hxxps://drive[.]google[.]com/file/d/1h4mL-IQWi6fxy7Lbw1urXpi8N9L1P15m/view

Resubmissions

02/03/2023, 17:19

230302-vv9k4adh98 6

02/03/2023, 17:10

230302-vp7vbade4v 6

02/03/2023, 17:07

230302-vnbeqade3w 6

Analysis

max time kernel
60s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
02/03/2023, 17:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1h4mL-IQWi6fxy7Lbw1urXpi8N9L1P15m/view

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\PhishingFilter	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = 2c9ba0669e45d901	iexplore.exe

Modifies Internet Explorer settings 1 TTPs 43 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1894285466"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000675316f82fdac74aa8f3bd7995064a9700000000020000000000106600000001000020000000ebff77e503f2050cfb31366e941f2804b782200bc5ad562e3e2ceefeb604b84e000000000e8000000002000020000000235c7c12a262c8bc7006c32c71c726d3b312f2e029cb0b58bfeeff2ab18c629b2000000088116686fa3c10bed7e9f620752d7267be1be323e193b3b730ea8da69b65543a40000000eb052cc534b247500853ecb9dab918ce8db66735980112937e7d80b8959fca70fcecebeda5323ad413179fc6ce7c7c75bf914388b5e7898c2c7e522939942590	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e0d23373324dd901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\DOMStorage\drive.google.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\drive.google.com\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\RepId	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31018290"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "6"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000675316f82fdac74aa8f3bd7995064a9700000000020000000000106600000001000020000000ca2dd665eae4882fa2239cceb4adf7b414c7fcc34b4f0519073eaa2d1384c298000000000e8000000002000020000000cf20231d0f2a78200529f700f63346cae7b24c383fb2b682cdede38f9db887a3200000004ce45bbe1456d7351c939732f63077f78d011460e769b69ebe124c8422fdba70400000002362ca29b3e4ba998056bd52862cb600a8b8668f8564ce1ef2ffdff0f13d1db511f2ed52c61ca4db487c390c0464ce5a73c2b48dcd415b01d21784ba1408fb73	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a06b3f73324dd901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\drive.google.com\ = "6"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31018290"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\google.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{9BA0A328-B925-11ED-ABF7-E2BD7878EA51} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1894285466"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "6"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\SOFTWARE\Microsoft\Internet Explorer\RepId\PublicId = "{7820699C-7768-4F8F-BB54-CC6AF1087BEE}"	iexplore.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2272	firefox.exe
Token: SeDebugPrivilege	2272	firefox.exe

Suspicious use of FindShellTrayWindow 6 IoCs

pid	Process
3592	iexplore.exe
2272	firefox.exe
2272	firefox.exe
2272	firefox.exe
2272	firefox.exe
3592	iexplore.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
2272	firefox.exe
2272	firefox.exe
2272	firefox.exe

Suspicious use of SetWindowsHookEx 9 IoCs

pid	Process
3592	iexplore.exe
3592	iexplore.exe
4120	IEXPLORE.EXE
4120	IEXPLORE.EXE
2272	firefox.exe
4120	IEXPLORE.EXE
4120	IEXPLORE.EXE
4120	IEXPLORE.EXE
4120	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3592 wrote to memory of 4120	3592	iexplore.exe	84
PID 3592 wrote to memory of 4120	3592	iexplore.exe	84
PID 3592 wrote to memory of 4120	3592	iexplore.exe	84
PID 4312 wrote to memory of 2272	4312	firefox.exe	90
PID 4312 wrote to memory of 2272	4312	firefox.exe	90
PID 4312 wrote to memory of 2272	4312	firefox.exe	90
PID 4312 wrote to memory of 2272	4312	firefox.exe	90
PID 4312 wrote to memory of 2272	4312	firefox.exe	90
PID 4312 wrote to memory of 2272	4312	firefox.exe	90
PID 4312 wrote to memory of 2272	4312	firefox.exe	90
PID 4312 wrote to memory of 2272	4312	firefox.exe	90
PID 4312 wrote to memory of 2272	4312	firefox.exe	90
PID 4312 wrote to memory of 2272	4312	firefox.exe	90
PID 4312 wrote to memory of 2272	4312	firefox.exe	90
PID 2272 wrote to memory of 2808	2272	firefox.exe	92
PID 2272 wrote to memory of 2808	2272	firefox.exe	92
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94
PID 2272 wrote to memory of 4720	2272	firefox.exe	94

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://drive.google.com/file/d/1h4mL-IQWi6fxy7Lbw1urXpi8N9L1P15m/view
1⤵
- Modifies Internet Explorer Phishing Filter
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3592
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3592 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:4120

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4312
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2272
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2272.0.1058498213\1606522467" -parentBuildID 20221007134813 -prefsHandle 1828 -prefMapHandle 1820 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {18d577c6-0b09-4617-a669-f6c165a7c4d3} 2272 "\\.\pipe\gecko-crash-server-pipe.2272" 1928 273f6ea7258 gpu
    3⤵
    PID:2808
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2272.1.1594626554\1120370934" -parentBuildID 20221007134813 -prefsHandle 2288 -prefMapHandle 2284 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ffc96fa6-0e0e-423f-8bbe-504ba880b2c1} 2272 "\\.\pipe\gecko-crash-server-pipe.2272" 2300 273e8e72e58 socket
    3⤵
    PID:4720
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2272.2.790971895\54411842" -childID 1 -isForBrowser -prefsHandle 3024 -prefMapHandle 1632 -prefsLen 21074 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {17670d65-aa2d-41b6-87ea-c25775725437} 2272 "\\.\pipe\gecko-crash-server-pipe.2272" 2856 273f9c06758 tab
    3⤵
    PID:1680
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2272.3.545071177\385631537" -childID 2 -isForBrowser -prefsHandle 1292 -prefMapHandle 1296 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a16c4fc1-602f-44d8-b13e-c9f3141b99de} 2272 "\\.\pipe\gecko-crash-server-pipe.2272" 3524 273e8e70a58 tab
    3⤵
    PID:2056
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2272.4.549271875\1152683266" -childID 3 -isForBrowser -prefsHandle 4192 -prefMapHandle 4188 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a21c24f-bddf-4aa5-8fbc-3deac98543c7} 2272 "\\.\pipe\gecko-crash-server-pipe.2272" 4200 273faa1d858 tab
    3⤵
    PID:1224
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2272.5.719220534\317654855" -childID 4 -isForBrowser -prefsHandle 4540 -prefMapHandle 4544 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {91dabe52-0932-49b3-9e7f-907e0e25d4bc} 2272 "\\.\pipe\gecko-crash-server-pipe.2272" 4532 273faf76e58 tab
    3⤵
    PID:3704
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2272.6.961878520\1976281953" -childID 5 -isForBrowser -prefsHandle 2796 -prefMapHandle 2792 -prefsLen 27003 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e123c97-9334-4bc6-883d-584645d8a81c} 2272 "\\.\pipe\gecko-crash-server-pipe.2272" 4848 273f8ba7e58 tab
    3⤵
    PID:5932
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2272.7.950211519\81634864" -childID 6 -isForBrowser -prefsHandle 4896 -prefMapHandle 3624 -prefsLen 27003 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {25fc29eb-3dc4-4513-8e2d-a7bf155db0ff} 2272 "\\.\pipe\gecko-crash-server-pipe.2272" 1656 273f8ba6658 tab
    3⤵
    PID:5240
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2272.8.2022213289\1660173117" -childID 7 -isForBrowser -prefsHandle 5536 -prefMapHandle 5544 -prefsLen 27020 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a3b3640c-72a6-44bd-af38-dbf2ae525ee3} 2272 "\\.\pipe\gecko-crash-server-pipe.2272" 5528 273fc05cb58 tab
    3⤵
    PID:2660
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2272.9.891260437\1821315529" -childID 8 -isForBrowser -prefsHandle 5224 -prefMapHandle 5732 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b68f2f6d-4fdf-4831-9b36-b0d3874eaf41} 2272 "\\.\pipe\gecko-crash-server-pipe.2272" 5792 273fc9d4958 tab
    3⤵
    PID:5288
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2272.10.1980877148\295015610" -childID 9 -isForBrowser -prefsHandle 4576 -prefMapHandle 4572 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {42de1785-e922-447b-a237-7388ef4282ba} 2272 "\\.\pipe\gecko-crash-server-pipe.2272" 4564 273f8aae058 tab
    3⤵
    PID:5364

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:400

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Areena Riverside Resort\" -spe -an -ai#7zMap31165:108:7zEvent2565
1⤵
PID:3056

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verE44A.tmp

Filesize
15KB

MD5
1a545d0052b581fbb2ab4c52133846bc

SHA1
62f3266a9b9925cd6d98658b92adec673cbe3dd3

SHA256
557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

SHA512
bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\dcpq11e\imagestore.dat

Filesize
1021B

MD5
a7b81332adda1bcad648f81afa122c27

SHA1
e8607daff6cf1d390c9c3589eab4f371118fa78b

SHA256
7ef1edc73e2d48a25aa18dba1a295055aa58bb752a76b43033a49c48aa2848ea

SHA512
17b4ffc4b2925333d031155dc058243dfa0e3fd2b2374e1e78285e9aca36495424edacc09bff7755891ea318ab34be939d20009e41011b97f3feadb9343a36cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4HAJQ22Y\drive_2020q4_32dp[1].png

Filesize
831B

MD5
916c9bcccf19525ad9d3cd1514008746

SHA1
9ccce6978d2417927b5150ffaac22f907ff27b6e

SHA256
358e814139d3ed8469b36935a071be6696ccad7dd9bdbfdb80c052b068ae2a50

SHA512
b73c1a81997abe12dba4ae1fa38f070079448c3798e7161c9262ccba6ee6a91e8a243f0e4888c8aef33ce1cf83818fc44c85ae454a522a079d08121cd8628d00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5AN3FZ97\cleardot[2].gif

Filesize
43B

MD5
fc94fb0c3ed8a8f909dbc7630a0987ff

SHA1
56d45f8a17f5078a20af9962c992ca4678450765

SHA256
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

SHA512
c87bf81fd70cf6434ca3a6c05ad6e9bd3f1d96f77dddad8d45ee043b126b2cb07a5cf23b4137b9d8462cd8a9adf2b463ab6de2b38c93db72d2d511ca60e3b57e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LZ0AI98S\Areena%20Riverside%20Resort[1].rar

Filesize
4.5MB

MD5
8754ea8695bc5db00924af50b9306e2b

SHA1
e5cf4c79e1378d09b68c767bf06b173b44df1134

SHA256
fcb7a445c40ba527b888301826881c447ba9cce7360f282db8327fba558a451b

SHA512
a77b4463571d5973edad0700375364fd57326fa145928d77ef105fda77d11dd3209e691bf36ed0a1ec4f3d00350e74dc63427b4903672d2dec46deb90025a81b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LZ0AI98S\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S64KWKX9\cb=gapi[1].js

Filesize
70KB

MD5
7c5be8bd74fa69afcbf7d14bfa057a19

SHA1
167cced15add6eaada7a1e677bde55208a1608d2

SHA256
1cc44005ab735a11fccc1f38e4a6937a355a50ae0c7ab1e9bae9d9f7ca726c05

SHA512
e979100027ad447422fbd9a707cb5072ef7fe523bf00159a0f48d6ad0b12a838591bdaf2cd64f3a25aab1d1afb288bf4908033ac64d67336b8e1867c9401dd13

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\activity-stream.discovery_stream.json.tmp

Filesize
140KB

MD5
5360105a932fcbaedc76b6fcd4c408fe

SHA1
36aa981c2a6145d6bee4d1ec200f8b093f432ba2

SHA256
981d531a6cb250122093bde053cbb2bbb6ce35ecee63cf531fc836901437e9e4

SHA512
a1781fcf9358fe73318020da511df5b84cea9e36e17c5493fd6548346f65b69d0af092a97ddc206cbe2e1fb8da1105f8a4eee7314b86b02e66ab4087310b978a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\11857

Filesize
9KB

MD5
7454dcbcd54f2153bd15d8b8cbda5f35

SHA1
54231c2c9702c96ad13daba5458d54e74c186d84

SHA256
edc3c37807dcae1c2e967e64959bb75267e346bf7f36439fdc7b526ceda8ec53

SHA512
23a490ed1db5854a3fd939092774b908d0fe2e1a761463d371dd5d98374a231361c02c89f4d70d29cfa020a3fda8b8526a920a8e6045a5575f9a7804031443a5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\15435

Filesize
10KB

MD5
9147fd845e8cfd6f37d4e1de35807fbf

SHA1
f40b72d5760a9fee4fdeee1926f74f13eeb6a9d7

SHA256
c2fcaa240929f2beba91b2ccd12cfc501671f62b745981470f240c84e93f3ef3

SHA512
e03f2bd39a185d6d6530f6ba03955f329d18dc383b86fbeb9751d5640b830ffbd8282bc569d1c16cbec7461b1325c6bceac39501d3d38ac770f0e51c569f0a70

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\16508

Filesize
8KB

MD5
b81c76cdbec83651a154f4ad90e17df6

SHA1
dab633d243dfeb8020318c993078020f0fade71b

SHA256
45dc44938d74bf811a947b13be5b99c97c0648cc1302ad2f5afa371dee67bb4c

SHA512
3eac6d51d8198805e5ef74a6fec8a8caaa00481a1c0f2bc207d09b7526c7dd03a15693c702a56e8868354c7f8dd25b0d5820a23539bb20d3d186763376200d06

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\17319

Filesize
9KB

MD5
c74d17ea27a065c7c64cf3b4873aaadd

SHA1
f086af4003305a95d0609f1f8db25823363c8985

SHA256
946b770925a8273dc9bcb93b96834c05796f7783ff096fd86e2a6d21bcb8dcae

SHA512
4a706d23308ef8355cc134313e0489caf49e33ea9f851080a857f7e6ceed8c8dc989f082d350e55e750309a1cc7aee55e53415e07ed5e46d5d084747ba31579b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\21783

Filesize
9KB

MD5
ea51794c43a87c65b0afcfe83f22634b

SHA1
80e44a9ed40897d5f2c88f9c58cbdc8d095ac672

SHA256
68108042c6787ec8a01888eb26b2bc22c9d4de6996c2f43897586c540750c4fd

SHA512
8dd1630b185e89f0c74dd108a91437211681a1baf4e7a1ca976491f6796b91e5a48783b8d2a9fec160e334e620ff7763b3d5c9b6c4995f0906b0dd300283f0ad

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\24756

Filesize
9KB

MD5
39a5fe53ecec08cfdf661068896da1be

SHA1
1914db75ca835501b4b50507cc3dac5b39a96c94

SHA256
5c98807bd9e5542e673f0b1fc480ad6ed3e3d3bc09b591a945d9813862d4b9f1

SHA512
e48ed075b16076ab1ed774e2fc7f1dfb82a581b4aa5c27ad4c7cfc47e1ead0e5550ab97494f10736eac45a3957f515d832d1d78fb4c913edfa8ef73e02243c0b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\26238

Filesize
10KB

MD5
293a39647a63889b432e085b0c651ab5

SHA1
8b3d24e9a8f3d65ce3efdb5fba94d09c00aef8b4

SHA256
878ee02f78ccbfb5f5ccf3db52e538ab0c7cba3431687192ee37988d843920c8

SHA512
e73ed3f5d0d5c0e9e64bf3d5fcea7f189f37990775bac8e125bd8b485ed4137147f57305d2beadde382b0b2ac0a5dfc148211be92464da2c092918df16b19e5d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\26471

Filesize
9KB

MD5
0c57ec574f94a32e7c26ce48ec34a052

SHA1
5a2a7f28c9bc7d40be462e874415219b513a1a8a

SHA256
cbff7b6116e439de0a622cf51ac1281cb99e9510fe2bec4b87b6ccc187dbb9b4

SHA512
c4f945d8b809930c2d3ad40ddb976e4b01daedd088e5ef1ce22b9b6fc9afaed96dca3003beffe4dcf8f0546d48f4c2dce4d878a190321d09c878934abe5f4567

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\31596

Filesize
9KB

MD5
49f1ef27afe74bd96c512f70df08a70d

SHA1
140b2a032e69421af25f1d28c1220bab98987e14

SHA256
9efb87f969c5d2d1b2b8098b276f66f1315f5d71647742d9abe21219939f773b

SHA512
2cfb964809dc1c3160431e540fedd9dd802c921820dea2080989178286b044f7cff60e3a51e880fe55d7c24e7c1abacca795af1d3894e34923c176c0328a0cf9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\42

Filesize
9KB

MD5
a41c7dfec526a3692ced7a3139b76c10

SHA1
e721375c24e6356ce46bdbd19da2db84fba9b13f

SHA256
4826b0c5d3a90e10e7f00e203a377f411987e82260d811000f776610a1c74fa3

SHA512
abdf04f274a9f262f43ae1df35c29686fccf31f9bd3f06ae6517efb5a44722c4491848ed0aa9e6bfa7dbee54044ffa83e670fc535a13ba2c72133a39053bf2c7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\4498

Filesize
9KB

MD5
f29427721c1601d0c260a17a0248bb61

SHA1
3f955456700923da6797ae4dd61f73d7ed346ffb

SHA256
c2b3c68cd4ad8d4cd61debf268acdfed8af799ea6c64c1e52af0041e876e8bbb

SHA512
493610838a9ec948ae86ba99a279e567201c6fc98840649cbb10176b4ead685b84e0db97ea03d7dfa550852589f980a580192820401ae4be00a4f4d71d0e506b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\cache2\doomed\7153

Filesize
9KB

MD5
f4abe15ccdf13c5761858311eb838eee

SHA1
3465fbf4f5398ea0323ec1698cce69edd9d4c694

SHA256
6ca9f04e55690a796ecb63c1a6b0c2e31c50f53f1c53f6a7fe12a5ea5391c9cc

SHA512
6ae4d069ac569ded2c5bc75029393e50ac64980511fdfd762ef8e5af75fa09a200bccadf6e10607e7602a699eaf2b8e8c2288e7e52a709d9e2c3cfac5f0bf947

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js

Filesize
6KB

MD5
a8f6c39726b0c30110e1cd8d60f6c335

SHA1
024ce5b84a90a6fd2c1826f6826318d341bf3035

SHA256
29424193b8654507b6864940e4d06f61d66134b8c1bdb0a215b0df13245db25f

SHA512
77c39ef6e7a3472a65cf3b64f245f08cc6c327754d4d5f13c082dd99fd64e2415d7dfc1b1856bb748ca95096cf8d7a1c58a24a228c1b4b0f122517ad91f7fe7f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js

Filesize
6KB

MD5
d81dfb3936802368f7fb17dca9e28cf1

SHA1
4f1fac0e7a8bfa8d34f6460821bbca154b525ff7

SHA256
52f3349279c7579005e8ce3b3615b11c908efcb9a05915b1c074a47d7a8ebe73

SHA512
c5af59d0da51cf48334ae8b52bf3801898243d40c21060991f902b9c8b0a66dc36104f80233e62f6c316be1c8a475a52db3348c48463bed40e01c15c98500ffe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js

Filesize
7KB

MD5
dd350de10c834fb08a6b553f8bbd7493

SHA1
f4fc26aecc94adccc44d2ddafdfef375b6ffe6da

SHA256
7dd6e1366ecff5fe53322db0b0f0862aa8e5c786b530c748f8039a39648d7359

SHA512
383a93d5934a8c2a587e7c3da921c6a4a9d639ede68c145c3df4024edd3e746143fa0a3b81db1d27b1a037bc49211f05a07e5e443c74efad505d367dfa31e045

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js

Filesize
6KB

MD5
b2d45b8600db0616eb3f8ae5a350af0e

SHA1
7359b9c503e52d7cc3d5bda7007d6388cd2c2f56

SHA256
a0d75c2f8ef09f7dd58fe081e2850630ed03178799ced515c3d47e759572d7a4

SHA512
20c46e9287ab5c9d072e903442d927e204d850eac3cc6a75c17cc372d3f0fd570dbf0c24d29ac16a3cfd7ce0eb971d1f403356a963ddb9ebc904d8a28c8f7746

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs-1.js

Filesize
6KB

MD5
1ff52eec19b93f43dd5df32d47c1128e

SHA1
76d9d4e9f2e46d9672e65ba5489a07cc9bfbc4a9

SHA256
43d11aac0db1e644373fefccaa653dd7d002922988a40c260c0810bc9913a461

SHA512
c50633c3d12e21828e1365e38ee5540b5a6c2357584a7143981035d3010cf25d89f5e487f394053b5d36c362fad9bdf089ad9a1363aef780c23610cfeba52bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\prefs.js

Filesize
6KB

MD5
207077fed406e49d74fa19116d2712aa

SHA1
3ce60cb9b4fbd6b00a9ae26c599b9fdbe2b6c5ee

SHA256
b02701ad3c4478f891a550eac65f0a8c183999aa22a1dd171bd698b990124c58

SHA512
0c6398230b3eb103a0ce280f127515d998a6c9ea8908b8b248b132782f8166141ba8e1faabc7ace4b80e9c925bc5d7885f0fba8c16cb2e7798055727dc66190e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
2e5b8546fa750de6a9b11ea4c26fa6c8

SHA1
a1405be830344b352e600287ca94a5236bc8d8b2

SHA256
1dfc71b27114930bedf12a1d3b66698a33aec090a9cb2fec75e35cdf204057c1

SHA512
c4cfeab3b3174f767f1bcaaef20bcbda32d5771376199ace629d31de42afe70952bde9b52f76d2c598a9fb699752775637c30dfe91f4986c5a7314f2bad36b6d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
ddd613620df703cc5dd7ed5e5a810380

SHA1
26ff102aa60f7d777780d7b1d2e5acd9086e4cbb

SHA256
b3b76dd44ab811445acc0e7cd2cdb6a9ea577f89a86e254a37e640c05fa33b48

SHA512
b433891ec73187f4b6acffed3f9f034eb3d75ed4f996e361b278892182c68d5bc6aff81594860035809a94ff939ae733d04a988c3343080c8bcb24d42f71a348

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i5yk3ps6.default-release\storage\default\https+++www.virustotal.com\cache\morgue\163\{1c532dbf-297a-4d9a-8748-9970765347a3}.final

Filesize
38KB

MD5
89337791b6fc019098a41200e671fcca

SHA1
80f31de6cbdcc1883748be19f127a4b882714975

SHA256
11c6e8b56af52d85c22f84e97662378344cee6ac69d83f6cad4803753102f1de

SHA512
dd6051f75719b2f0cd239d6622c0e9aa638a6a94b8288d7f9c9fdaefe17fca0bad47dcaa49ebdcddc8603b6f37109b9f69b0537d5caf02c5bbef325c403f36e2

Download Submit
C:\Users\Admin\Downloads\Areena Riverside Resort.rar.xrjwx4j.partial

Filesize
4.5MB

MD5
8754ea8695bc5db00924af50b9306e2b

SHA1
e5cf4c79e1378d09b68c767bf06b173b44df1134

SHA256
fcb7a445c40ba527b888301826881c447ba9cce7360f282db8327fba558a451b

SHA512
a77b4463571d5973edad0700375364fd57326fa145928d77ef105fda77d11dd3209e691bf36ed0a1ec4f3d00350e74dc63427b4903672d2dec46deb90025a81b

Download Submit
memory/4120-8911-0x000000000F4A0000-0x000000000F5A0000-memory.dmp

Filesize
1024KB

Download
memory/5932-6301-0x00007FFED7AB0000-0x00007FFED7AB1000-memory.dmp

Filesize
4KB

Download
memory/5932-6300-0x00007FFED7D50000-0x00007FFED7D51000-memory.dmp

Filesize
4KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads