hxxps://www[.]mediafire[.]com/file/c2hmxw5gsms9i3v/Sxr[.]exe/file

Analysis

max time kernel
149s
max time network
142s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
25-04-2024 13:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/c2hmxw5gsms9i3v/Sxr.exe/file

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 5 IoCs

pid	Process
2948	Sxr.exe
2388	Sxr.exe
4080	Sxr.exe
2900	Sxr.exe
5108	Sxr.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Creates scheduled task(s) 1 TTPs 3 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
4528	schtasks.exe
4556	schtasks.exe
4060	schtasks.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\mediafire.com\NumberOfSubd = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\PersistedStorageItemTable\System\{43534228-41E6-4B07-A8F9-BA89C470E19 = "0"	browser_broker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$vBulletin 3	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\Certificates	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\PersistedStorageItemTable\System\{6E5FD4DE-69E9-4D25-86DF-33B002C0728 = 0114020000000000c0000000000000464c0000000114020000000000c000000000000046830000002000000026cd0a791197da0126cd0a791197da018af411791197da0100b002000000000001000000000000000000000000000000d10114001f50e04fd020ea3a6910a2d808002b30309d19002f433a5c0000000000000000000000000000000000000078003100000000008458fb611100557365727300640009000400efbe724a0b5d8458fb612e000000320500000000010000000000000000003a000000000060b0ff0055007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d003200310038003100330000001400500031000000000084587c69100041646d696e003c0009000400efbe8458fb6184587c692e0000008d510100000001000000000000000000000000000000ad270c01410064006d0069006e000000140084003100000000009958e4681100444f574e4c4f7e3100006c0009000400efbe8458fb619958e4682e00000095510100000001000000000000000000420000000000078f0b0144006f0077006e006c006f00610064007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370039003800000018005600320000b002009958e46820005378722e65786500400009000400efbe9958e4689958e4682e000000abac010000000700000000000000000000000000000076f10d015300780072002e00650078006500000016000000560000001c000000010000001c00000034000000000000005500000018000000030000004d8e656f1000000057696e646f777300433a5c55736572735c41646d696e5c446f776e6c6f6164735c5378722e657865000010000000050000a0ffffffff790100001c0000000b0000a090e24d373f126545916439c4925e467b7901000060000000030000a058000000000000006b7a6f7779736e690000000000000000149e36f4af5c7e4694f2ab08c7f23add44e1da1d84f2ee11a99342101ac9c0fb149e36f4af5c7e4694f2ab08c7f23add44e1da1d84f2ee11a99342101ac9c0fbce000000090000a08900000031535053e28a5846bc4c3843bbfc139326986dce6d00000004000000001f0000002e00000053002d0031002d0035002d00320031002d003800370033003500360030003600390039002d0031003000370034003800300033003300300032002d0032003300320036003000370034003400320035002d0031003000300030000000000000003900000031535053b1166d44ad8d7048a748402ea43d788c1d0000006800000000480000008626fc38000000000000d01200000000000000000000000000000000	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\OneTimeCleanup = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PivotIndex\HubPane = "3"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.mediafire.com	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "51"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "111"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = b6470e691197da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total\ = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-087602 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\MrtCache	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = a94c70701197da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\mediafire.com\Total = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CacheLimit = "256000"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState\EdpCleanupState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CRLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\CTLs	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\mediafire.com\Total = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$MediaWiki	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CacheLimit = "1"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\CRLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.mediafire.com\ = "0"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\en-US = "en-US.1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\PersistedStorageItemTable\System\{6E5FD4DE-69E9-4D25-86DF-33B002C0728 = "8192"	browser_broker.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Next Rating Prompt = 705c5556b69fda01	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Discuz!	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Rating Prompt Shown = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0"	MicrosoftEdge.exe

NTFS ADS 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\XenoManager\Sxr.exe\:Zone.Identifier:$DATA	Sxr.exe
File opened for modification	C:\Users\Admin\Downloads\Sxr.exe.plc9no2.partial:Zone.Identifier	browser_broker.exe

Suspicious behavior: MapViewOfSection 4 IoCs

pid	Process
8	MicrosoftEdgeCP.exe
8	MicrosoftEdgeCP.exe
8	MicrosoftEdgeCP.exe
8	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	5004	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	5004	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	5004	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	5004	MicrosoftEdgeCP.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3100	MicrosoftEdge.exe
8	MicrosoftEdgeCP.exe
5004	MicrosoftEdgeCP.exe
8	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 32 IoCs

description	pid	Process	procid_target
PID 8 wrote to memory of 824	8	MicrosoftEdgeCP.exe	77
PID 8 wrote to memory of 824	8	MicrosoftEdgeCP.exe	77
PID 8 wrote to memory of 824	8	MicrosoftEdgeCP.exe	77
PID 8 wrote to memory of 824	8	MicrosoftEdgeCP.exe	77
PID 8 wrote to memory of 824	8	MicrosoftEdgeCP.exe	77
PID 8 wrote to memory of 824	8	MicrosoftEdgeCP.exe	77
PID 8 wrote to memory of 824	8	MicrosoftEdgeCP.exe	77
PID 8 wrote to memory of 824	8	MicrosoftEdgeCP.exe	77
PID 8 wrote to memory of 824	8	MicrosoftEdgeCP.exe	77
PID 8 wrote to memory of 824	8	MicrosoftEdgeCP.exe	77
PID 8 wrote to memory of 824	8	MicrosoftEdgeCP.exe	77
PID 8 wrote to memory of 824	8	MicrosoftEdgeCP.exe	77
PID 8 wrote to memory of 824	8	MicrosoftEdgeCP.exe	77
PID 8 wrote to memory of 824	8	MicrosoftEdgeCP.exe	77
PID 656 wrote to memory of 2948	656	browser_broker.exe	78
PID 656 wrote to memory of 2948	656	browser_broker.exe	78
PID 656 wrote to memory of 2948	656	browser_broker.exe	78
PID 656 wrote to memory of 2388	656	browser_broker.exe	80
PID 656 wrote to memory of 2388	656	browser_broker.exe	80
PID 656 wrote to memory of 2388	656	browser_broker.exe	80
PID 2948 wrote to memory of 4080	2948	Sxr.exe	81
PID 2948 wrote to memory of 4080	2948	Sxr.exe	81
PID 2948 wrote to memory of 4080	2948	Sxr.exe	81
PID 2388 wrote to memory of 4528	2388	Sxr.exe	83
PID 2388 wrote to memory of 4528	2388	Sxr.exe	83
PID 2388 wrote to memory of 4528	2388	Sxr.exe	83
PID 2900 wrote to memory of 4556	2900	Sxr.exe	89
PID 2900 wrote to memory of 4556	2900	Sxr.exe	89
PID 2900 wrote to memory of 4556	2900	Sxr.exe	89
PID 5108 wrote to memory of 4060	5108	Sxr.exe	92
PID 5108 wrote to memory of 4060	5108	Sxr.exe	92
PID 5108 wrote to memory of 4060	5108	Sxr.exe	92

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://www.mediafire.com/file/c2hmxw5gsms9i3v/Sxr.exe/file"
1⤵
PID:4616

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3100

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- NTFS ADS
- Suspicious use of WriteProcessMemory
PID:656
- C:\Users\Admin\Downloads\Sxr.exe
  "C:\Users\Admin\Downloads\Sxr.exe"
  2⤵
  - Executes dropped EXE
  - NTFS ADS
  - Suspicious use of WriteProcessMemory
  PID:2948
- - C:\Users\Admin\AppData\Roaming\XenoManager\Sxr.exe
    "C:\Users\Admin\AppData\Roaming\XenoManager\Sxr.exe"
    3⤵
    - Executes dropped EXE
    PID:4080
- C:\Users\Admin\Downloads\Sxr.exe
  "C:\Users\Admin\Downloads\Sxr.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:2388
- - C:\Windows\SysWOW64\schtasks.exe
    "schtasks.exe" /Create /TN "Win32" /XML "C:\Users\Admin\AppData\Local\Temp\tmp244C.tmp" /F
    3⤵
    - Creates scheduled task(s)
    PID:4528

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:8

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:5004

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:824

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:600

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5012

C:\Users\Admin\Downloads\Sxr.exe
"C:\Users\Admin\Downloads\Sxr.exe"
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2900
- C:\Windows\SysWOW64\schtasks.exe
  "schtasks.exe" /Create /TN "Win32" /XML "C:\Users\Admin\AppData\Local\Temp\tmp748F.tmp" /F
  2⤵
  - Creates scheduled task(s)
  PID:4556

C:\Users\Admin\Downloads\Sxr.exe
"C:\Users\Admin\Downloads\Sxr.exe"
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5108
- C:\Windows\SysWOW64\schtasks.exe
  "schtasks.exe" /Create /TN "Win32" /XML "C:\Users\Admin\AppData\Local\Temp\tmpE8B5.tmp" /F
  2⤵
  - Creates scheduled task(s)
  PID:4060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
4KB

MD5
1bfe591a4fe3d91b03cdf26eaacd8f89

SHA1
719c37c320f518ac168c86723724891950911cea

SHA256
9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

SHA512
02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Sxr.exe.log

Filesize
226B

MD5
957779c42144282d8cd83192b8fbc7cf

SHA1
de83d08d2cca06b9ff3d1ef239d6b60b705d25fe

SHA256
0d7ca7ba65e2b465e4878e324ceab8f8981f5ec06dcf5bc32559a4467a9c7d51

SHA512
f1549c61b4f2906d13b2aabb74772c2bc826cd42373d7bb6c48cbb125d5aa2ec17617e6b5e67e8aae3bb5790cc831cdba48a45008ed01df4fba8be448cce39fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ZDIGHWMN\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UVSMTVDP\Sxr[1].exe

Filesize
172KB

MD5
758530a89ac9cc3adefad4b14f9a3729

SHA1
84e1ba7f09c597318f08e2c07600483f2bf690a9

SHA256
2375fd1cae1a6a5b5cb9731cc39619573becb1eb3e9242a7daa91075aed1fc7e

SHA512
773da188d746e0b30a0493946dd7ebba2e0641bddcec896bf300063c6810f79025a58ee1a7bc9b95dd65955d14fe3895391b123473f920914620828add11ef8a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\89V8LCWR\www.mediafire[1].xml

Filesize
1KB

MD5
aaf443ee308004d6624a68d9b766387d

SHA1
8363a8d28929c9e96b8dea445a70b45030d2bea8

SHA256
e8e4d4862aef0efb97faec33c40356b47de0acee8eb70a0b9346a9c904652f22

SHA512
b0325cb06d627c14a042a09a481396409ba5f227e6f338dd5cacaeda55cc450f3dd72cfc0e5bec99a638dcec6ff07fc99ea777c737ef7cfbe19a1d1690d5411d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\86A2IWCC\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\NO69ZO5K\favicon[1].ico

Filesize
10KB

MD5
a301c91c118c9e041739ad0c85dfe8c5

SHA1
039962373b35960ef2bb5fbbe3856c0859306bf7

SHA256
cdc78cc8b2994712a041a2a4cb02f488afbab00981771bdd3a8036c2dddf540f

SHA512
3a5a2801e0556c96574d8ab5782fc5eab0be2af7003162da819ac99e0737c8876c0db7b42bb7c149c4f4d9cfe61d2878ff1945017708f5f7254071f342a6880a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UVSMTVDP\Sxr[1].exe

Filesize
32KB

MD5
a6f751ba73945c93b7b202d84132c8f2

SHA1
4809a91998ff2f888c3999e62a85162c66897516

SHA256
c18224d795d08a5fa2cc74e210a87c42391bb59cbeee543583faae8b3de4a159

SHA512
7564ed83343cd0c92300d6f35752989ad0ab76006bd9ce6d4fcaa7ce616f4fe5f3bb3267136707e0c2581cdad8c10ca2175e3fb0721dca0675cca7ced1222b48

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp244C.tmp

Filesize
1KB

MD5
c09c69eba5177eb4ad9942365c76637b

SHA1
4179ec1af549cb83a126c8858c4466cc08095516

SHA256
c275de840092a1b83a64fd727ac6a28fdb67a4bbfbc010c861676500fb1666a6

SHA512
4ce2f0d47f1567018aeb41d5895b5517740779bdc331bb10c75ca671547e469dddfe63beed5ef215a8037de356f5705f4de265daa17d4a9920453d5dd543c9b6

Download Submit
C:\Users\Admin\AppData\Roaming\XenoManager\Sxr.exe:Zone.Identifier

Filesize
372B

MD5
9e291d1b091a2ddab53bd8a190fb81bb

SHA1
1552dcb4b67ea458489ccfee5249cecbfc2fefba

SHA256
aa757f34dfe7f717eec07fcb535ebce0e973197fec6ea3ee01ef538889c9fe8a

SHA512
018dba06b19ceb67c138d2d3cb86bd8452cdef8fc9f9b1a85af65e140f4a3f7ece40949bae1058e636ed47ebde55473774d3877724393bc49bcdac1b4047709f

Download Submit
memory/824-142-0x0000027251780000-0x0000027251782000-memory.dmp

Filesize
8KB

Download
memory/824-501-0x000002723F430000-0x000002723F440000-memory.dmp

Filesize
64KB

Download
memory/824-125-0x0000027251540000-0x0000027251542000-memory.dmp

Filesize
8KB

Download
memory/824-147-0x00000272517E0000-0x00000272517E2000-memory.dmp

Filesize
8KB

Download
memory/824-150-0x00000272517F0000-0x00000272517F2000-memory.dmp

Filesize
8KB

Download
memory/824-154-0x0000027251AE0000-0x0000027251AE2000-memory.dmp

Filesize
8KB

Download
memory/824-122-0x00000272517D0000-0x00000272517D2000-memory.dmp

Filesize
8KB

Download
memory/824-61-0x000002723F420000-0x000002723F422000-memory.dmp

Filesize
8KB

Download
memory/824-117-0x0000027251770000-0x0000027251772000-memory.dmp

Filesize
8KB

Download
memory/824-226-0x0000027252C30000-0x0000027252D30000-memory.dmp

Filesize
1024KB

Download
memory/824-254-0x00000272514C0000-0x00000272514C2000-memory.dmp

Filesize
8KB

Download
memory/824-259-0x0000027252740000-0x0000027252760000-memory.dmp

Filesize
128KB

Download
memory/824-107-0x00000272515C0000-0x00000272515C2000-memory.dmp

Filesize
8KB

Download
memory/824-276-0x0000027255C80000-0x0000027255CA0000-memory.dmp

Filesize
128KB

Download
memory/824-286-0x0000027251EC0000-0x0000027251EC2000-memory.dmp

Filesize
8KB

Download
memory/824-396-0x0000027256220000-0x0000027256240000-memory.dmp

Filesize
128KB

Download
memory/824-500-0x000002723F430000-0x000002723F440000-memory.dmp

Filesize
64KB

Download
memory/824-503-0x000002723F430000-0x000002723F440000-memory.dmp

Filesize
64KB

Download
memory/824-502-0x000002723F430000-0x000002723F440000-memory.dmp

Filesize
64KB

Download
memory/824-129-0x0000027251560000-0x0000027251562000-memory.dmp

Filesize
8KB

Download
memory/824-504-0x000002723F430000-0x000002723F440000-memory.dmp

Filesize
64KB

Download
memory/824-510-0x0000027254E00000-0x0000027254F00000-memory.dmp

Filesize
1024KB

Download
memory/824-511-0x000002723F430000-0x000002723F440000-memory.dmp

Filesize
64KB

Download
memory/824-509-0x000002723F430000-0x000002723F440000-memory.dmp

Filesize
64KB

Download
memory/824-508-0x0000027254E00000-0x0000027254F00000-memory.dmp

Filesize
1024KB

Download
memory/824-507-0x000002723F430000-0x000002723F440000-memory.dmp

Filesize
64KB

Download
memory/824-112-0x00000272510B0000-0x00000272510D0000-memory.dmp

Filesize
128KB

Download
memory/824-68-0x000002723F450000-0x000002723F452000-memory.dmp

Filesize
8KB

Download
memory/824-65-0x000002723F4A0000-0x000002723F4A2000-memory.dmp

Filesize
8KB

Download
memory/2388-1318-0x0000000005230000-0x0000000005240000-memory.dmp

Filesize
64KB

Download
memory/2388-1282-0x0000000073280000-0x000000007396E000-memory.dmp

Filesize
6.9MB

Download
memory/2388-1283-0x0000000002B90000-0x0000000002B96000-memory.dmp

Filesize
24KB

Download
memory/2388-1314-0x0000000073280000-0x000000007396E000-memory.dmp

Filesize
6.9MB

Download
memory/2388-1285-0x0000000005230000-0x0000000005240000-memory.dmp

Filesize
64KB

Download
memory/2900-1320-0x0000000004CB0000-0x0000000004CC0000-memory.dmp

Filesize
64KB

Download
memory/2900-1319-0x0000000073280000-0x000000007396E000-memory.dmp

Filesize
6.9MB

Download
memory/2900-1359-0x0000000073280000-0x000000007396E000-memory.dmp

Filesize
6.9MB

Download
memory/2900-1362-0x0000000004CB0000-0x0000000004CC0000-memory.dmp

Filesize
64KB

Download
memory/2948-1296-0x0000000073280000-0x000000007396E000-memory.dmp

Filesize
6.9MB

Download
memory/2948-1284-0x0000000004980000-0x0000000004990000-memory.dmp

Filesize
64KB

Download
memory/2948-1279-0x0000000073280000-0x000000007396E000-memory.dmp

Filesize
6.9MB

Download
memory/2948-1278-0x0000000000160000-0x0000000000192000-memory.dmp

Filesize
200KB

Download
memory/3100-0-0x000002299C920000-0x000002299C930000-memory.dmp

Filesize
64KB

Download
memory/3100-188-0x00000229A30F0000-0x00000229A30F1000-memory.dmp

Filesize
4KB

Download
memory/3100-189-0x00000229A3100000-0x00000229A3101000-memory.dmp

Filesize
4KB

Download
memory/3100-35-0x000002299CAF0000-0x000002299CAF2000-memory.dmp

Filesize
8KB

Download
memory/3100-16-0x000002299D1C0000-0x000002299D1D0000-memory.dmp

Filesize
64KB

Download
memory/4080-1297-0x0000000073280000-0x000000007396E000-memory.dmp

Filesize
6.9MB

Download
memory/4080-1299-0x0000000073280000-0x000000007396E000-memory.dmp

Filesize
6.9MB

Download
memory/4080-1298-0x00000000022F0000-0x0000000002300000-memory.dmp

Filesize
64KB

Download
memory/5108-1364-0x0000000073280000-0x000000007396E000-memory.dmp

Filesize
6.9MB

Download
memory/5108-1365-0x0000000002A80000-0x0000000002A90000-memory.dmp

Filesize
64KB

Download
memory/5108-1377-0x0000000073280000-0x000000007396E000-memory.dmp

Filesize
6.9MB

Download
memory/5108-1378-0x0000000002A80000-0x0000000002A90000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads