2f6b3112e2d3711ec39f6b71c931f8b14f5bb1ace62b66242caa99cbc6e6854e

Analysis

max time kernel
113s
max time network
118s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/04/2024, 14:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RADStudio-12-1-29-0-51961-7529-KeyPatch.exe
Size

1.4MB
MD5

80c9bc51bbf0a781821639a3969ccf51
SHA1

8beb2d5a6010148e9a6a755b5ce788664ec8f0fd
SHA256

2f6b3112e2d3711ec39f6b71c931f8b14f5bb1ace62b66242caa99cbc6e6854e
SHA512

09f3ed87710530c6c3ccac928a08a0838926bb550db04a9b166031a186d17ee77bf440aa0709414597acf6ccfc2d22a22244e2683eb934f2ecfb66c3dedec1d3
SSDEEP

24576:zs9MdH5nhrT8Mi1PJLf1KrpIjqg1OmoMYtPhZuSC6Cee3y80Cnf9GMI3wfhZHZ:zkuhrTG1Kwqg14MYtPhQSN80CnVGMqwp

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	RADStudio-12-1-29-0-51961-7529-KeyPatch.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6140_495214857\_locales\vi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6140_495214857\_locales\tr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6140_495214857\_locales\ms\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6140_495214857\_locales\kk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6140_495214857\_locales\lo\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6140_495214857\_locales\bg\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6140_495214857\eventpage_bin_prod.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6140_495214857\_locales\ml\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6140_495214857\_locales\ur\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6140_495214857\_locales\eu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6140_495214857\_locales\uk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6140_495214857\_locales\sk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6140_495214857\_locales\km\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6140_495214857\_locales\en\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6140_495214857\_locales\cy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6140_495214857\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6140_495214857\_locales\te\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6140_495214857\_locales\no\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6140_495214857\_locales\am\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6140_495214857\_locales\hr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6140_495214857\_locales\hi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6140_495214857\_locales\ne\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6140_495214857\page_embed_script.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6140_495214857\_locales\ko\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6140_495214857\_locales\fr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6140_495214857\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6140_495214857\_locales\el\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6140_495214857\_locales\ja\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6140_495214857\_locales\is\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6140_495214857\_locales\ka\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6140_495214857\_locales\sr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6140_495214857\_locales\ro\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6140_495214857\_locales\az\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6140_495214857\_locales\fa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6140_495214857\_locales\es\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6140_495214857\_locales\fi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6140_495214857\_locales\mn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6140_495214857\_locales\hu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6140_495214857\_locales\en_US\messages.json	msedge.exe
File created	C:\Program Files\msedge_url_fetcher_6140_1296202763\GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_75_4_0.crx	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6140_495214857\_locales\th\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6140_495214857\_locales\en_GB\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6140_495214857\_locales\iw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6140_495214857\_locales\ta\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6140_495214857\_locales\sv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6140_495214857\dasherSettingSchema.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6140_495214857\_locales\hy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6140_495214857\_locales\pt_BR\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6140_495214857\_locales\da\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6140_495214857\_locales\my\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6140_495214857\_locales\fil\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6140_495214857\_locales\zh_HK\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6140_495214857\_locales\sw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6140_495214857\_locales\lt\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6140_495214857\_locales\pl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6140_495214857\_locales\lv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6140_495214857\_locales\ru\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6140_495214857\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6140_495214857\_locales\it\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6140_495214857\_locales\et\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6140_495214857\_locales\pt_PT\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6140_495214857\_locales\zh_TW\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6140_495214857\_locales\si\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping6140_495214857\_locales\gl\messages.json	msedge.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{7CE08724-69E2-4E9D-AA76-9946C2C4B4E3}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3708	firefox.exe
Token: SeDebugPrivilege	3708	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
3708	firefox.exe
3708	firefox.exe
3708	firefox.exe
3708	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
3708	firefox.exe
3708	firefox.exe
3708	firefox.exe

Suspicious use of SetWindowsHookEx 15 IoCs

pid	Process
4664	RADStudio-12-1-29-0-51961-7529-KeyPatch.exe
4664	RADStudio-12-1-29-0-51961-7529-KeyPatch.exe
3708	firefox.exe
3708	firefox.exe
3708	firefox.exe
3708	firefox.exe
3708	firefox.exe
3708	firefox.exe
3708	firefox.exe
3708	firefox.exe
3708	firefox.exe
3708	firefox.exe
3708	firefox.exe
3708	firefox.exe
3708	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3104 wrote to memory of 3708	3104	firefox.exe	102
PID 3104 wrote to memory of 3708	3104	firefox.exe	102
PID 3104 wrote to memory of 3708	3104	firefox.exe	102
PID 3104 wrote to memory of 3708	3104	firefox.exe	102
PID 3104 wrote to memory of 3708	3104	firefox.exe	102
PID 3104 wrote to memory of 3708	3104	firefox.exe	102
PID 3104 wrote to memory of 3708	3104	firefox.exe	102
PID 3104 wrote to memory of 3708	3104	firefox.exe	102
PID 3104 wrote to memory of 3708	3104	firefox.exe	102
PID 3104 wrote to memory of 3708	3104	firefox.exe	102
PID 3104 wrote to memory of 3708	3104	firefox.exe	102
PID 3708 wrote to memory of 4176	3708	firefox.exe	103
PID 3708 wrote to memory of 4176	3708	firefox.exe	103
PID 3708 wrote to memory of 2288	3708	firefox.exe	104
PID 3708 wrote to memory of 2288	3708	firefox.exe	104
PID 3708 wrote to memory of 2288	3708	firefox.exe	104
PID 3708 wrote to memory of 2288	3708	firefox.exe	104
PID 3708 wrote to memory of 2288	3708	firefox.exe	104
PID 3708 wrote to memory of 2288	3708	firefox.exe	104
PID 3708 wrote to memory of 2288	3708	firefox.exe	104
PID 3708 wrote to memory of 2288	3708	firefox.exe	104
PID 3708 wrote to memory of 2288	3708	firefox.exe	104
PID 3708 wrote to memory of 2288	3708	firefox.exe	104
PID 3708 wrote to memory of 2288	3708	firefox.exe	104
PID 3708 wrote to memory of 2288	3708	firefox.exe	104
PID 3708 wrote to memory of 2288	3708	firefox.exe	104
PID 3708 wrote to memory of 2288	3708	firefox.exe	104
PID 3708 wrote to memory of 2288	3708	firefox.exe	104
PID 3708 wrote to memory of 2288	3708	firefox.exe	104
PID 3708 wrote to memory of 2288	3708	firefox.exe	104
PID 3708 wrote to memory of 2288	3708	firefox.exe	104
PID 3708 wrote to memory of 2288	3708	firefox.exe	104
PID 3708 wrote to memory of 2288	3708	firefox.exe	104
PID 3708 wrote to memory of 2288	3708	firefox.exe	104
PID 3708 wrote to memory of 2288	3708	firefox.exe	104
PID 3708 wrote to memory of 2288	3708	firefox.exe	104
PID 3708 wrote to memory of 2288	3708	firefox.exe	104
PID 3708 wrote to memory of 2288	3708	firefox.exe	104
PID 3708 wrote to memory of 2288	3708	firefox.exe	104
PID 3708 wrote to memory of 2288	3708	firefox.exe	104
PID 3708 wrote to memory of 2288	3708	firefox.exe	104
PID 3708 wrote to memory of 2288	3708	firefox.exe	104
PID 3708 wrote to memory of 2288	3708	firefox.exe	104
PID 3708 wrote to memory of 2288	3708	firefox.exe	104
PID 3708 wrote to memory of 2288	3708	firefox.exe	104
PID 3708 wrote to memory of 2288	3708	firefox.exe	104
PID 3708 wrote to memory of 2288	3708	firefox.exe	104
PID 3708 wrote to memory of 2288	3708	firefox.exe	104
PID 3708 wrote to memory of 2288	3708	firefox.exe	104
PID 3708 wrote to memory of 2288	3708	firefox.exe	104
PID 3708 wrote to memory of 2288	3708	firefox.exe	104
PID 3708 wrote to memory of 2288	3708	firefox.exe	104
PID 3708 wrote to memory of 2288	3708	firefox.exe	104
PID 3708 wrote to memory of 2288	3708	firefox.exe	104
PID 3708 wrote to memory of 2288	3708	firefox.exe	104
PID 3708 wrote to memory of 2288	3708	firefox.exe	104
PID 3708 wrote to memory of 2288	3708	firefox.exe	104
PID 3708 wrote to memory of 2288	3708	firefox.exe	104
PID 3708 wrote to memory of 2288	3708	firefox.exe	104
PID 3708 wrote to memory of 2288	3708	firefox.exe	104
PID 3708 wrote to memory of 2288	3708	firefox.exe	104
PID 3708 wrote to memory of 3556	3708	firefox.exe	106
PID 3708 wrote to memory of 3556	3708	firefox.exe	106
PID 3708 wrote to memory of 3556	3708	firefox.exe	106

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\RADStudio-12-1-29-0-51961-7529-KeyPatch.exe
"C:\Users\Admin\AppData\Local\Temp\RADStudio-12-1-29-0-51961-7529-KeyPatch.exe"
1⤵
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
PID:4664
- C:\Windows\SysWOW64\explorer.exe
  "C:\Windows\System32\explorer.exe" https://altd.embarcadero.com/download/radstudio/12.0/RADStudio_12_1_61_7529.iso
  2⤵
  PID:5468

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3104
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3708
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3708.0.156812824\358823675" -parentBuildID 20221007134813 -prefsHandle 1868 -prefMapHandle 1860 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {966c649f-bb49-4772-b95d-423467fab5e2} 3708 "\\.\pipe\gecko-crash-server-pipe.3708" 1948 18a4c4d7a58 gpu
    3⤵
    PID:4176
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3708.1.2136429935\2026937925" -parentBuildID 20221007134813 -prefsHandle 2336 -prefMapHandle 2324 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5059b346-71fc-44ff-a107-903b716d064a} 3708 "\\.\pipe\gecko-crash-server-pipe.3708" 2348 18a38771c58 socket
    3⤵
    - Checks processor information in registry
    PID:2288
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3708.2.1875428023\446610462" -childID 1 -isForBrowser -prefsHandle 3320 -prefMapHandle 2972 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {63d4f739-c7b9-458f-bb7f-ba36ebe7a298} 3708 "\\.\pipe\gecko-crash-server-pipe.3708" 3332 18a4c458d58 tab
    3⤵
    PID:3556
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3708.3.1933817764\464791913" -childID 2 -isForBrowser -prefsHandle 3556 -prefMapHandle 3552 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9dd9c6d5-8c11-4c5c-9a71-6a2857ac753d} 3708 "\\.\pipe\gecko-crash-server-pipe.3708" 3568 18a38771658 tab
    3⤵
    PID:4672
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3708.4.316708680\680892086" -childID 3 -isForBrowser -prefsHandle 3808 -prefMapHandle 3804 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eceb3669-8192-4b66-86b8-b27f05ff7868} 3708 "\\.\pipe\gecko-crash-server-pipe.3708" 3820 18a38762858 tab
    3⤵
    PID:2260
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3708.5.1275264902\725648485" -childID 4 -isForBrowser -prefsHandle 5064 -prefMapHandle 5056 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9dd57f9-98d4-4fbe-b27c-26884cf77cb8} 3708 "\\.\pipe\gecko-crash-server-pipe.3708" 5040 18a5059ac58 tab
    3⤵
    PID:5864
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3708.6.166913846\1769624714" -childID 5 -isForBrowser -prefsHandle 5052 -prefMapHandle 5044 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4fd95ee2-6646-4a5a-bba0-ebd3889e2000} 3708 "\\.\pipe\gecko-crash-server-pipe.3708" 5000 18a521b6658 tab
    3⤵
    PID:5872
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3708.7.178443745\2074432382" -childID 6 -isForBrowser -prefsHandle 5040 -prefMapHandle 5160 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {23b02947-60b4-4405-8ed8-fa71d17d9c40} 3708 "\\.\pipe\gecko-crash-server-pipe.3708" 5416 18a521b6f58 tab
    3⤵
    PID:5888

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:5704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://altd.embarcadero.com/download/radstudio/12.0/RADStudio_12_1_61_7529.iso
  2⤵
  PID:5820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4796 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:1
1⤵
PID:5852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4588 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:1
1⤵
PID:5944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3584 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:8
1⤵
PID:5956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --no-appcompat-clear --mojo-platform-channel-handle=5768 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:8
1⤵
PID:2344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5896 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:1
1⤵
PID:4696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=6172 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:1
1⤵
PID:5276

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
1⤵
- Drops file in Program Files directory
- Enumerates system info in registry
- Modifies registry class
PID:6140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x238,0x23c,0x240,0x234,0x258,0x7ff88d9a2e98,0x7ff88d9a2ea4,0x7ff88d9a2eb0
  2⤵
  PID:5448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2156 --field-trial-handle=2160,i,5008971518123771242,4077878918816245369,262144 --variations-seed-version /prefetch:2
  2⤵
  PID:876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2172 --field-trial-handle=2160,i,5008971518123771242,4077878918816245369,262144 --variations-seed-version /prefetch:3
  2⤵
  PID:6064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2512 --field-trial-handle=2160,i,5008971518123771242,4077878918816245369,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4460 --field-trial-handle=2160,i,5008971518123771242,4077878918816245369,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4460 --field-trial-handle=2160,i,5008971518123771242,4077878918816245369,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:2164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4580 --field-trial-handle=2160,i,5008971518123771242,4077878918816245369,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4588 --field-trial-handle=2160,i,5008971518123771242,4077878918816245369,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=3996 --field-trial-handle=2160,i,5008971518123771242,4077878918816245369,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4812 --field-trial-handle=2160,i,5008971518123771242,4077878918816245369,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4600 --field-trial-handle=2160,i,5008971518123771242,4077878918816245369,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:4760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
4d004c13f5cb21a0605f922225fefea7

SHA1
e7ff215e72284a20b90d202d394e38fa6bdf7eac

SHA256
a477830b1488b4be86ab0b5569031b584346d0776416f5537716e1a32be38425

SHA512
858e127c85026b5ad6c2388705030d96b7e980e925c64364aeea143f74d8381cca1d5c42ddd45dbfd252a01b577c76b2194d56ba7d427b1ee50cb47f5c879d59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
d690ede48a102c3bd9ddc3b0ab5f78c7

SHA1
5455beaa057b814b49bccfb59a64c3a21f1751ff

SHA256
f480ec5de63c1f6f5969db3874caa900833b02e9f7b28c0921fe7aef99ca67d6

SHA512
388dcf42d5d0543b55d7a55806c437a2a0927daadce29c5dd0b3404e0ce9b24d6adbff15a4379367bc74d955316edd520bab074c3e49cf2e7f1062e947aa2f38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
30KB

MD5
fe9374d3c250b3f8b79e46bffe3342b2

SHA1
3ee553474fa3e2652ae54caf08582a433d072d84

SHA256
d38eb224c140b6f53b763c31c6c6cf236b20bd52d8fd104d66e7e12e74dee1cc

SHA512
e46c9bb38d3d42052d5f19255c085b8fac63bbaadc1393e78f1af941ec20b6e8bc8685fda50ff89145e8f3ddf0ced01131e66499f1717e8191c3d122b46c4b64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
62KB

MD5
0864b0ec83de0a0ca8ea1225c8e4d374

SHA1
6aaac4eb3fa4c4de42776b37e4fa9fa299b3065d

SHA256
94261ef2b66b228640f4fd00f9f05504fe9d811cd536205c21408783984f81be

SHA512
fd9f7dc8d813a9517f94b89493aaf9a5cb556249a2a386c3ff8457b92cf2ba897496353077dbc4f9334a458ec8de4cabc7a1cee059414f362a4deb5412b75290

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
52KB

MD5
21b278db6c6246a8789279f19449be10

SHA1
16ade4651c824ac77225b0b47c1167419ec2eb9f

SHA256
36cb637b8b42fb5eb07c2bfa8400a569cd27a6d6e74b4a00ff5d5f7179b006bb

SHA512
acc144945d0c8bc6ce3e09e8227e8066b7181fd2273a82e8d8d6187b8aa84fb18b787098f15be987fd1d8fd9096ef0c5f97914e42d0b7212de0985483d2798f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\c5d22cb8-9f3b-462a-a1dc-a39a2b8c373a.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
ccf78fc488eea6ba087a08f9a3df8f4e

SHA1
37721b4e3ab39a00eb8f09f57fa32cc179880490

SHA256
747bdf1a451411d28656961e3acbe460681c09010d6103a522fdb9d44b5b409b

SHA512
d6e0aa4f65efd5cdc09f09de8f1c8871ffa1bc44fbd4e9044bc41258352fdc21b0cb958b0593a89f40e3faf8517450f11493fba38b53ee6adc5fd2c9036e7198

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\d0bd3867-c524-4b1a-9f24-ef7bd17cd0a4

Filesize
11KB

MD5
a844a866024ebafd89818f4a2c81ecd3

SHA1
c6cb9d919fb92079ade22403643aec7cd783ecdb

SHA256
d553f62ed122f7477c470334889e9d70bab4cdf63fd37f9e88ba002154c77ce7

SHA512
d91ace0c1b98a5e790faf676301d02b5ab8c68e15b2be3fc5dd4325bc076565b7333ec5c544b5a55b96537419bdca386d9f7d5c80a4be4bf4a29fb1f47730c47

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\f35efe4e-7571-4a1b-8e84-2859d183c910

Filesize
746B

MD5
6936452644d6640b29329de38ddb4587

SHA1
365656a73a768b64a28a05b40b790edc6a2fd71c

SHA256
6fcf378519d41d0b44f9fbfbd1b47d92cfde49895e4253125f727f166ff98407

SHA512
a99a3bb30b87308063e2d332071aff54c2f0f110df0f29820d55cc3f216a93415370ede0e13096e5b129b0bb294e4f0cda610aa714b714860f26b9fdf3cd244d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
6KB

MD5
60fffca1249231c00411326827c89c76

SHA1
fed1825ef29e86a566bcd0b66ff40b0f0bbb92a8

SHA256
a9b4a61c1e7f2bff33b02fa372d13a68cde079718134694938878d111c523e22

SHA512
746d606187a6749aed1b1de1d659f481989b833d87d982f4cf0d09b2f6284905acd95a4997c6422eef21aa95f3209ff291b2cc70877ee5123cf582fd729ad3c9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
6KB

MD5
2a15b5c38b976b68350c571f25956399

SHA1
5336824aab4579e4444619294607ba2750d1f791

SHA256
93b1d5a24e35112918f9e14e6770df83fb7d9a736306213406be12ebd144e12b

SHA512
eaa70b76de61cebeae594a42ee8489a3ae0564de26016ab4e2a280740d9379e88064e29dc06a4de62b7c24d2dd49b4768b575502984b52391176670f11637494

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js

Filesize
6KB

MD5
99422b4fff4ba9c87c35cd0246431ff2

SHA1
63985dcf6402d02a47ed9c83e91c996a24211e1f

SHA256
6e94aa2bc7ea113f90e5e8ee91a4c2cb227a87c53e0b6158b0f64c9d67fbaf26

SHA512
03158de2e55e35d208982cc4bcd00bbde0d2ca71986540dc6e409bb510f3a5bb9027956d848ca848c09c987f346209bb6d80cd144efc013061aeb8352b9f06cd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js

Filesize
6KB

MD5
b5ea1b85c798e4b6d77c1c4632ea8a23

SHA1
eaf8bea3ed7e56187d4bc8f3f20983434435cb25

SHA256
2889a1d44375babb259af0468a8016002ac0dcb1d806ad51f80a59a56c361a00

SHA512
2e153edcd43370da764ecce8c403512b81874e4f9d91a7c4f23961c30df36ad6e1c8b62aa7346056c2599e21f3cb84ae93dc48bfaaa29af4f510ee1b95d809ed

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
ad7d1da4ad2dd9ae57ac5d3276302d48

SHA1
f0b3d5ffbf41292d950a8dc6e98edcff8d448c4d

SHA256
4e3387a1c1898efbd1313cfbbf0e0e5496be78aa1e3dac4fc081ee8f32a88e96

SHA512
a3798a4a13edda8a9f22b95264905e9bd029a44bec0e3bae5f853421dc1f5c55333d41b115855ea4ad316cbaf9b066eae576b4b8812c34d97e14f1a83013c254

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
2a94747f74ce158055db372e19a732b7

SHA1
e9d733fe436307c4c00f2487a5f4938e6d5b257d

SHA256
c3ec5ecc8cd9c3e6624344542d315b70d68a088eeab4ad3443f68802235c823e

SHA512
7781c4b375b163ab9457dc4fe7b9237a975824f038d0027ff4eaff61a9c34606a1d82016685a2a2a6bb26542b112431a1b01996e65831686923f62695f86de5a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
567fb3c7ed5d4b32ff456a9e539ec5e4

SHA1
e4b81cbb14e807348edb9584e4caad869dd18918

SHA256
203c2c996771952dd202e6fb011bf47e847ad7b3aafafcea68d64b54867900b6

SHA512
99d70ed9f548200b5fa9ea1a49a99b6b76629d4bb0152e4bf706a2b2c94cb008ec481a43f7efabb643ad84cb51f5388c0c4bea6e51896c2306af1d0ff53ea2bb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore.jsonlz4

Filesize
997B

MD5
17cc2ca6cdd3281b0041b472c75f15f2

SHA1
160e26f87037cfa3477393971313f3cdefa84f70

SHA256
b36aca1d6d2d15528be3c51f38c82c24eeaac484c130be4f7a3acbd779df0f99

SHA512
667c3be214c7d2681ad183f22cc2c8537a9154d4a7272479b5c50ed4c1d5e33fdd28abca0039c07d41b13d5e9619f224abc20a20afeae8e2af53f3e0dc1a8cfe

Download Submit
memory/4664-2-0x0000000000400000-0x000000000089B000-memory.dmp

Filesize
4.6MB

Download
memory/4664-100-0x0000000001040000-0x0000000001041000-memory.dmp

Filesize
4KB

Download
memory/4664-94-0x0000000000400000-0x000000000089B000-memory.dmp

Filesize
4.6MB

Download
memory/4664-0-0x0000000000400000-0x000000000089B000-memory.dmp

Filesize
4.6MB

Download
memory/4664-105-0x0000000000400000-0x000000000089B000-memory.dmp

Filesize
4.6MB

Download
memory/4664-1-0x0000000001040000-0x0000000001041000-memory.dmp

Filesize
4KB

Download
memory/4664-542-0x0000000000400000-0x000000000089B000-memory.dmp

Filesize
4.6MB

Download
memory/4664-546-0x0000000000400000-0x000000000089B000-memory.dmp

Filesize
4.6MB

Download
memory/4664-556-0x0000000000400000-0x000000000089B000-memory.dmp

Filesize
4.6MB

Download
memory/4664-557-0x0000000000400000-0x000000000089B000-memory.dmp

Filesize
4.6MB

Download
memory/4664-126-0x0000000000400000-0x000000000089B000-memory.dmp

Filesize
4.6MB

Download
memory/4664-87-0x0000000000400000-0x000000000089B000-memory.dmp

Filesize
4.6MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads