0d63158ad92fa2bdedd465302a18e8f8f910efae6eb6686a1c846c2a9cc9cae4

Analysis

max time kernel
425s
max time network
540s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250217-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250217-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
24/02/2025, 02:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

idk bro.jar
Size

639KB
MD5

77500cdad67aa74ceda0e7b5673ebc86
SHA1

9112360da806440e3dd0812e7235cd83e5d5da9a
SHA256

0d63158ad92fa2bdedd465302a18e8f8f910efae6eb6686a1c846c2a9cc9cae4
SHA512

fb233bc220cf5e1b0ef80db1c5df5abf1f80adf584d684dd9552e6420f9d3aad0a3e7b1ac716357e0d560048ede5b3cd15211d4e0b7f1b0ce85aeb19cac0cd87
SSDEEP

12288:ZH5eQw/8m4zCv4bG0mh3go/NRj+BMWNS9xgohuRi73Wuc2FMSbzDwN:ZHwQ8kz24i33goX+5S9OCnWuhFPbzDwN

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2501448743-3279416841-701563739-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Home = "C:\\Program Files\\Java\\jre-1.8\\bin\\javaw.exe -jar C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\.tmp\\1740365203316.tmp"	reg.exe

Enumerates connected drives 3 TTPs 1 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	java.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	0.tcp.ngrok.io
16	0.tcp.ngrok.io

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4644	java.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4644 wrote to memory of 3320	4644	java.exe	84
PID 4644 wrote to memory of 3320	4644	java.exe	84
PID 4644 wrote to memory of 1692	4644	java.exe	86
PID 4644 wrote to memory of 1692	4644	java.exe	86
PID 1692 wrote to memory of 2344	1692	cmd.exe	88
PID 1692 wrote to memory of 2344	1692	cmd.exe	88

Views/modifies file attributes 1 TTPs 1 IoCs

defense_evasion

Hidden Files and Directories

T1564.001

pid	Process
3320	attrib.exe

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar "C:\Users\Admin\AppData\Local\Temp\idk bro.jar"
1⤵
- Enumerates connected drives
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4644
- C:\Windows\SYSTEM32\attrib.exe
  attrib +H C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1740365203316.tmp
  2⤵
  - Views/modifies file attributes
  PID:3320
- C:\Windows\SYSTEM32\cmd.exe
  cmd.exe /c "REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1740365203316.tmp" /f"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1692
- - C:\Windows\system32\reg.exe
    REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1740365203316.tmp" /f
    3⤵
    - Adds Run key to start application
    PID:2344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\imageio1079445221668833326.tmp

Filesize
38KB

MD5
28c57bc7865875e00087e0ab0caa0a52

SHA1
9778fdd8efb3f558d238e592506935afdb6e37e6

SHA256
a8db692832d478a8efa13762fd51d80a69bcf167028e3bbe9205a6d19cc25d85

SHA512
520eead2ba72672973828b7111075a024b1d7edac08772ec66bf7c44cf08d2a76cb14423568ead708a818c1a11801e111e4cee29b88e98aacb69702a87a19eeb

Download Submit
C:\Users\Admin\AppData\Local\Temp\imageio1759602709145552353.tmp

Filesize
330B

MD5
a884b5751ac6cc1bb016b5bbad394b28

SHA1
4c214d93ab93aa2e401c44701299e18d8ae93525

SHA256
28b41c007ce593d2cd245fdf8fbe5382cd0b2c8ba08d916306ce289b34ca02be

SHA512
d47540e5322612f2c272f6f1c1ffd07e2bdf88da53356ed1e5dbe1e3983b77552082be51a662c0a9817960c5ead11257a82beca627979f1b7e4ff44846b4b754

Download Submit
C:\Users\Admin\AppData\Local\Temp\imageio1932275573972916804.tmp

Filesize
37KB

MD5
d2491fac62db6b4222086b32f7caad97

SHA1
aeb106a0296cd1e4e8045d322f632b9ff6d4ee77

SHA256
748f725cccb465b8f1f66dfc2a0d70bffc574177dbda9bcce9d7a6c64db9dee0

SHA512
7e66a24fcb797cb35a385d5b9c5088dfc78beff7a4eea4c1b16f80f7b5c7f519f8d296c94a5984dea43b9a641c533f0078f0de689825bf57aa3d0ef2672553b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\imageio1941621970341678526.tmp

Filesize
260B

MD5
fca331452cf1c2b5e75df889dfaa94ac

SHA1
a799675adb1eb5e9e893117a8eaabe6e1c0c9ac3

SHA256
f2282f78a4c6b933a6f0a1970a4fc32889bccdce4058283dcfb57e7b1a110c38

SHA512
beb50424f0f352c736e6318dc9f4bee68b234cffeb2c634521da039fb1b9e1a9c947ea2e6e6a5f4c7e84121adf7922403efa453ded3a45a7803213d7b4d9307d

Download Submit
C:\Users\Admin\AppData\Local\Temp\imageio2266797251563995589.tmp

Filesize
395B

MD5
3338aa57aaaded7c314425d22be5483e

SHA1
b09b6bc78079488dba2112e92a5ca59388f0d382

SHA256
6ec54458e0593bd19cb9437e7c778d913c8cdf942bb0396e34866fae1aa96767

SHA512
d3c3c6c1a4ea7bd6c68c502bc2c720ae79d54f31062a55aac280d05e4ce27224a42e092fc3b9d0639e575722825b071e7d52b1a284fc20a0d4a30dbbb5bbf3f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\imageio2528357427914492791.tmp

Filesize
426B

MD5
c7cc46c4e398e69d5f1fddfc1467a1f5

SHA1
5480a028f1020e279ab03de1f67788a01eb1c258

SHA256
a218355ee47705703925ca42086215669a57fcdfa7170f1d58cf97ed484c0ffd

SHA512
bd143f9185f0bad38a88c4a8bd5f3c53e7cda0f97f8ab3a2a22bcda7b06fb903abacd4173f439bb61616d9b392ff8cbeb554e370962d1869fe1f9169837ce283

Download Submit
C:\Users\Admin\AppData\Local\Temp\imageio2860251606836180047.tmp

Filesize
222B

MD5
5ce32d1e2175e17faa168d16a8a9b8df

SHA1
351275b499d3f200a91f2e37156d2c42851fb91c

SHA256
20cf255ab75bb17fce6155efad8db671512e46f7f6553036b8e3eb3d1df774ca

SHA512
2b74f7b915313ef9cf3b1606c13238584389ad66be206524fda05c438324f2dc16fe610bb536ca0d127be0fd20c8bbd69535914028bfbc48cfe85e946f373cdd

Download Submit
C:\Users\Admin\AppData\Local\Temp\imageio2953100038985425428.tmp

Filesize
300B

MD5
09e7aa6a00338d557e75c119adfbcca1

SHA1
1a4296f9f6329b594b1200a956e67a438b4e9556

SHA256
ac4771ba8721484bd99b9df3045a8817bacece36c18b9af522965af5178edaeb

SHA512
38181c1d0f909d8877647bf91b4f02b0d14e53ea57eea34bab7e798a782266711d7ad1a218d8593d0fc324837077e16ba9bdc185e7397de6540dd36ad996e324

Download Submit
C:\Users\Admin\AppData\Local\Temp\imageio3774040297660166834.tmp

Filesize
351B

MD5
023126c0696b39485af6f57eb2911cdf

SHA1
60d74b4d1bc3b6f192b26c859bbafb23b8e4c9c9

SHA256
3d3c6dddbc54af1b647adab3fd9e84731891df92fdca5ddc5925496f5197f40a

SHA512
cb9c7ffb498855f3e5beace260029b860c9f22f35bc921e133574e1122c764ada17d0de5e6405a7e093ac48a8ff7f5c4ae0579af68bec8e0af1ecb32f640291b

Download Submit
C:\Users\Admin\AppData\Local\Temp\imageio3963858755740476376.tmp

Filesize
31KB

MD5
d4c9429bbd4c35a9e5e6a8d59ca3973a

SHA1
5cdd4e36f212f484ca87deec8198c4eebbc852c8

SHA256
5cff2aecbe6190cb78f42bdcef0f6269efe282597228286fd6ccdbe9795aa541

SHA512
0e93cae4fdd22561deff274318d82d34cc6d0451eb507d1dd7b1efec8cb9a1e049e03ffe0efc683a9a75593e8738ca41892fe1db0f682dcdd3519cd735ec8d7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\imageio4240322564032655112.tmp

Filesize
580B

MD5
b090e8ff133589f05da97052d6e49fcc

SHA1
2af5bdd2fa787723f1d9aadd0c45e6dc32439be0

SHA256
419178688d5ad63fc8c82ca6c037c3d32bae23b7abe087bd472466cf56ec41ea

SHA512
7e2f3d74f9b62350dc1b55510a1c6290fcc05411c7ebd057dd5376d868b3869ec0f26de84b1daec9da4d69c111fef762c4268af2771d1996e590a658e3133093

Download Submit
C:\Users\Admin\AppData\Local\Temp\imageio4269815272205540308.tmp

Filesize
37KB

MD5
e3db665430b604f29ddfe88927e58cda

SHA1
0d2a94e25eeae68a51067902b43223498a25d807

SHA256
729f821cf8dcc10c66c1b6fdbf270898fe39e74c274e4e8524d3e8d429fe08f6

SHA512
4422655b4c16af6a327ea03d7faca01d8263ad377b11ddcd26e53117b423009c41507864c4797033caaf3b09e07cb664483af9a045a967317e2a0e2536329f25

Download Submit
C:\Users\Admin\AppData\Local\Temp\imageio5026565439300417496.tmp

Filesize
597B

MD5
32284e8acaaa7693bd585632a80aeea2

SHA1
067064c4965e77d321b0f38982a199bcd64a23b7

SHA256
9d80bb4ad94cb30f33ff995b1c9dd9152e1db6d8bc08b6e45554e5e782cbe60f

SHA512
d1a9bd110eda355f101f3a0a97f3fbb950e0c921f08c1f35ea02185e8752d75bf05c18369748cd9c90cdd82d805b55ec42192ee602e946fa167830745572f8f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\imageio5249121389834071081.tmp

Filesize
850B

MD5
21c3facdf1026c2dd79f0110eb9f7f0f

SHA1
93e0449d1e8a845a6253762b2af0d57efe97e036

SHA256
fb88993dd5cab2af179a4d0818b1114f17b6dd07f122370ef03da6c88f14afa2

SHA512
680ac6318c04416b26e3dc8192bdee5be269bd33ec422ca1700cc0b886f15e55a4d64dda0f0113cc3d7b7315b6cd61b37d2de4fec4fba5a04fc0a92f65c5761c

Download Submit
C:\Users\Admin\AppData\Local\Temp\imageio5560281917403791418.tmp

Filesize
125B

MD5
b2f046457203f1fdf5c6917d76a6f741

SHA1
cd8f54e7b88fbd7f223afd2f5560bb08b76276c3

SHA256
6bcd663c96f1925381162102e71b269976c4528f96ef7f9257ac6687b44a30a7

SHA512
d36aea6efca402f16558c72f9cae34f9fde36512de822c6235c230452b0b447a8a422957c5f366af7ba8cee178833f878d3f71267739aaa08eae95bee7f8d067

Download Submit
C:\Users\Admin\AppData\Local\Temp\imageio568003372477015368.tmp

Filesize
584B

MD5
c6545ac56e958270088b4842f484756b

SHA1
f6381b020b0e2e6d8e26babfb0b65aa19522c527

SHA256
b2483dd24cc16817588d7fa3d9ab0c18d710e806c81bec419e7b918b4b07564c

SHA512
135e8bc052a56de4ddacb9fafea36657b09ed6a5e41d9ddb94a53adfe89ef0f6aeb9d41036949329c6a3d6f0d4375cbbcf8c09d0de4626ef14dc5a02edcb4e95

Download Submit
C:\Users\Admin\AppData\Local\Temp\imageio5857347932683352889.tmp

Filesize
629B

MD5
d7c66f2f15b87724696da25e78bc0a95

SHA1
dadd20f7409285683ccbadd286c513e011782b72

SHA256
3d1dd772776939aaa072c8661a1ec1162b9a689ee1a79c7e622c026d360f80c6

SHA512
f429db4ebd7d4d87ec9ffc21a617ba958dd2c9f381ab370e1fc55020cb8714f7dfb8693df74ce73c2c121f22881915744d29a031edc8155488029df34c5600ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\imageio6017989056114926637.tmp

Filesize
496B

MD5
ca4883a8673b8831548e60549214da06

SHA1
558c19847dc07fbfa9794a5260b35a6e521929dd

SHA256
0a1b5086c21ff45ca2a15a999e172fc653d18ac9058fe54b1deffc52b1597ce6

SHA512
45f389c18be67c2bc98b95a88c675694e5d2279bc5bdfad18daaf32440d37956ea699a0410bc5b9cebb76bddcfff13a0b64179169a50a4c0c6ee0cafe3eae89c

Download Submit
C:\Users\Admin\AppData\Local\Temp\imageio7000023725968450524.tmp

Filesize
253B

MD5
34c76e795f451416eef0d2a61c1a30a4

SHA1
cbbddfe66002fc4b57ed3b5d04bcdc79c49d5454

SHA256
933800d95ff9fc4ad4dc5f53c972fa4919cb46fda14ccdf16a4815c099806797

SHA512
c7539a80890b226f16344c5c94b768f98d0f8497f65f02b567a9ebccf1e22a6701a0effae3fb0124b5d00bcc64193124d5608f6f0be1c94e21f3104181049a98

Download Submit
C:\Users\Admin\AppData\Local\Temp\imageio7112104645344235848.tmp

Filesize
294B

MD5
3afd2e1d38c0ed059aa821a530e992c0

SHA1
1769bab69a55cdc96264259ca4c91f7f3a01a318

SHA256
43120ce57a98d48e28a72aad444ed2bb0e1cb19876df0600d9f4417a4cd4ee51

SHA512
7e65021cd64ac9f907183b088d00a62c1c495e023f0b89cca7c902e4c10be9f434583934a9d527f060c2cec74cea6ab98ef3e2a8352f5434c9569367f96c28a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\imageio7219395073154305261.tmp

Filesize
388B

MD5
b04d66da7b58ca382de0823bb8289f83

SHA1
f1cda021b46b23b6dd492efc1b4836ec66ecfe8a

SHA256
2aeb1f880743aa3a8fadf54c21ddbeb03e8dc335aea4d51a7ff4125b36ff77dd

SHA512
78afe40dfe9c0a55442bd8744ee0471898058d3f7898167dc47183ab58e5d2453155983e1ce59271baac3c3995c0c9a561513fdfc0d523f7f9fe216876200dce

Download Submit
C:\Users\Admin\AppData\Local\Temp\imageio8345613069963525338.tmp

Filesize
484B

MD5
cc8fbb4440ae04418928c8d42e4ccb21

SHA1
bbbeed8e96bcfa4dfd977441a83566dbc638e079

SHA256
cd899a1183aeeac6a4c6a0f17d8af1845d244896d7e9fd309b1f486d918f89c0

SHA512
569892d513c1c56ceac24ee757e4868a14b4c3a5084c2b21192a36a171dd5240914621a203ebacb0ada0d65fc406c31be8346445fb3a86c0280515006376472c

Download Submit
C:\Users\Admin\AppData\Local\Temp\imageio8768166981125191675.tmp

Filesize
37KB

MD5
a5f86dee1a0f180905ee0cf4260bd622

SHA1
d6bca256c3e00d04a7669bf7e56feda98621a3ce

SHA256
db1d58c1d7882f5aad9619ef21be42a4548c3745aee8506e5b8139f590df76dd

SHA512
bc7bddb5efe31ec038e4742d315114cc112a5293ca9f496f15e8f82b995d0d05729f92bbd1912f94b1629fa90fca097bef24df5f3d7a4f2c90813417add5496f

Download Submit
C:\Users\Admin\AppData\Local\Temp\imageio9049311025807925823.tmp

Filesize
232B

MD5
f366e326624f5b3ced2b01969c776b3e

SHA1
05f74e035383e89a477457ea8b3594c8328dad82

SHA256
83fa65bee30600736f905f06a53fa55ab85ae9279f961bab12f508473d2d94bf

SHA512
91d277b6223425816cbaa684129b8975a15b1cb16ee4dadb31c2d8cc7b20b39b3941aefcaf7f997ab820861c71221032dce729e0520c5c449567ed70efda808a

Download Submit
memory/4644-300-0x0000016B80450000-0x0000016B80460000-memory.dmp

Filesize
64KB

Download
memory/4644-48-0x0000016BFC3C0000-0x0000016BFC3C1000-memory.dmp

Filesize
4KB

Download
memory/4644-68-0x0000016BFC3C0000-0x0000016BFC3C1000-memory.dmp

Filesize
4KB

Download
memory/4644-70-0x0000016B80340000-0x0000016B80350000-memory.dmp

Filesize
64KB

Download
memory/4644-71-0x0000016BFC3C0000-0x0000016BFC3C1000-memory.dmp

Filesize
4KB

Download
memory/4644-74-0x0000016B80350000-0x0000016B80360000-memory.dmp

Filesize
64KB

Download
memory/4644-77-0x0000016BFC3C0000-0x0000016BFC3C1000-memory.dmp

Filesize
4KB

Download
memory/4644-78-0x0000016B802F0000-0x0000016B80300000-memory.dmp

Filesize
64KB

Download
memory/4644-79-0x0000016B80300000-0x0000016B80310000-memory.dmp

Filesize
64KB

Download
memory/4644-80-0x0000016B80310000-0x0000016B80320000-memory.dmp

Filesize
64KB

Download
memory/4644-81-0x0000016B80320000-0x0000016B80330000-memory.dmp

Filesize
64KB

Download
memory/4644-82-0x0000016B80330000-0x0000016B80340000-memory.dmp

Filesize
64KB

Download
memory/4644-83-0x0000016B80340000-0x0000016B80350000-memory.dmp

Filesize
64KB

Download
memory/4644-87-0x0000016B80350000-0x0000016B80360000-memory.dmp

Filesize
64KB

Download
memory/4644-88-0x0000016B80360000-0x0000016B80370000-memory.dmp

Filesize
64KB

Download
memory/4644-96-0x0000016B80370000-0x0000016B80380000-memory.dmp

Filesize
64KB

Download
memory/4644-105-0x0000016B80390000-0x0000016B803A0000-memory.dmp

Filesize
64KB

Download
memory/4644-104-0x0000016B80380000-0x0000016B80390000-memory.dmp

Filesize
64KB

Download
memory/4644-108-0x0000016B803A0000-0x0000016B803B0000-memory.dmp

Filesize
64KB

Download
memory/4644-112-0x0000016BFC3C0000-0x0000016BFC3C1000-memory.dmp

Filesize
4KB

Download
memory/4644-123-0x0000016B803B0000-0x0000016B803C0000-memory.dmp

Filesize
64KB

Download
memory/4644-126-0x0000016B803C0000-0x0000016B803D0000-memory.dmp

Filesize
64KB

Download
memory/4644-131-0x0000016B803D0000-0x0000016B803E0000-memory.dmp

Filesize
64KB

Download
memory/4644-63-0x0000016B80330000-0x0000016B80340000-memory.dmp

Filesize
64KB

Download
memory/4644-155-0x0000016B803E0000-0x0000016B803F0000-memory.dmp

Filesize
64KB

Download
memory/4644-154-0x0000016B80360000-0x0000016B80370000-memory.dmp

Filesize
64KB

Download
memory/4644-58-0x0000016B80310000-0x0000016B80320000-memory.dmp

Filesize
64KB

Download
memory/4644-175-0x0000016B80400000-0x0000016B80410000-memory.dmp

Filesize
64KB

Download
memory/4644-177-0x0000016B80410000-0x0000016B80420000-memory.dmp

Filesize
64KB

Download
memory/4644-183-0x0000016B803F0000-0x0000016B80400000-memory.dmp

Filesize
64KB

Download
memory/4644-182-0x0000016B80380000-0x0000016B80390000-memory.dmp

Filesize
64KB

Download
memory/4644-181-0x0000016B80370000-0x0000016B80380000-memory.dmp

Filesize
64KB

Download
memory/4644-228-0x0000016B80390000-0x0000016B803A0000-memory.dmp

Filesize
64KB

Download
memory/4644-229-0x0000016B80420000-0x0000016B80430000-memory.dmp

Filesize
64KB

Download
memory/4644-258-0x0000016B803A0000-0x0000016B803B0000-memory.dmp

Filesize
64KB

Download
memory/4644-278-0x0000016B803B0000-0x0000016B803C0000-memory.dmp

Filesize
64KB

Download
memory/4644-279-0x0000016B80430000-0x0000016B80440000-memory.dmp

Filesize
64KB

Download
memory/4644-285-0x0000016B80440000-0x0000016B80450000-memory.dmp

Filesize
64KB

Download
memory/4644-284-0x0000016B803C0000-0x0000016B803D0000-memory.dmp

Filesize
64KB

Download
memory/4644-2-0x0000016B80000000-0x0000016B80270000-memory.dmp

Filesize
2.4MB

Download
memory/4644-299-0x0000016B803D0000-0x0000016B803E0000-memory.dmp

Filesize
64KB

Download
memory/4644-55-0x0000016B80300000-0x0000016B80310000-memory.dmp

Filesize
64KB

Download
memory/4644-336-0x0000016B803E0000-0x0000016B803F0000-memory.dmp

Filesize
64KB

Download
memory/4644-51-0x0000016B802F0000-0x0000016B80300000-memory.dmp

Filesize
64KB

Download
memory/4644-371-0x0000016B80400000-0x0000016B80410000-memory.dmp

Filesize
64KB

Download
memory/4644-410-0x0000016B80410000-0x0000016B80420000-memory.dmp

Filesize
64KB

Download
memory/4644-456-0x0000016B80460000-0x0000016B80470000-memory.dmp

Filesize
64KB

Download
memory/4644-482-0x0000016BFC3C0000-0x0000016BFC3C1000-memory.dmp

Filesize
4KB

Download
memory/4644-487-0x0000016B80420000-0x0000016B80430000-memory.dmp

Filesize
64KB

Download
memory/4644-488-0x0000016B80470000-0x0000016B80480000-memory.dmp

Filesize
64KB

Download
memory/4644-490-0x0000016B80480000-0x0000016B80490000-memory.dmp

Filesize
64KB

Download
memory/4644-61-0x0000016B80320000-0x0000016B80330000-memory.dmp

Filesize
64KB

Download
memory/4644-566-0x0000016B80430000-0x0000016B80440000-memory.dmp

Filesize
64KB

Download
memory/4644-568-0x0000016B80490000-0x0000016B804A0000-memory.dmp

Filesize
64KB

Download
memory/4644-567-0x0000016B80440000-0x0000016B80450000-memory.dmp

Filesize
64KB

Download
memory/4644-570-0x0000016B80450000-0x0000016B80460000-memory.dmp

Filesize
64KB

Download
memory/4644-571-0x0000016B804A0000-0x0000016B804B0000-memory.dmp

Filesize
64KB

Download
memory/4644-606-0x0000016B804B0000-0x0000016B804C0000-memory.dmp

Filesize
64KB

Download
memory/4644-645-0x0000016B804C0000-0x0000016B804D0000-memory.dmp

Filesize
64KB

Download
memory/4644-817-0x0000016B80460000-0x0000016B80470000-memory.dmp

Filesize
64KB

Download
memory/4644-878-0x0000016B80470000-0x0000016B80480000-memory.dmp

Filesize
64KB

Download
memory/4644-931-0x0000016B80480000-0x0000016B80490000-memory.dmp

Filesize
64KB

Download
memory/4644-968-0x0000016B804D0000-0x0000016B804E0000-memory.dmp

Filesize
64KB

Download
memory/4644-970-0x0000016B804E0000-0x0000016B804F0000-memory.dmp

Filesize
64KB

Download
memory/4644-969-0x0000016B80490000-0x0000016B804A0000-memory.dmp

Filesize
64KB

Download
memory/4644-974-0x0000016B804A0000-0x0000016B804B0000-memory.dmp

Filesize
64KB

Download
memory/4644-975-0x0000016B804F0000-0x0000016B80500000-memory.dmp

Filesize
64KB

Download
memory/4644-977-0x0000016B804B0000-0x0000016B804C0000-memory.dmp

Filesize
64KB

Download
memory/4644-979-0x0000016B804C0000-0x0000016B804D0000-memory.dmp

Filesize
64KB

Download
memory/4644-983-0x0000016B804D0000-0x0000016B804E0000-memory.dmp

Filesize
64KB

Download
memory/4644-987-0x0000016B80510000-0x0000016B80520000-memory.dmp

Filesize
64KB

Download
memory/4644-985-0x0000016B804E0000-0x0000016B804F0000-memory.dmp

Filesize
64KB

Download
memory/4644-1022-0x0000016B80520000-0x0000016B80530000-memory.dmp

Filesize
64KB

Download
memory/4644-1021-0x0000016B804F0000-0x0000016B80500000-memory.dmp

Filesize
64KB

Download
memory/4644-45-0x0000016B802E0000-0x0000016B802F0000-memory.dmp

Filesize
64KB

Download
memory/4644-1049-0x0000016B80530000-0x0000016B80540000-memory.dmp

Filesize
64KB

Download
memory/4644-44-0x0000016B802D0000-0x0000016B802E0000-memory.dmp

Filesize
64KB

Download
memory/4644-1080-0x0000016B80540000-0x0000016B80550000-memory.dmp

Filesize
64KB

Download
memory/4644-1108-0x0000016B80550000-0x0000016B80560000-memory.dmp

Filesize
64KB

Download
memory/4644-1135-0x0000016B80560000-0x0000016B80570000-memory.dmp

Filesize
64KB

Download
memory/4644-1155-0x0000016B80570000-0x0000016B80580000-memory.dmp

Filesize
64KB

Download
memory/4644-43-0x0000016B802C0000-0x0000016B802D0000-memory.dmp

Filesize
64KB

Download
memory/4644-42-0x0000016B802B0000-0x0000016B802C0000-memory.dmp

Filesize
64KB

Download
memory/4644-1184-0x0000016B80580000-0x0000016B80590000-memory.dmp

Filesize
64KB

Download
memory/4644-41-0x0000016B802A0000-0x0000016B802B0000-memory.dmp

Filesize
64KB

Download
memory/4644-40-0x0000016B80290000-0x0000016B802A0000-memory.dmp

Filesize
64KB

Download
memory/4644-1227-0x0000016B80590000-0x0000016B805A0000-memory.dmp

Filesize
64KB

Download
memory/4644-39-0x0000016B80280000-0x0000016B80290000-memory.dmp

Filesize
64KB

Download
memory/4644-38-0x0000016B80270000-0x0000016B80280000-memory.dmp

Filesize
64KB

Download
memory/4644-36-0x0000016B80000000-0x0000016B80270000-memory.dmp

Filesize
2.4MB

Download
memory/4644-35-0x0000016BFC3C0000-0x0000016BFC3C1000-memory.dmp

Filesize
4KB

Download
memory/4644-34-0x0000016B802E0000-0x0000016B802F0000-memory.dmp

Filesize
64KB

Download
memory/4644-1376-0x0000016B805A0000-0x0000016B805B0000-memory.dmp

Filesize
64KB

Download
memory/4644-31-0x0000016BFC3C0000-0x0000016BFC3C1000-memory.dmp

Filesize
4KB

Download
memory/4644-27-0x0000016B802D0000-0x0000016B802E0000-memory.dmp

Filesize
64KB

Download
memory/4644-25-0x0000016B802C0000-0x0000016B802D0000-memory.dmp

Filesize
64KB

Download
memory/4644-1493-0x0000016B805B0000-0x0000016B805C0000-memory.dmp

Filesize
64KB

Download
memory/4644-1492-0x0000016B80510000-0x0000016B80520000-memory.dmp

Filesize
64KB

Download
memory/4644-1500-0x0000016B80520000-0x0000016B80530000-memory.dmp

Filesize
64KB

Download
memory/4644-23-0x0000016B802B0000-0x0000016B802C0000-memory.dmp

Filesize
64KB

Download
memory/4644-21-0x0000016B802A0000-0x0000016B802B0000-memory.dmp

Filesize
64KB

Download
memory/4644-19-0x0000016B80290000-0x0000016B802A0000-memory.dmp

Filesize
64KB

Download
memory/4644-17-0x0000016B80280000-0x0000016B80290000-memory.dmp

Filesize
64KB

Download
memory/4644-15-0x0000016B80270000-0x0000016B80280000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads