c4098c94c8f1afb4a7e159850b9939c7210d73398be6f27b5ab85073b4e8c999816e7804fef0f6115c39cd061f4aaeb4dcda8cf

Download Submit
C:\Users\Admin\AppData\Roaming\Oracle\bin\plugin2\vcruntime140_1.dll

Filesize
36KB

MD5
fcda37abd3d9e9d8170cd1cd15bf9d3f

SHA1
b23ff3e9aa2287b9c1249a008c0ae06dc8b6fdf2

SHA256
0579d460ea1f7e8a815fa55a8821a5ff489c8097f051765e9beaf25d8d0f27d6

SHA512
de8be61499aaa1504dde8c19666844550c2ea7ef774ecbe26900834b252887da31d4cf4fb51338b16b6a4416de733e519ebf8c375eb03eb425232a6349da2257

Download Submit
C:\Users\Admin\AppData\Roaming\Oracle\lib\deploy\messages_zh_TW.properties

Filesize
3KB

MD5
880baacb176553deab39edbe4b74380d

SHA1
37a57aad121c14c25e149206179728fa62203bf0

SHA256
ff4a3a92bc92cb08d2c32c435810440fd264edd63e56efa39430e0240c835620

SHA512
3039315bb283198af9090bd3d31cfae68ee73bc2b118bbae0b32812d4e3fd0f11ce962068d4a17b065dab9a66ef651b9cb8404c0a2defce74bb6b2d1d93646d5

Download Submit
C:\Users\Admin\AppData\Roaming\Oracle\lib\images\cursors\win32_CopyNoDrop32x32.gif

Filesize
153B

MD5
1e9d8f133a442da6b0c74d49bc84a341

SHA1
259edc45b4569427e8319895a444f4295d54348f

SHA256
1a1d3079d49583837662b84e11d8c0870698511d9110e710eb8e7eb20df7ae3b

SHA512
63d6f70c8cab9735f0f857f5bf99e319f6ae98238dc7829dd706b7d6855c70be206e32e3e55df884402483cf8bebad00d139283af5c0b85dc1c5bf8f253acd37

Download Submit
memory/1620-97-0x0000023B1F610000-0x0000023B1F620000-memory.dmp

Filesize
64KB

Download
memory/1620-116-0x0000023B1F660000-0x0000023B1F670000-memory.dmp

Filesize
64KB

Download
memory/1620-55-0x0000023B1F320000-0x0000023B1F590000-memory.dmp

Filesize
2.4MB

Download
memory/1620-51-0x0000023B1F600000-0x0000023B1F610000-memory.dmp

Filesize
64KB

Download
memory/1620-56-0x0000023B1F620000-0x0000023B1F630000-memory.dmp

Filesize
64KB

Download
memory/1620-58-0x0000023B1F630000-0x0000023B1F640000-memory.dmp

Filesize
64KB

Download
memory/1620-72-0x0000023B1F680000-0x0000023B1F690000-memory.dmp

Filesize
64KB

Download
memory/1620-74-0x0000023B1F690000-0x0000023B1F6A0000-memory.dmp

Filesize
64KB

Download
memory/1620-73-0x0000023B1F5A0000-0x0000023B1F5B0000-memory.dmp

Filesize
64KB

Download
memory/1620-70-0x0000023B1F660000-0x0000023B1F670000-memory.dmp

Filesize
64KB

Download
memory/1620-77-0x0000023B1F6A0000-0x0000023B1F6B0000-memory.dmp

Filesize
64KB

Download
memory/1620-76-0x0000023B1F5B0000-0x0000023B1F5C0000-memory.dmp

Filesize
64KB

Download
memory/1620-81-0x0000023B1F6B0000-0x0000023B1F6C0000-memory.dmp

Filesize
64KB

Download
memory/1620-80-0x0000023B1F5C0000-0x0000023B1F5D0000-memory.dmp

Filesize
64KB

Download
memory/1620-69-0x0000023B1F650000-0x0000023B1F660000-memory.dmp

Filesize
64KB

Download
memory/1620-68-0x0000023B1F640000-0x0000023B1F650000-memory.dmp

Filesize
64KB

Download
memory/1620-67-0x0000023B1F590000-0x0000023B1F5A0000-memory.dmp

Filesize
64KB

Download
memory/1620-71-0x0000023B1F670000-0x0000023B1F680000-memory.dmp

Filesize
64KB

Download
memory/1620-83-0x0000023B1F6C0000-0x0000023B1F6D0000-memory.dmp

Filesize
64KB

Download
memory/1620-82-0x0000023B1F5D0000-0x0000023B1F5E0000-memory.dmp

Filesize
64KB

Download
memory/1620-85-0x0000023B1F5E0000-0x0000023B1F5F0000-memory.dmp

Filesize
64KB

Download
memory/1620-1067-0x0000023B1F770000-0x0000023B1F780000-memory.dmp

Filesize
64KB

Download
memory/1620-1065-0x0000023B1F760000-0x0000023B1F770000-memory.dmp

Filesize
64KB

Download
memory/1620-1064-0x0000023B1F750000-0x0000023B1F760000-memory.dmp

Filesize
64KB

Download
memory/1620-1060-0x0000023B1F740000-0x0000023B1F750000-memory.dmp

Filesize
64KB

Download
memory/1620-101-0x0000023B1F620000-0x0000023B1F630000-memory.dmp

Filesize
64KB

Download
memory/1620-100-0x0000023B1F6D0000-0x0000023B1F6E0000-memory.dmp

Filesize
64KB

Download
memory/1620-1058-0x0000023B1F730000-0x0000023B1F740000-memory.dmp

Filesize
64KB

Download
memory/1620-157-0x0000023B1F740000-0x0000023B1F750000-memory.dmp

Filesize
64KB

Download
memory/1620-96-0x0000023B1F600000-0x0000023B1F610000-memory.dmp

Filesize
64KB

Download
memory/1620-117-0x0000023B1F670000-0x0000023B1F680000-memory.dmp

Filesize
64KB

Download
memory/1620-49-0x0000023B1F5F0000-0x0000023B1F600000-memory.dmp

Filesize
64KB

Download
memory/1620-119-0x0000023B1F690000-0x0000023B1F6A0000-memory.dmp

Filesize
64KB

Download
memory/1620-52-0x0000023B1F610000-0x0000023B1F620000-memory.dmp

Filesize
64KB

Download
memory/1620-115-0x0000023B1F650000-0x0000023B1F660000-memory.dmp

Filesize
64KB

Download
memory/1620-114-0x0000023B1F640000-0x0000023B1F650000-memory.dmp

Filesize
64KB

Download
memory/1620-113-0x0000023B1F700000-0x0000023B1F710000-memory.dmp

Filesize
64KB

Download
memory/1620-112-0x0000023B1F6F0000-0x0000023B1F700000-memory.dmp

Filesize
64KB

Download
memory/1620-46-0x0000023B1F5E0000-0x0000023B1F5F0000-memory.dmp

Filesize
64KB

Download
memory/1620-110-0x0000023B1F6E0000-0x0000023B1F6F0000-memory.dmp

Filesize
64KB

Download
memory/1620-109-0x0000023B1F680000-0x0000023B1F690000-memory.dmp

Filesize
64KB

Download
memory/1620-108-0x0000023B1F630000-0x0000023B1F640000-memory.dmp

Filesize
64KB

Download
memory/1620-44-0x0000023B1F5D0000-0x0000023B1F5E0000-memory.dmp

Filesize
64KB

Download
memory/1620-658-0x0000023B1F720000-0x0000023B1F730000-memory.dmp

Filesize
64KB

Download
memory/1620-41-0x0000023B1F5C0000-0x0000023B1F5D0000-memory.dmp

Filesize
64KB

Download
memory/1620-88-0x0000023B1F5F0000-0x0000023B1F600000-memory.dmp

Filesize
64KB

Download
memory/1620-124-0x0000023B1F710000-0x0000023B1F720000-memory.dmp

Filesize
64KB

Download
memory/1620-123-0x0000023B1F6A0000-0x0000023B1F6B0000-memory.dmp

Filesize
64KB

Download
memory/1620-38-0x0000023B1F5B0000-0x0000023B1F5C0000-memory.dmp

Filesize
64KB

Download
memory/1620-128-0x0000023B1F6B0000-0x0000023B1F6C0000-memory.dmp

Filesize
64KB

Download
memory/1620-29-0x0000023B1F5A0000-0x0000023B1F5B0000-memory.dmp

Filesize
64KB

Download
memory/1620-25-0x0000023B1F590000-0x0000023B1F5A0000-memory.dmp

Filesize
64KB

Download
memory/1620-132-0x0000023B1F6C0000-0x0000023B1F6D0000-memory.dmp

Filesize
64KB

Download
memory/1620-573-0x0000023B1DAB0000-0x0000023B1DAB1000-memory.dmp

Filesize
4KB

Download
memory/1620-11-0x0000023B1DAB0000-0x0000023B1DAB1000-memory.dmp

Filesize
4KB

Download
memory/1620-2-0x0000023B1F320000-0x0000023B1F590000-memory.dmp

Filesize
2.4MB

Download
memory/1620-142-0x0000023B1DAB0000-0x0000023B1DAB1000-memory.dmp

Filesize
4KB

Download
memory/1620-146-0x0000023B1F720000-0x0000023B1F730000-memory.dmp

Filesize
64KB

Download
memory/1620-175-0x0000023B1F710000-0x0000023B1F720000-memory.dmp

Filesize
64KB

Download
memory/1620-155-0x0000023B1F730000-0x0000023B1F740000-memory.dmp

Filesize
64KB

Download
memory/1620-158-0x0000023B1F6D0000-0x0000023B1F6E0000-memory.dmp

Filesize
64KB

Download
memory/1620-161-0x0000023B1F6E0000-0x0000023B1F6F0000-memory.dmp

Filesize
64KB

Download
memory/1620-165-0x0000023B1F750000-0x0000023B1F760000-memory.dmp

Filesize
64KB

Download
memory/1620-167-0x0000023B1F760000-0x0000023B1F770000-memory.dmp

Filesize
64KB

Download
memory/1620-171-0x0000023B1F770000-0x0000023B1F780000-memory.dmp

Filesize
64KB

Download
memory/1620-152-0x0000023B1DAB0000-0x0000023B1DAB1000-memory.dmp

Filesize
4KB

Download
memory/1620-164-0x0000023B1F700000-0x0000023B1F710000-memory.dmp

Filesize
64KB

Download
memory/1620-163-0x0000023B1F6F0000-0x0000023B1F700000-memory.dmp

Filesize
64KB

Download
memory/4108-130-0x000001A86C2B0000-0x000001A86C2B1000-memory.dmp

Filesize
4KB

Download
memory/4108-162-0x000001A86C590000-0x000001A86C5A0000-memory.dmp

Filesize
64KB

Download
memory/4108-156-0x000001A86C5E0000-0x000001A86C5F0000-memory.dmp

Filesize
64KB

Download
memory/4108-150-0x000001A86C2B0000-0x000001A86C2B1000-memory.dmp

Filesize
4KB

Download
memory/4108-154-0x000001A86C580000-0x000001A86C590000-memory.dmp

Filesize
64KB

Download
memory/4108-153-0x000001A86C560000-0x000001A86C570000-memory.dmp

Filesize
64KB

Download
memory/4108-170-0x000001A86C5A0000-0x000001A86C5B0000-memory.dmp

Filesize
64KB

Download
memory/4108-176-0x000001A86C5F0000-0x000001A86C600000-memory.dmp

Filesize
64KB

Download
memory/4108-145-0x000001A86C570000-0x000001A86C580000-memory.dmp

Filesize
64KB

Download
memory/4108-178-0x000001A86C600000-0x000001A86C610000-memory.dmp

Filesize
64KB

Download
memory/4108-177-0x000001A86C5B0000-0x000001A86C5C0000-memory.dmp

Filesize
64KB

Download
memory/4108-187-0x000001A86C5D0000-0x000001A86C5E0000-memory.dmp

Filesize
64KB

Download
memory/4108-186-0x000001A86C630000-0x000001A86C640000-memory.dmp

Filesize
64KB

Download
memory/4108-185-0x000001A86C620000-0x000001A86C630000-memory.dmp

Filesize
64KB

Download
memory/4108-184-0x000001A86C610000-0x000001A86C620000-memory.dmp

Filesize
64KB

Download
memory/4108-183-0x000001A86C5C0000-0x000001A86C5D0000-memory.dmp

Filesize
64KB

Download
memory/4108-137-0x000001A86C540000-0x000001A86C550000-memory.dmp

Filesize
64KB

Download
memory/4108-138-0x000001A86C550000-0x000001A86C560000-memory.dmp

Filesize
64KB

Download
memory/4108-548-0x000001A86C2B0000-0x000001A86C2B1000-memory.dmp

Filesize
4KB

Download
memory/4108-139-0x000001A86C5D0000-0x000001A86C5E0000-memory.dmp

Filesize
64KB

Download
memory/4108-133-0x000001A86C5C0000-0x000001A86C5D0000-memory.dmp

Filesize
64KB

Download
memory/4108-129-0x000001A86C5B0000-0x000001A86C5C0000-memory.dmp

Filesize
64KB

Download
memory/4108-91-0x000001A86C550000-0x000001A86C560000-memory.dmp

Filesize
64KB

Download
memory/4108-92-0x000001A86C570000-0x000001A86C580000-memory.dmp

Filesize
64KB

Download
memory/4108-111-0x000001A86C590000-0x000001A86C5A0000-memory.dmp

Filesize
64KB

Download
memory/4108-120-0x000001A86C5A0000-0x000001A86C5B0000-memory.dmp

Filesize
64KB

Download
memory/4108-1057-0x000001A86C2B0000-0x000001A86C2B1000-memory.dmp

Filesize
4KB

Download
memory/4108-98-0x000001A86C560000-0x000001A86C570000-memory.dmp

Filesize
64KB

Download
memory/4108-1059-0x000001A86C5E0000-0x000001A86C5F0000-memory.dmp

Filesize
64KB

Download
memory/4108-99-0x000001A86C580000-0x000001A86C590000-memory.dmp

Filesize
64KB

Download
memory/4108-86-0x000001A86C540000-0x000001A86C550000-memory.dmp

Filesize
64KB

Download
memory/4108-54-0x000001A86C2D0000-0x000001A86C540000-memory.dmp

Filesize
2.4MB

Download
memory/4108-23-0x000001A86C2D0000-0x000001A86C540000-memory.dmp

Filesize
2.4MB

Download
memory/4108-1068-0x000001A86C5F0000-0x000001A86C600000-memory.dmp

Filesize
64KB

Download
memory/4108-1069-0x000001A86C2B0000-0x000001A86C2B1000-memory.dmp

Filesize
4KB

Download
memory/4108-1070-0x000001A86C2B0000-0x000001A86C2B1000-memory.dmp

Filesize
4KB

Download
memory/4108-1071-0x000001A86C600000-0x000001A86C610000-memory.dmp

Filesize
64KB

Download
memory/4108-1073-0x000001A86C610000-0x000001A86C620000-memory.dmp

Filesize
64KB

Download
memory/4108-1077-0x000001A86C2B0000-0x000001A86C2B1000-memory.dmp

Filesize
4KB

Download
memory/4108-1078-0x000001A86C2B0000-0x000001A86C2B1000-memory.dmp

Filesize
4KB

Download
memory/4108-1081-0x000001A86C2B0000-0x000001A86C2B1000-memory.dmp

Filesize
4KB

Download
memory/4108-1093-0x000001A86C2B0000-0x000001A86C2B1000-memory.dmp

Filesize
4KB

Download
memory/4108-1094-0x000001A86C2B0000-0x000001A86C2B1000-memory.dmp

Filesize
4KB

Download
memory/4108-1097-0x000001A86C2B0000-0x000001A86C2B1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads