aboutsummaryrefslogtreecommitdiff
path: root/volatility
diff options
context:
space:
mode:
Diffstat (limited to 'volatility')
-rw-r--r--volatility/README.md1
-rw-r--r--volatility/compressed_cridex.zipbin0 -> 40352364 bytes
-rw-r--r--volatility/cridex.vmem3
-rw-r--r--volatility/dlldump/module.368.24f1020.48580000.dllbin0 -> 50688 bytes
-rw-r--r--volatility/dlldump/module.368.24f1020.7c900000.dllbin0 -> 706048 bytes
-rw-r--r--volatility/dlldump/module.584.24a0598.4a680000.dllbin0 -> 6144 bytes
-rw-r--r--volatility/dlldump/module.584.24a0598.75b40000.dllbin0 -> 32256 bytes
-rw-r--r--volatility/dlldump/module.584.24a0598.75b50000.dllbin0 -> 52736 bytes
-rw-r--r--volatility/dlldump/module.584.24a0598.75b60000.dllbin0 -> 293376 bytes
-rw-r--r--volatility/dlldump/module.584.24a0598.77dd0000.dllbin0 -> 617472 bytes
-rw-r--r--volatility/dlldump/module.584.24a0598.77e70000.dllbin0 -> 584704 bytes
-rw-r--r--volatility/dlldump/module.584.24a0598.77f10000.dllbin0 -> 285184 bytes
-rw-r--r--volatility/dlldump/module.584.24a0598.77fe0000.dllbin0 -> 56320 bytes
-rw-r--r--volatility/dlldump/module.584.24a0598.7c800000.dllbin0 -> 989696 bytes
-rw-r--r--volatility/dlldump/module.584.24a0598.7c900000.dllbin0 -> 706048 bytes
-rw-r--r--volatility/dlldump/module.584.24a0598.7e410000.dllbin0 -> 578560 bytes
-rw-r--r--volatility/dlldump/module.584.24a0598.7e720000.dllbin0 -> 713216 bytes
-rw-r--r--volatility/malware/process.0x81e7bda0.0x3d0000.dmpbin0 -> 135168 bytes
-rw-r--r--volatility/malware/process.0x821dea70.0x1460000.dmpbin0 -> 135168 bytes
-rw-r--r--volatility/malware/process.0x82298700.0x13410000.dmpbin0 -> 16384 bytes
-rw-r--r--volatility/malware/process.0x82298700.0x4c540000.dmpbin0 -> 16384 bytes
-rw-r--r--volatility/malware/process.0x82298700.0x4dc40000.dmpbin0 -> 16384 bytes
-rw-r--r--volatility/malware/process.0x82298700.0x4ee0000.dmpbin0 -> 16384 bytes
-rw-r--r--volatility/malware/process.0x82298700.0x554c0000.dmpbin0 -> 16384 bytes
-rw-r--r--volatility/malware/process.0x82298700.0x5de10000.dmpbin0 -> 16384 bytes
-rw-r--r--volatility/malware/process.0x82298700.0x6a230000.dmpbin0 -> 16384 bytes
-rw-r--r--volatility/malware/process.0x82298700.0x73f40000.dmpbin0 -> 16384 bytes
-rw-r--r--volatility/malware/process.0x82298700.0xf9e0000.dmpbin0 -> 16384 bytes
-rw-r--r--volatility/malware/process.0x822a0598.0x7f6f0000.dmpbin0 -> 1048576 bytes
29 files changed, 4 insertions, 0 deletions
diff --git a/volatility/README.md b/volatility/README.md
new file mode 100644
index 0000000..9d8c00e
--- /dev/null
+++ b/volatility/README.md
@@ -0,0 +1 @@
+malware name > `cridex`
diff --git a/volatility/compressed_cridex.zip b/volatility/compressed_cridex.zip
new file mode 100644
index 0000000..fb07d64
--- /dev/null
+++ b/volatility/compressed_cridex.zip
Binary files differ
diff --git a/volatility/cridex.vmem b/volatility/cridex.vmem
new file mode 100644
index 0000000..f7bc2a2
--- /dev/null
+++ b/volatility/cridex.vmem
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:02a63be2fcf3a63446c3c8ca9151aff963f888204d141e46c6be60ddde7c3e8d
+size 536870912
diff --git a/volatility/dlldump/module.368.24f1020.48580000.dll b/volatility/dlldump/module.368.24f1020.48580000.dll
new file mode 100644
index 0000000..baf998a
--- /dev/null
+++ b/volatility/dlldump/module.368.24f1020.48580000.dll
Binary files differ
diff --git a/volatility/dlldump/module.368.24f1020.7c900000.dll b/volatility/dlldump/module.368.24f1020.7c900000.dll
new file mode 100644
index 0000000..7817542
--- /dev/null
+++ b/volatility/dlldump/module.368.24f1020.7c900000.dll
Binary files differ
diff --git a/volatility/dlldump/module.584.24a0598.4a680000.dll b/volatility/dlldump/module.584.24a0598.4a680000.dll
new file mode 100644
index 0000000..ff3c9dc
--- /dev/null
+++ b/volatility/dlldump/module.584.24a0598.4a680000.dll
Binary files differ
diff --git a/volatility/dlldump/module.584.24a0598.75b40000.dll b/volatility/dlldump/module.584.24a0598.75b40000.dll
new file mode 100644
index 0000000..05a658b
--- /dev/null
+++ b/volatility/dlldump/module.584.24a0598.75b40000.dll
Binary files differ
diff --git a/volatility/dlldump/module.584.24a0598.75b50000.dll b/volatility/dlldump/module.584.24a0598.75b50000.dll
new file mode 100644
index 0000000..a325415
--- /dev/null
+++ b/volatility/dlldump/module.584.24a0598.75b50000.dll
Binary files differ
diff --git a/volatility/dlldump/module.584.24a0598.75b60000.dll b/volatility/dlldump/module.584.24a0598.75b60000.dll
new file mode 100644
index 0000000..f1cc79a
--- /dev/null
+++ b/volatility/dlldump/module.584.24a0598.75b60000.dll
Binary files differ
diff --git a/volatility/dlldump/module.584.24a0598.77dd0000.dll b/volatility/dlldump/module.584.24a0598.77dd0000.dll
new file mode 100644
index 0000000..c3825fc
--- /dev/null
+++ b/volatility/dlldump/module.584.24a0598.77dd0000.dll
Binary files differ
diff --git a/volatility/dlldump/module.584.24a0598.77e70000.dll b/volatility/dlldump/module.584.24a0598.77e70000.dll
new file mode 100644
index 0000000..f4514a6
--- /dev/null
+++ b/volatility/dlldump/module.584.24a0598.77e70000.dll
Binary files differ
diff --git a/volatility/dlldump/module.584.24a0598.77f10000.dll b/volatility/dlldump/module.584.24a0598.77f10000.dll
new file mode 100644
index 0000000..7eb25b6
--- /dev/null
+++ b/volatility/dlldump/module.584.24a0598.77f10000.dll
Binary files differ
diff --git a/volatility/dlldump/module.584.24a0598.77fe0000.dll b/volatility/dlldump/module.584.24a0598.77fe0000.dll
new file mode 100644
index 0000000..1e54a39
--- /dev/null
+++ b/volatility/dlldump/module.584.24a0598.77fe0000.dll
Binary files differ
diff --git a/volatility/dlldump/module.584.24a0598.7c800000.dll b/volatility/dlldump/module.584.24a0598.7c800000.dll
new file mode 100644
index 0000000..da720af
--- /dev/null
+++ b/volatility/dlldump/module.584.24a0598.7c800000.dll
Binary files differ
diff --git a/volatility/dlldump/module.584.24a0598.7c900000.dll b/volatility/dlldump/module.584.24a0598.7c900000.dll
new file mode 100644
index 0000000..3072ab9
--- /dev/null
+++ b/volatility/dlldump/module.584.24a0598.7c900000.dll
Binary files differ
diff --git a/volatility/dlldump/module.584.24a0598.7e410000.dll b/volatility/dlldump/module.584.24a0598.7e410000.dll
new file mode 100644
index 0000000..633b5d9
--- /dev/null
+++ b/volatility/dlldump/module.584.24a0598.7e410000.dll
Binary files differ
diff --git a/volatility/dlldump/module.584.24a0598.7e720000.dll b/volatility/dlldump/module.584.24a0598.7e720000.dll
new file mode 100644
index 0000000..c24cdb7
--- /dev/null
+++ b/volatility/dlldump/module.584.24a0598.7e720000.dll
Binary files differ
diff --git a/volatility/malware/process.0x81e7bda0.0x3d0000.dmp b/volatility/malware/process.0x81e7bda0.0x3d0000.dmp
new file mode 100644
index 0000000..a17b674
--- /dev/null
+++ b/volatility/malware/process.0x81e7bda0.0x3d0000.dmp
Binary files differ
diff --git a/volatility/malware/process.0x821dea70.0x1460000.dmp b/volatility/malware/process.0x821dea70.0x1460000.dmp
new file mode 100644
index 0000000..7f3f0e5
--- /dev/null
+++ b/volatility/malware/process.0x821dea70.0x1460000.dmp
Binary files differ
diff --git a/volatility/malware/process.0x82298700.0x13410000.dmp b/volatility/malware/process.0x82298700.0x13410000.dmp
new file mode 100644
index 0000000..4328012
--- /dev/null
+++ b/volatility/malware/process.0x82298700.0x13410000.dmp
Binary files differ
diff --git a/volatility/malware/process.0x82298700.0x4c540000.dmp b/volatility/malware/process.0x82298700.0x4c540000.dmp
new file mode 100644
index 0000000..1669829
--- /dev/null
+++ b/volatility/malware/process.0x82298700.0x4c540000.dmp
Binary files differ
diff --git a/volatility/malware/process.0x82298700.0x4dc40000.dmp b/volatility/malware/process.0x82298700.0x4dc40000.dmp
new file mode 100644
index 0000000..b29d267
--- /dev/null
+++ b/volatility/malware/process.0x82298700.0x4dc40000.dmp
Binary files differ
diff --git a/volatility/malware/process.0x82298700.0x4ee0000.dmp b/volatility/malware/process.0x82298700.0x4ee0000.dmp
new file mode 100644
index 0000000..53f720b
--- /dev/null
+++ b/volatility/malware/process.0x82298700.0x4ee0000.dmp
Binary files differ
diff --git a/volatility/malware/process.0x82298700.0x554c0000.dmp b/volatility/malware/process.0x82298700.0x554c0000.dmp
new file mode 100644
index 0000000..bd7770e
--- /dev/null
+++ b/volatility/malware/process.0x82298700.0x554c0000.dmp
Binary files differ
diff --git a/volatility/malware/process.0x82298700.0x5de10000.dmp b/volatility/malware/process.0x82298700.0x5de10000.dmp
new file mode 100644
index 0000000..b9349e4
--- /dev/null
+++ b/volatility/malware/process.0x82298700.0x5de10000.dmp
Binary files differ
diff --git a/volatility/malware/process.0x82298700.0x6a230000.dmp b/volatility/malware/process.0x82298700.0x6a230000.dmp
new file mode 100644
index 0000000..21e401e
--- /dev/null
+++ b/volatility/malware/process.0x82298700.0x6a230000.dmp
Binary files differ
diff --git a/volatility/malware/process.0x82298700.0x73f40000.dmp b/volatility/malware/process.0x82298700.0x73f40000.dmp
new file mode 100644
index 0000000..2bc8dd5
--- /dev/null
+++ b/volatility/malware/process.0x82298700.0x73f40000.dmp
Binary files differ
diff --git a/volatility/malware/process.0x82298700.0xf9e0000.dmp b/volatility/malware/process.0x82298700.0xf9e0000.dmp
new file mode 100644
index 0000000..f7882fc
--- /dev/null
+++ b/volatility/malware/process.0x82298700.0xf9e0000.dmp
Binary files differ
diff --git a/volatility/malware/process.0x822a0598.0x7f6f0000.dmp b/volatility/malware/process.0x822a0598.0x7f6f0000.dmp
new file mode 100644
index 0000000..9d1787a
--- /dev/null
+++ b/volatility/malware/process.0x822a0598.0x7f6f0000.dmp
Binary files differ
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-26 21:45:47 +0000