582fdb7c59c3d2f029b94ccb3fb8c8be2d905d6ba3bd70715fe7954c9d7530c5

Analysis

max time kernel
898s
max time network
647s
platform
windows10-2004_x64
resource
win10v2004-20250207-en
resource tags

arch:x64arch:x86image:win10v2004-20250207-enlocale:en-usos:windows10-2004-x64system
submitted
09-02-2025 03:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Predictor7.6.3/Sounds/VisualStudioSetup.exe
Size

4.2MB
MD5

588266fd79a4a51b4fd501d11eabc372
SHA1

e980ac3a93c89e67d1f33d86fffa391c5ba7ff06
SHA256

2e4e7be2891916f6158f45dad8ff5300ee2f78fc7df0d00a031cd5f86693e7ac
SHA512

e5d49e85f911b0646e067f67523cb7e40e9b6e6c13c31dd82294c4afcc270ae9c91f4728c722bc5e5ad9bdbb5cdd21b81747693960d53bbd07554db6a85c6115
SSDEEP

98304:IEbiDMuEbMHwTFSEAlODcXQ874QDdqiJXM8ux:kB+MQTFSLlOsrRMiJXq

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file 3 IoCs

flow	pid	Process
52	2312	Process not Found
83	4128	Process not Found
85	2312	Process not Found

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-705198581-2062733989-3666524522-1000\Control Panel\International\Geo\Nation	VisualStudioSetup.exe

Executes dropped EXE 1 IoCs

pid	Process
3736	vs_setup_bootstrapper.exe

Loads dropped DLL 21 IoCs

pid	Process
3736	vs_setup_bootstrapper.exe
3736	vs_setup_bootstrapper.exe
3736	vs_setup_bootstrapper.exe
3736	vs_setup_bootstrapper.exe
3736	vs_setup_bootstrapper.exe
3736	vs_setup_bootstrapper.exe
3736	vs_setup_bootstrapper.exe
3736	vs_setup_bootstrapper.exe
3736	vs_setup_bootstrapper.exe
3736	vs_setup_bootstrapper.exe
3736	vs_setup_bootstrapper.exe
3736	vs_setup_bootstrapper.exe
3736	vs_setup_bootstrapper.exe
3736	vs_setup_bootstrapper.exe
3736	vs_setup_bootstrapper.exe
3736	vs_setup_bootstrapper.exe
3736	vs_setup_bootstrapper.exe
3736	vs_setup_bootstrapper.exe
3736	vs_setup_bootstrapper.exe
3736	vs_setup_bootstrapper.exe
3736	vs_setup_bootstrapper.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VisualStudioSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vs_setup_bootstrapper.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	getmac.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Nls\Language	vs_setup_bootstrapper.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
4824	MicrosoftEdgeUpdate.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	vs_setup_bootstrapper.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	vs_setup_bootstrapper.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	vs_setup_bootstrapper.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3736	vs_setup_bootstrapper.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2148 wrote to memory of 3736	2148	VisualStudioSetup.exe	88
PID 2148 wrote to memory of 3736	2148	VisualStudioSetup.exe	88
PID 2148 wrote to memory of 3736	2148	VisualStudioSetup.exe	88
PID 3736 wrote to memory of 3508	3736	vs_setup_bootstrapper.exe	89
PID 3736 wrote to memory of 3508	3736	vs_setup_bootstrapper.exe	89
PID 3736 wrote to memory of 3508	3736	vs_setup_bootstrapper.exe	89

C:\Users\Admin\AppData\Local\Temp\Predictor7.6.3\Sounds\VisualStudioSetup.exe
"C:\Users\Admin\AppData\Local\Temp\Predictor7.6.3\Sounds\VisualStudioSetup.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2148
- C:\Users\Admin\AppData\Local\Temp\912e6aff262bf10a826d\vs_bootstrapper_d15\vs_setup_bootstrapper.exe
  "C:\Users\Admin\AppData\Local\Temp\912e6aff262bf10a826d\vs_bootstrapper_d15\vs_setup_bootstrapper.exe" --env "_SFX_CAB_EXE_PACKAGE:C:\Users\Admin\AppData\Local\Temp\Predictor7.6.3\Sounds\VisualStudioSetup.exe _SFX_CAB_EXE_ORIGINALWORKINGDIR:C:\Users\Admin\AppData\Local\Temp\Predictor7.6.3\Sounds"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:3736
- - C:\Windows\SysWOW64\getmac.exe
    "getmac"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3508

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RjBGM0ZCREItMEZEMC00NDFELUI4MjYtOTlDQjdEREM1MEUxfSIgdXNlcmlkPSJ7NTE2QjI2NTctRDQ0NS00RUU4LThDOUUtRTc4QTFBRjM1N0RCfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7OEU0NzQ3QjYtM0Q0MS00NkM2LUIxNjktMEQyMEVGM0NCNjkwfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIxIiBpbnN0YWxsZGF0ZXRpbWU9IjE3Mzg5NDU4NjAiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4MzQxODIxNjMwOTAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MzgzNDI0MzY4Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:4824

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Microsoft\VisualStudio\Packages\_bootstrapper\vs_setup_bootstrapper_202502091247424729.json

Filesize
162B

MD5
ad891c3b02a02419dc60db8c273a8315

SHA1
141a08ca0e25d56bdb35fc71e1c767667079114a

SHA256
186c4b16ee009564819730b358dbdbb0792fc27e602698c5f0a16e20104647c7

SHA512
64cdaf1d6d1b4072e24f3926f91103abf946ff044cda34a9070586c2d2927bcdfc53381c955e447a38965ee426373259759025f97b715158afc429080956196f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\VSApplicationInsights\vstelAIF-312cbd79-9dbb-4c48-a7da-3cc2a931cb70\20250209124814_8782349c4e9141bf9a0d50c753fe3b4b.trn

Filesize
4KB

MD5
460372282bae1cb173d4f2785b10a20d

SHA1
dfc75f2bf74c4abc8e30602a72b4895dc5dd4eb6

SHA256
e6412cdf2fd80bac6a3e7e85d9202e0f08482f15faf773206a8936c2eba5c33a

SHA512
a09542bb731387d76f72ef3662aea8d4de08fe30f4674c1751e4b1dc9017a2db275aee28ae56ec4d990b1793510fa5b3eac046eea53578e574facc55089d2248

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\VSApplicationInsights\vstelf3e86b4023cc43f0be495508d51f588a\20250209124816_5ebbf90903a5455e85c3a3382e8900e7.trn

Filesize
4KB

MD5
884da78a230916dde12b85c68a0e4e21

SHA1
130bed09ed8c1c250850896304110f6c9058425c

SHA256
0e20591143cc440b4ff34b6805a619c2255c3b755fe625839a737bba0c16fcc9

SHA512
a322495c732d64aeca04080f19a4c7d09d9bbb4758ffb24bc8641d7aec3f21dcd9e0f2f5d5e1d67c9f37522732fd6caa6dfa15eca7f02b29fec1f344602ad965

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9CM7QDHX\dyntelconfig[1].cache

Filesize
20KB

MD5
a81af9b600cecf3e01eddea606bf21e0

SHA1
b3738835239aff12fa725b05a8e084b85a3a1108

SHA256
b069ee3f8a316aef4c8350b7a161a87a81f36956ed8989760c8408483383cc10

SHA512
3014482521635e1c6e51becf58be53b7fae5165db340b5f14390bcd4817ce8425c95d4ebc06497fa7366ec693c95cdafb92ce44dafa2954a72c6b8b218a19b68

Download Submit
C:\Users\Admin\AppData\Local\Temp\912e6aff262bf10a826d\vs_bootstrapper_d15\Microsoft.C2RSignatureReader.Interop.dll

Filesize
18KB

MD5
6240940009abe0240203a943741f22b2

SHA1
21d7eaa572a701d2c463f1421b1b4dbb4355e91d

SHA256
62d8143505b130e7dcd2488384c19827787f9370c132d0c05957e16c28c70447

SHA512
4360785a85aa89aa303fb5a4e15233287457b6c46fb0a96e25b89703cc305fe76d0424fc93187da9dc25596b75c33ac9cc171ae37d599b0d914a3e22b0f0f9ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\912e6aff262bf10a826d\vs_bootstrapper_d15\Microsoft.C2RSignatureReader.Native.dll

Filesize
115KB

MD5
7ee93c9293b25b94360c0bb61a0978d3

SHA1
2cd3c71473da6f2cff01f63ea3245e0c7794d15c

SHA256
7424bdcd743c2784e4043f7c489697b6cae3c7dae17b7190967b5522dd3d9bb7

SHA512
0523a771b3685604aab6088d194be5c3555011bd9a57f622f12fba1c6749f7974fc358563a54a85932dfd5be7cf342148fc972bbbabad5d8a5f421fd2e6ca367

Download Submit
C:\Users\Admin\AppData\Local\Temp\912e6aff262bf10a826d\vs_bootstrapper_d15\Microsoft.VisualStudio.RemoteControl.dll

Filesize
46KB

MD5
355c1a112bc0f859b374a4b1c811c1e7

SHA1
b9a58bb26f334d517ab777b6226fef86a67eb4dd

SHA256
cc52e19735d6152702672feb5911c8ba77f60fdc73df5ed0d601b37415f3a7ed

SHA512
f1e858f97dabeb8e9648d1eb753d6fcd9e2bab378259c02b3e031652e87c29fbabfc48d209983f7074dfc256afd42fa1d8184805534037771a71db517fe16c8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\912e6aff262bf10a826d\vs_bootstrapper_d15\Microsoft.VisualStudio.Setup.Common.dll

Filesize
581KB

MD5
b952eda0274f5fe9651312bbdbd35c36

SHA1
a1ca4f102124ffed512b2fd818ef21f29a094f95

SHA256
e8028eb8af8ccc9b78fc688c96e91eb45add8d9f72ce90c365a1eab1f812fe08

SHA512
8192b534adc3442ab23f8c040c4b67a907125ea86ee3f9e6b65f80aa731242b53e174eb394a05599b0e50f6f435f26b93c99b363adcf16724edf83917db79e9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\912e6aff262bf10a826d\vs_bootstrapper_d15\Microsoft.VisualStudio.Setup.Download.dll

Filesize
307KB

MD5
484742c8c65f83e4b272692fa7badb3c

SHA1
fa16f4159547404ade16f8c1abcc8f6978da9abd

SHA256
78531f435198f0b0e0170f1b2d683e7785e5c1ad133b76b6b471a036d6e1d4ac

SHA512
1f47ef544ac5837766befebabab6d8122e3e28aef68e877794fa8ef9ca9583be011386c1eb8fbb566cea40b32b9268f3880f3f8f3c9ff8c78b0b3015d99a775c

Download Submit
C:\Users\Admin\AppData\Local\Temp\912e6aff262bf10a826d\vs_bootstrapper_d15\Microsoft.VisualStudio.Setup.dll

Filesize
1.4MB

MD5
27f5c28bb57287a8f0187d7eee17bda8

SHA1
5b04cd155ee665609cc10c7e8cb72951843d3a5e

SHA256
cc3219b8b031286813871debe27e4d1ed3b2d8caac612d30c8a2cfca4806f41b

SHA512
d9973d51adcf9b683a1a67844fb81c796346fbe268ad4d85b91b02dd06bb584903ca5bb9588ac64118e8893203c1bb3ddf1a6d1246032c3fd9a82b189f82ecd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\912e6aff262bf10a826d\vs_bootstrapper_d15\Microsoft.VisualStudio.Telemetry.dll

Filesize
950KB

MD5
903f254110813906331bef23e680bb9d

SHA1
6e4adfae4281d0b5bd0d8efd8f8eb919e974bd7d

SHA256
148081b9aaaee96125f7d2f09acffb95d7ce1c50d4e7b4b3ca8f3e372e2b8425

SHA512
150f5b438199faf8922390bc2cf93684de4a134e9c82f0e608954f02c47f630c8be22afe0349bd049bb1bc57dcd0951f9cf119713087940a769e076bae00c662

Download Submit
C:\Users\Admin\AppData\Local\Temp\912e6aff262bf10a826d\vs_bootstrapper_d15\Microsoft.VisualStudio.Utilities.Internal.dll

Filesize
62KB

MD5
2dc1dc66b267a3470add7fab88b78069

SHA1
dbe80047475b503791038ed7e47389c062c15c72

SHA256
b044863f98af8d28f4f2f5e2dccb945c57439e1575afb37110e1eec306a6c89c

SHA512
44ef73aab50dcc13ccd94c0353c366818afb27ce73772d722755b04add0c4f294c7814c84da6069d9aa6136f2a48683c25062dcddd1664e8d32fed1b38ceca21

Download Submit
C:\Users\Admin\AppData\Local\Temp\912e6aff262bf10a826d\vs_bootstrapper_d15\Newtonsoft.Json.dll

Filesize
695KB

MD5
195ffb7167db3219b217c4fd439eedd6

SHA1
1e76e6099570ede620b76ed47cf8d03a936d49f8

SHA256
e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

SHA512
56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\912e6aff262bf10a826d\vs_bootstrapper_d15\System.Memory.dll

Filesize
138KB

MD5
f09441a1ee47fb3e6571a3a448e05baf

SHA1
3c5c5df5f8f8db3f0a35c5ed8d357313a54e3cde

SHA256
bf3fb84664f4097f1a8a9bc71a51dcf8cf1a905d4080a4d290da1730866e856f

SHA512
0199ae0633bccfeaefbb5aed20832a4379c7ad73461d41a9da3d6dc044093cc319670e67c4efbf830308cbd9a48fb40d4a6c7e472dcc42eb745c6ba813e8e7c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\912e6aff262bf10a826d\vs_bootstrapper_d15\System.Runtime.CompilerServices.Unsafe.dll

Filesize
17KB

MD5
c610e828b54001574d86dd2ed730e392

SHA1
180a7baafbc820a838bbaca434032d9d33cceebe

SHA256
37768488e8ef45729bc7d9a2677633c6450042975bb96516e186da6cb9cd0dcf

SHA512
441610d2b9f841d25494d7c82222d07e1d443b0da07f0cf735c25ec82f6cce99a3f3236872aec38cc4df779e615d22469666066ccefed7fe75982eefada46396

Download Submit
C:\Users\Admin\AppData\Local\Temp\912e6aff262bf10a826d\vs_bootstrapper_d15\detection.json

Filesize
8KB

MD5
782f4beae90d11351db508f38271eb26

SHA1
f1e92aea9e2cd005c2fb6d4face0258d4f1d8b6c

SHA256
c828a2e5b4045ce36ecf5b49d33d6404c9d6f865df9b3c9623787c2332df07d9

SHA512
0a02beeca5c4e64044692b665507378e6f8b38e519a17c3ceccca1e87f85e1e2e7b3598e598fc84c962d3a5c723b28b52ee0351faaec82a846f0313f3c21e0e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\912e6aff262bf10a826d\vs_bootstrapper_d15\vs_setup_bootstrapper.config

Filesize
622B

MD5
c65295c6216ff4987887e921b6ef7fd5

SHA1
60b9f9118bae393d963f33b5dcfbf78a3748e0f3

SHA256
8618064bf0589dd3e38c36826b54c342a34ed22010883517b2025c54ee12e833

SHA512
9027f92858fb68e2b71cdfaab57ac736b8e0bdfc03760ecee378691fc6ea4892d7246e807cc17a249b31d02c5e459a58ca7a60fabe78f54d329c8aca71eb99e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\912e6aff262bf10a826d\vs_bootstrapper_d15\vs_setup_bootstrapper.exe

Filesize
404KB

MD5
e24ef04ddb8a5474314d34cbd3ffa0c2

SHA1
399b9c3336116df479793d322f8c1e884e154fff

SHA256
49fc3ec8ab51c8f05591ee0ff0d9040bed994dbc3ef9a417a188c6d69a56952f

SHA512
7e845f995cf5bc448f9accf4bc6a9c26a1354ec72b138348e0d474465a101cc77ff4f2801c1b58e48819053f80e7fdb0d0cf25664c2483314cb33b0d312d67e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\912e6aff262bf10a826d\vs_bootstrapper_d15\vs_setup_bootstrapper.exe.config

Filesize
3KB

MD5
72f9933c6e247a13353d9725cd22c2da

SHA1
5b76599644e7c70cd5f08e5a80cec225c891a9da

SHA256
1f423b67ee6ca6a714507ab08fbd383b6d442bd98d321f0a640d533d5a516650

SHA512
afc7b5959506d197246fb482b0a2ca8f1ebfb5957234e547151d1e7a40047a2974768ccdf5c321a984685d99d4f7a1b0fbfb7fe81c40387a229808e45814a6de

Download Submit
memory/3736-153-0x0000000005C30000-0x0000000005C38000-memory.dmp

Filesize
32KB

Download
memory/3736-174-0x0000000007CD0000-0x0000000007CD8000-memory.dmp

Filesize
32KB

Download
memory/3736-165-0x0000000006110000-0x0000000006132000-memory.dmp

Filesize
136KB

Download
memory/3736-149-0x0000000005C90000-0x0000000005CB6000-memory.dmp

Filesize
152KB

Download
memory/3736-157-0x0000000006030000-0x0000000006040000-memory.dmp

Filesize
64KB

Download
memory/3736-145-0x0000000005C40000-0x0000000005C52000-memory.dmp

Filesize
72KB

Download
memory/3736-141-0x0000000005CE0000-0x0000000005D92000-memory.dmp

Filesize
712KB

Download
memory/3736-132-0x0000000005660000-0x0000000005668000-memory.dmp

Filesize
32KB

Download
memory/3736-137-0x0000000073010000-0x00000000737C0000-memory.dmp

Filesize
7.7MB

Download
memory/3736-128-0x00000000058A0000-0x0000000005992000-memory.dmp

Filesize
968KB

Download
memory/3736-124-0x0000000005700000-0x0000000005794000-memory.dmp

Filesize
592KB

Download
memory/3736-167-0x0000000007210000-0x0000000007276000-memory.dmp

Filesize
408KB

Download
memory/3736-168-0x00000000076A0000-0x0000000007732000-memory.dmp

Filesize
584KB

Download
memory/3736-169-0x0000000007CF0000-0x0000000008294000-memory.dmp

Filesize
5.6MB

Download
memory/3736-170-0x0000000007800000-0x00000000078BA000-memory.dmp

Filesize
744KB

Download
memory/3736-136-0x00000000057A0000-0x00000000057F0000-memory.dmp

Filesize
320KB

Download
memory/3736-172-0x0000000073010000-0x00000000737C0000-memory.dmp

Filesize
7.7MB

Download
memory/3736-166-0x0000000006380000-0x00000000066D4000-memory.dmp

Filesize
3.3MB

Download
memory/3736-176-0x0000000073010000-0x00000000737C0000-memory.dmp

Filesize
7.7MB

Download
memory/3736-175-0x0000000007CC0000-0x0000000007CC8000-memory.dmp

Filesize
32KB

Download
memory/3736-177-0x0000000073010000-0x00000000737C0000-memory.dmp

Filesize
7.7MB

Download
memory/3736-178-0x0000000073010000-0x00000000737C0000-memory.dmp

Filesize
7.7MB

Download
memory/3736-179-0x0000000073010000-0x00000000737C0000-memory.dmp

Filesize
7.7MB

Download
memory/3736-181-0x000000000A390000-0x000000000A39E000-memory.dmp

Filesize
56KB

Download
memory/3736-180-0x000000000BBB0000-0x000000000BBE8000-memory.dmp

Filesize
224KB

Download
memory/3736-183-0x000000007301E000-0x000000007301F000-memory.dmp

Filesize
4KB

Download
memory/3736-184-0x0000000073010000-0x00000000737C0000-memory.dmp

Filesize
7.7MB

Download
memory/3736-188-0x0000000073010000-0x00000000737C0000-memory.dmp

Filesize
7.7MB

Download
memory/3736-189-0x0000000073010000-0x00000000737C0000-memory.dmp

Filesize
7.7MB

Download
memory/3736-190-0x0000000073010000-0x00000000737C0000-memory.dmp

Filesize
7.7MB

Download
memory/3736-191-0x0000000073010000-0x00000000737C0000-memory.dmp

Filesize
7.7MB

Download
memory/3736-120-0x00000000052B0000-0x0000000005418000-memory.dmp

Filesize
1.4MB

Download
memory/3736-116-0x00000000007B0000-0x0000000000818000-memory.dmp

Filesize
416KB

Download
memory/3736-114-0x000000007301E000-0x000000007301F000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads