555193b4bf22d78d744acb28089caf091ca95bdd57653dd3ac267c71708dd001

Resubmissions

20/06/2024, 20:02

240620-yr3vxsvgqg 7

20/06/2024, 19:59

240620-yqfc8svgjd 10

Analysis

max time kernel
28s
max time network
38s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
20/06/2024, 20:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Exela.exe
Size

21.0MB
MD5

78352c63f0742abb60ef2c4d3d6d5056
SHA1

e546b7f2f3b8415af09130bb50bec5fb3d94a6fd
SHA256

555193b4bf22d78d744acb28089caf091ca95bdd57653dd3ac267c71708dd001
SHA512

e2e91829fc1ecc67d5e8512b9064a5423dc2f718db2644d2aa67c2d3a66fce22b4c6d0f6d50d4224fffc3c37761463df3779250856bffb04a32b1aa86f0a11e7
SSDEEP

196608:KGlZOOepe+x+aPXq7n0jc/bPeNlInY7/s/bRy8rlMxRW5ygjbM:NY+X7n0jcwlIus/b02r

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 31 IoCs

pid	Process
5032	Exela.exe
5032	Exela.exe
5032	Exela.exe
5032	Exela.exe
5032	Exela.exe
5032	Exela.exe
5032	Exela.exe
5032	Exela.exe
5032	Exela.exe
5032	Exela.exe
5032	Exela.exe
5032	Exela.exe
5032	Exela.exe
5032	Exela.exe
5032	Exela.exe
5032	Exela.exe
5032	Exela.exe
5032	Exela.exe
5032	Exela.exe
5032	Exela.exe
5032	Exela.exe
5032	Exela.exe
5032	Exela.exe
5032	Exela.exe
5032	Exela.exe
5032	Exela.exe
5032	Exela.exe
5032	Exela.exe
5032	Exela.exe
5032	Exela.exe
5032	Exela.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x0007000000023264-47.dat	upx
behavioral2/memory/5032-51-0x00007FFC4EE30000-0x00007FFC4F29E000-memory.dmp	upx
behavioral2/files/0x0007000000023248-53.dat	upx
behavioral2/files/0x000700000002325e-58.dat	upx
behavioral2/memory/5032-59-0x00007FFC5FAA0000-0x00007FFC5FAC4000-memory.dmp	upx
behavioral2/memory/5032-61-0x00007FFC5FBF0000-0x00007FFC5FBFF000-memory.dmp	upx
behavioral2/files/0x000700000002324f-62.dat	upx
behavioral2/memory/5032-64-0x00007FFC5F7C0000-0x00007FFC5F7D9000-memory.dmp	upx
behavioral2/files/0x0007000000023265-65.dat	upx
behavioral2/memory/5032-67-0x00007FFC5F7B0000-0x00007FFC5F7BD000-memory.dmp	upx
behavioral2/files/0x0007000000023246-68.dat	upx
behavioral2/memory/5032-71-0x00007FFC5F240000-0x00007FFC5F259000-memory.dmp	upx
behavioral2/files/0x000700000002324b-70.dat	upx
behavioral2/memory/5032-73-0x00007FFC5F140000-0x00007FFC5F16D000-memory.dmp	upx
behavioral2/files/0x0007000000023250-74.dat	upx
behavioral2/memory/5032-77-0x00007FFC5F220000-0x00007FFC5F23F000-memory.dmp	upx
behavioral2/files/0x0007000000023266-76.dat	upx
behavioral2/memory/5032-79-0x00007FFC4E720000-0x00007FFC4E889000-memory.dmp	upx
behavioral2/files/0x0007000000023251-80.dat	upx
behavioral2/files/0x000700000002325d-82.dat	upx
behavioral2/memory/5032-84-0x00007FFC5F110000-0x00007FFC5F13E000-memory.dmp	upx
behavioral2/files/0x000700000002325f-83.dat	upx
behavioral2/memory/5032-87-0x00007FFC5F050000-0x00007FFC5F108000-memory.dmp	upx
behavioral2/memory/5032-86-0x00007FFC4EE30000-0x00007FFC4F29E000-memory.dmp	upx
behavioral2/memory/5032-90-0x00007FFC5FAA0000-0x00007FFC5FAC4000-memory.dmp	upx
behavioral2/memory/5032-91-0x00007FFC4DC00000-0x00007FFC4DF75000-memory.dmp	upx
behavioral2/files/0x0007000000023244-93.dat	upx
behavioral2/memory/5032-95-0x00007FFC593D0000-0x00007FFC593E5000-memory.dmp	upx
behavioral2/files/0x000700000002324d-96.dat	upx
behavioral2/memory/5032-99-0x00007FFC5F7A0000-0x00007FFC5F7B0000-memory.dmp	upx
behavioral2/memory/5032-98-0x00007FFC5F7C0000-0x00007FFC5F7D9000-memory.dmp	upx
behavioral2/files/0x0007000000023261-100.dat	upx
behavioral2/memory/5032-102-0x00007FFC55A60000-0x00007FFC55A74000-memory.dmp	upx
behavioral2/files/0x000700000002324a-103.dat	upx
behavioral2/memory/5032-105-0x00007FFC4DAC0000-0x00007FFC4DAD4000-memory.dmp	upx
behavioral2/files/0x0007000000023267-106.dat	upx
behavioral2/memory/5032-108-0x00007FFC4D6F0000-0x00007FFC4D808000-memory.dmp	upx
behavioral2/files/0x0007000000023269-109.dat	upx
behavioral2/memory/5032-112-0x00007FFC5F440000-0x00007FFC5F462000-memory.dmp	upx
behavioral2/memory/5032-111-0x00007FFC5F220000-0x00007FFC5F23F000-memory.dmp	upx
behavioral2/files/0x0007000000023254-113.dat	upx
behavioral2/memory/5032-117-0x00007FFC5F3E0000-0x00007FFC5F3F7000-memory.dmp	upx
behavioral2/memory/5032-116-0x00007FFC4E720000-0x00007FFC4E889000-memory.dmp	upx
behavioral2/files/0x0007000000023245-118.dat	upx
behavioral2/memory/5032-120-0x00007FFC4D350000-0x00007FFC4D41F000-memory.dmp	upx
behavioral2/files/0x0007000000023256-122.dat	upx
behavioral2/files/0x0007000000023255-123.dat	upx
behavioral2/memory/5032-125-0x00007FFC4D810000-0x00007FFC4D829000-memory.dmp	upx
behavioral2/memory/5032-124-0x00007FFC5F050000-0x00007FFC5F108000-memory.dmp	upx
behavioral2/memory/5032-119-0x00007FFC5F110000-0x00007FFC5F13E000-memory.dmp	upx
behavioral2/files/0x0007000000023257-128.dat	upx
behavioral2/memory/5032-129-0x00007FFC4DC00000-0x00007FFC4DF75000-memory.dmp	upx
behavioral2/files/0x0007000000023252-134.dat	upx
behavioral2/memory/5032-136-0x00007FFC56680000-0x00007FFC5668A000-memory.dmp	upx
behavioral2/files/0x000700000002325c-137.dat	upx
behavioral2/memory/5032-135-0x00007FFC593D0000-0x00007FFC593E5000-memory.dmp	upx
behavioral2/memory/5032-140-0x00007FFC4D010000-0x00007FFC4D02E000-memory.dmp	upx
behavioral2/memory/5032-139-0x00007FFC5F7A0000-0x00007FFC5F7B0000-memory.dmp	upx
behavioral2/files/0x000700000002325a-141.dat	upx
behavioral2/memory/5032-133-0x00007FFC4D220000-0x00007FFC4D231000-memory.dmp	upx
behavioral2/memory/5032-132-0x00007FFC4D240000-0x00007FFC4D28C000-memory.dmp	upx
behavioral2/memory/5032-143-0x00007FFC4C910000-0x00007FFC4D005000-memory.dmp	upx
behavioral2/files/0x0007000000023247-144.dat	upx
behavioral2/memory/5032-146-0x00007FFC4C8D0000-0x00007FFC4C908000-memory.dmp	upx

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Detects videocard installed 1 TTPs 1 IoCs

Uses WMIC.exe to determine videocard installed.

System Information Discovery

T1082

pid	Process
2452	WMIC.exe

Enumerates processes with tasklist 1 TTPs 2 IoCs

Process Discovery

T1057

pid	Process
3092	tasklist.exe
3604	tasklist.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	4336	WMIC.exe
Token: SeSecurityPrivilege	4336	WMIC.exe
Token: SeTakeOwnershipPrivilege	4336	WMIC.exe
Token: SeLoadDriverPrivilege	4336	WMIC.exe
Token: SeSystemProfilePrivilege	4336	WMIC.exe
Token: SeSystemtimePrivilege	4336	WMIC.exe
Token: SeProfSingleProcessPrivilege	4336	WMIC.exe
Token: SeIncBasePriorityPrivilege	4336	WMIC.exe
Token: SeCreatePagefilePrivilege	4336	WMIC.exe
Token: SeBackupPrivilege	4336	WMIC.exe
Token: SeRestorePrivilege	4336	WMIC.exe
Token: SeShutdownPrivilege	4336	WMIC.exe
Token: SeDebugPrivilege	4336	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4336	WMIC.exe
Token: SeRemoteShutdownPrivilege	4336	WMIC.exe
Token: SeUndockPrivilege	4336	WMIC.exe
Token: SeManageVolumePrivilege	4336	WMIC.exe
Token: 33	4336	WMIC.exe
Token: 34	4336	WMIC.exe
Token: 35	4336	WMIC.exe
Token: 36	4336	WMIC.exe
Token: SeIncreaseQuotaPrivilege	2452	WMIC.exe
Token: SeSecurityPrivilege	2452	WMIC.exe
Token: SeTakeOwnershipPrivilege	2452	WMIC.exe
Token: SeLoadDriverPrivilege	2452	WMIC.exe
Token: SeSystemProfilePrivilege	2452	WMIC.exe
Token: SeSystemtimePrivilege	2452	WMIC.exe
Token: SeProfSingleProcessPrivilege	2452	WMIC.exe
Token: SeIncBasePriorityPrivilege	2452	WMIC.exe
Token: SeCreatePagefilePrivilege	2452	WMIC.exe
Token: SeBackupPrivilege	2452	WMIC.exe
Token: SeRestorePrivilege	2452	WMIC.exe
Token: SeShutdownPrivilege	2452	WMIC.exe
Token: SeDebugPrivilege	2452	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2452	WMIC.exe
Token: SeRemoteShutdownPrivilege	2452	WMIC.exe
Token: SeUndockPrivilege	2452	WMIC.exe
Token: SeManageVolumePrivilege	2452	WMIC.exe
Token: 33	2452	WMIC.exe
Token: 34	2452	WMIC.exe
Token: 35	2452	WMIC.exe
Token: 36	2452	WMIC.exe
Token: SeDebugPrivilege	3092	tasklist.exe
Token: SeIncreaseQuotaPrivilege	4336	WMIC.exe
Token: SeSecurityPrivilege	4336	WMIC.exe
Token: SeTakeOwnershipPrivilege	4336	WMIC.exe
Token: SeLoadDriverPrivilege	4336	WMIC.exe
Token: SeSystemProfilePrivilege	4336	WMIC.exe
Token: SeSystemtimePrivilege	4336	WMIC.exe
Token: SeProfSingleProcessPrivilege	4336	WMIC.exe
Token: SeIncBasePriorityPrivilege	4336	WMIC.exe
Token: SeCreatePagefilePrivilege	4336	WMIC.exe
Token: SeBackupPrivilege	4336	WMIC.exe
Token: SeRestorePrivilege	4336	WMIC.exe
Token: SeShutdownPrivilege	4336	WMIC.exe
Token: SeDebugPrivilege	4336	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4336	WMIC.exe
Token: SeRemoteShutdownPrivilege	4336	WMIC.exe
Token: SeUndockPrivilege	4336	WMIC.exe
Token: SeManageVolumePrivilege	4336	WMIC.exe
Token: 33	4336	WMIC.exe
Token: 34	4336	WMIC.exe
Token: 35	4336	WMIC.exe
Token: 36	4336	WMIC.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3556	firefox.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
3556	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3556	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1656 wrote to memory of 5032	1656	Exela.exe	90
PID 1656 wrote to memory of 5032	1656	Exela.exe	90
PID 5032 wrote to memory of 4444	5032	Exela.exe	92
PID 5032 wrote to memory of 4444	5032	Exela.exe	92
PID 5032 wrote to memory of 2716	5032	Exela.exe	94
PID 5032 wrote to memory of 2716	5032	Exela.exe	94
PID 5032 wrote to memory of 4284	5032	Exela.exe	95
PID 5032 wrote to memory of 4284	5032	Exela.exe	95
PID 5032 wrote to memory of 3428	5032	Exela.exe	96
PID 5032 wrote to memory of 3428	5032	Exela.exe	96
PID 5032 wrote to memory of 3912	5032	Exela.exe	99
PID 5032 wrote to memory of 3912	5032	Exela.exe	99
PID 2716 wrote to memory of 2452	2716	cmd.exe	102
PID 2716 wrote to memory of 2452	2716	cmd.exe	102
PID 4284 wrote to memory of 4336	4284	cmd.exe	103
PID 4284 wrote to memory of 4336	4284	cmd.exe	103
PID 3912 wrote to memory of 3092	3912	cmd.exe	104
PID 3912 wrote to memory of 3092	3912	cmd.exe	104
PID 5032 wrote to memory of 2040	5032	Exela.exe	106
PID 5032 wrote to memory of 2040	5032	Exela.exe	106
PID 2040 wrote to memory of 4300	2040	cmd.exe	108
PID 2040 wrote to memory of 4300	2040	cmd.exe	108
PID 5032 wrote to memory of 2076	5032	Exela.exe	109
PID 5032 wrote to memory of 2076	5032	Exela.exe	109
PID 5032 wrote to memory of 2772	5032	Exela.exe	110
PID 5032 wrote to memory of 2772	5032	Exela.exe	110
PID 2772 wrote to memory of 3604	2772	cmd.exe	113
PID 2772 wrote to memory of 3604	2772	cmd.exe	113
PID 2076 wrote to memory of 4708	2076	cmd.exe	114
PID 2076 wrote to memory of 4708	2076	cmd.exe	114
PID 2072 wrote to memory of 3556	2072	firefox.exe	118
PID 2072 wrote to memory of 3556	2072	firefox.exe	118
PID 2072 wrote to memory of 3556	2072	firefox.exe	118
PID 2072 wrote to memory of 3556	2072	firefox.exe	118
PID 2072 wrote to memory of 3556	2072	firefox.exe	118
PID 2072 wrote to memory of 3556	2072	firefox.exe	118
PID 2072 wrote to memory of 3556	2072	firefox.exe	118
PID 2072 wrote to memory of 3556	2072	firefox.exe	118
PID 2072 wrote to memory of 3556	2072	firefox.exe	118
PID 2072 wrote to memory of 3556	2072	firefox.exe	118
PID 2072 wrote to memory of 3556	2072	firefox.exe	118
PID 3556 wrote to memory of 1860	3556	firefox.exe	121
PID 3556 wrote to memory of 1860	3556	firefox.exe	121
PID 3556 wrote to memory of 1368	3556	firefox.exe	122
PID 3556 wrote to memory of 1368	3556	firefox.exe	122
PID 3556 wrote to memory of 1368	3556	firefox.exe	122
PID 3556 wrote to memory of 1368	3556	firefox.exe	122
PID 3556 wrote to memory of 1368	3556	firefox.exe	122
PID 3556 wrote to memory of 1368	3556	firefox.exe	122
PID 3556 wrote to memory of 1368	3556	firefox.exe	122
PID 3556 wrote to memory of 1368	3556	firefox.exe	122
PID 3556 wrote to memory of 1368	3556	firefox.exe	122
PID 3556 wrote to memory of 1368	3556	firefox.exe	122
PID 3556 wrote to memory of 1368	3556	firefox.exe	122
PID 3556 wrote to memory of 1368	3556	firefox.exe	122
PID 3556 wrote to memory of 1368	3556	firefox.exe	122
PID 3556 wrote to memory of 1368	3556	firefox.exe	122
PID 3556 wrote to memory of 1368	3556	firefox.exe	122
PID 3556 wrote to memory of 1368	3556	firefox.exe	122
PID 3556 wrote to memory of 1368	3556	firefox.exe	122
PID 3556 wrote to memory of 1368	3556	firefox.exe	122
PID 3556 wrote to memory of 1368	3556	firefox.exe	122
PID 3556 wrote to memory of 1368	3556	firefox.exe	122
PID 3556 wrote to memory of 1368	3556	firefox.exe	122

C:\Users\Admin\AppData\Local\Temp\Exela.exe
"C:\Users\Admin\AppData\Local\Temp\Exela.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1656
- C:\Users\Admin\AppData\Local\Temp\Exela.exe
  "C:\Users\Admin\AppData\Local\Temp\Exela.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:5032
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:4444
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2716
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic path win32_VideoController get name
      4⤵
      Detects videocard installed
      Suspicious use of AdjustPrivilegeToken
      PID:2452
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic computersystem get Manufacturer"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4284
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic computersystem get Manufacturer
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:4336
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "gdb --version"
    3⤵
    PID:3428
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tasklist"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3912
  - - C:\Windows\system32\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      Suspicious use of AdjustPrivilegeToken
      PID:3092
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic path Win32_ComputerSystem get Manufacturer"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2040
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic path Win32_ComputerSystem get Manufacturer
      4⤵
      PID:4300
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2076
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic csproduct get uuid
      4⤵
      PID:4708
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "tasklist"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2772
  - - C:\Windows\system32\tasklist.exe
      tasklist
      4⤵
      Enumerates processes with tasklist
      PID:3604

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1384

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2072
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3556
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3556.0.350546311\1732219963" -parentBuildID 20221007134813 -prefsHandle 1880 -prefMapHandle 1872 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {abd1f22d-fe8a-46ef-8c44-0e898c640040} 3556 "\\.\pipe\gecko-crash-server-pipe.3556" 1960 22051ed7e58 gpu
    3⤵
    PID:1860
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3556.1.172233285\929290545" -parentBuildID 20221007134813 -prefsHandle 2348 -prefMapHandle 2344 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a98ecbb-e32d-4025-ba88-0b5c361d8b50} 3556 "\\.\pipe\gecko-crash-server-pipe.3556" 2360 22051df1658 socket
    3⤵
    PID:1368
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3556.2.865863014\1467154604" -childID 1 -isForBrowser -prefsHandle 3020 -prefMapHandle 3016 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b4df00b2-a726-4630-abb7-3c5ec145c989} 3556 "\\.\pipe\gecko-crash-server-pipe.3556" 2940 22051e5d058 tab
    3⤵
    PID:2880
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3556.3.1723782368\1665637270" -childID 2 -isForBrowser -prefsHandle 1076 -prefMapHandle 1044 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0661458a-a797-47d8-8d9c-e2351478ceed} 3556 "\\.\pipe\gecko-crash-server-pipe.3556" 3432 2203e36ae58 tab
    3⤵
    PID:2492
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3556.4.712193312\206177281" -childID 3 -isForBrowser -prefsHandle 3708 -prefMapHandle 3704 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6915c4b1-4495-4d1e-9171-28a595d9bd93} 3556 "\\.\pipe\gecko-crash-server-pipe.3556" 3720 220545c7258 tab
    3⤵
    PID:1864
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3556.5.1328575039\783735823" -childID 4 -isForBrowser -prefsHandle 5124 -prefMapHandle 4976 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d562bc3-eb6f-4722-8ef5-f02c1a2f949e} 3556 "\\.\pipe\gecko-crash-server-pipe.3556" 5136 220562bb958 tab
    3⤵
    PID:5264
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3556.6.1199896819\387951878" -childID 5 -isForBrowser -prefsHandle 5272 -prefMapHandle 5276 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {58e58b72-f289-45b8-ba3b-01f0f4b284cd} 3556 "\\.\pipe\gecko-crash-server-pipe.3556" 5264 2205804f558 tab
    3⤵
    PID:5272
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3556.7.1483022939\845912734" -childID 6 -isForBrowser -prefsHandle 5480 -prefMapHandle 5484 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2fb158f0-3d9c-48f4-bb58-95ea287f2ae8} 3556 "\\.\pipe\gecko-crash-server-pipe.3556" 5472 2205804d158 tab
    3⤵
    PID:5280

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI16562\VCRUNTIME140.dll

Filesize
96KB

MD5
f12681a472b9dd04a812e16096514974

SHA1
6fd102eb3e0b0e6eef08118d71f28702d1a9067c

SHA256
d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8

SHA512
7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16562\_asyncio.pyd

Filesize
34KB

MD5
ab7aea7bb7671b3f59609df0b629b42c

SHA1
7b1ae7eecdee0bf9e5cf623ab8d83ec1b40694ad

SHA256
ee09c6b8c936fe1ca6b53db6e29e96f7b086beeb4665fb84c8097f59dd34a978

SHA512
3090f8711c87fa79c92fdfbfd782a198f6d29837171e90d27e9d39ffae9a7e129269621e021844f75ccc8576bad3ebd2efffe662c7e49407bb6a0d9c46fa18e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16562\_brotli.cp310-win_amd64.pyd

Filesize
274KB

MD5
9c5a11f077905cbd3dc42a233461b22e

SHA1
adb51dd54404d9018238a05218ae8e293c514b80

SHA256
5b56a8861637db3cde975d5f7c1a38616d7df89a34adeaa62f715bbf3e7889bb

SHA512
cd52b809d621aeed2a7b4b4e843388cf222b793ca34d76f7b89f0cc587fb6592b4221b938b69a152bfb9e01baca134a34c1b382ecd56cb4a9dc1f434a32d4b19

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16562\_bz2.pyd

Filesize
46KB

MD5
5de42dcdda26e4aa3d67feaea37d8e14

SHA1
1f76eba020b7699253609aaa4716740ab68212f0

SHA256
1ebf1762129ffd0a1186b51741301e74309744b068f5c5e9f9a4292b7406b992

SHA512
03d2c363335e91dfb653e08ae5b13a1bbce525f7d031514c62b756a92c4d0a259d4dd6a56a8fc291f0a14b4ffd20bad528fe587dfb80dc6f36f184dde821a4e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16562\_cffi_backend.cp310-win_amd64.pyd

Filesize
71KB

MD5
0d43a42cb44ecb9785ccc090a3de3d8f

SHA1
2f77cfa195cfe024d42e2ed287e2194685ec5d7d

SHA256
fdaa50a83947ec292e1773043f077cddfefbb52e53d5575b175eab5987de3242

SHA512
5968654a976699b4653d44912b34fc67a59d821d9e45f271d7d94b18b1a255c265f9e85460b570be04983b15268547a451e5385064616ab750b825b156c4643e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16562\_ctypes.pyd

Filesize
56KB

MD5
01157576d82ed340222e0ff076d157f1

SHA1
6479423eb11d47287174a2484ad9529581de3420

SHA256
36ac4f79c8d502f4dc7a6dd963a595b9df735e33f1b384159782180d71ca441a

SHA512
2821cfb5ee1df2ff22b181a35d4525f60d25d1c049b04f5eddb4f61d66216456954483eccbce5363c5be4b5835a8fbafeebeec4b8846d05826d18621735ba656

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16562\_hashlib.pyd

Filesize
33KB

MD5
b854bac8dc98fa9d95773e3e53a34d25

SHA1
a500ed4b7c4ce15e9f172214119d3dc6d65bd917

SHA256
9184904bee283ca3e5b57c62f3abea51379a4689267a2305f4baf0116385d2f4

SHA512
0c245a38d949f3e8cf9b330fbaafcdfc26eecfbc0f08afeedbc3e78142263d88841a5f0e650807acc77d63c87d7e0ed918d9d1418eede67dbabb73a4ba2648a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16562\_lzma.pyd

Filesize
84KB

MD5
5184313f1019787971f9794cf66a4d43

SHA1
0ff09555a726584edf1c87f9d5a52afd40c0ebbc

SHA256
b8735ad1cbc4249d442ae54c0bca50def626fc642178d14e8be80c11ce081cd7

SHA512
b8f187b5cf8d5148f6d501fe361da6545b267156d22dc57761cbf53c9345950c5f92f3ff3180f53d851076092014f7576a2436c0e1993c346b97ea013343d232

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16562\_overlapped.pyd

Filesize
30KB

MD5
176f0247368a95c1f80657f4815f18b1

SHA1
7b4dc38c54f8acfc8c09aed83379052f5ca05feb

SHA256
5d4de99ef2b2da52bb780adc4c6a3777e852f9adf48daf8fe12108ff3d4ff7c0

SHA512
8f8818357fdf03880ba9b04acb613860874262c42e7352bba7734e6f42c11fa7ee9e16002da99428a1a02f5ba9fc7fd0e7d0f63cdddba95a4f1fb1805b32728f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16562\_socket.pyd

Filesize
41KB

MD5
8fd42cb0e0ce00652b848ed97b3cce8a

SHA1
c9e7cf4b274d4ed54063b038908846c09aea499b

SHA256
f3990dc1a32db5508e599633d3568c4041899edaeacc44712c685bc559ff2cab

SHA512
20aa93ae7bf2d4cca3777ec566f6e173db05f7f087e10e322fe977939f069e5cb62e96942c5ce0eb8461cd13a5017f265752ea807249b53fe90ce5f6802cbcd7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16562\_sqlite3.pyd

Filesize
48KB

MD5
03c9a8df0b71fb8a1dde39d8e13604e7

SHA1
19c7d73a8b4d92a486a702b7e61fd5bf881edfa1

SHA256
d8252ae3cd3a8a3df7ec666e37dfb1bd033b9ea03d77f4943dde8d1060e83874

SHA512
ab4aa9a6fc2e5c2041e54039a37ea2b81f03b68ab3996eecea7da66f298992537e95da6c83c57cb63a45ed6498b4c9fa007f11675322adc2aa24546842b3f10c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16562\_ssl.pyd

Filesize
60KB

MD5
fb89150cbed66664ffe65ac8439cfb2d

SHA1
f5cdbcbf77827e2a5afc03e2a26e9fa9dbce11eb

SHA256
57ff22d8431ae1e74f7dfcb410f1f13deb347e5bc7d40f5eaf59eb58cf7e1019

SHA512
3abb9a23e12731c8b7bab9a73c2564f11c9e3dd1a2eea1b53658bd7d93f4ba8ed63125fad419251a8217343d4c125c52170e018f7ab692a9abdee789c5305531

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16562\_uuid.pyd

Filesize
21KB

MD5
a491e321dcec51d082d3cd568101f551

SHA1
9fce893ee676b01265694c735dfe7591c1d9e0c0

SHA256
feab661f17c839821ce0dc07d89bf714442ad2d3826e603afa1a1f05372c33c8

SHA512
d8efe3091a39fe7b71f8837f154dbfbcda8a1bf187884c55a2d9488e7ab634db856b1c926f398ac509c79c314ce59e3cae5d47e048bbc7b6a5a213251b50a5b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16562\aiohttp\_helpers.cp310-win_amd64.pyd

Filesize
26KB

MD5
24b04e53107114e2dc13f44774e31832

SHA1
01d1d62f47f0d18795c2ccf7ea660a9d20a760e2

SHA256
aaebb74eee86318e3e40b13ae29b0cd2fb53a7b5963dc8ad47a5acf6b3ea9bf4

SHA512
7fec582436b54148459dac4565b801a227831b04bb3f2da1fad6cfa340882009df82327c7992fa40e72635fc472bbc4d936c9c91935edeb0ca1dc13b3c3de2c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16562\aiohttp\_http_parser.cp310-win_amd64.pyd

Filesize
80KB

MD5
fa4f8f1f441d4484676434f3259d2636

SHA1
3cc48b6fd3a9e095ad260db1e0b63089d2790974

SHA256
30107fa8ac62ae46dd41b60f7aff883cfff7e61c225986bf942a332738b915fa

SHA512
aefd22279ebc75d1b9c8af9176e69a935ba6257680fa4ad0c4662a83470b1e201a42e20776cc0bcb9e6981b7861d6805b1d2154237b42b759fcd0df3707c8e34

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16562\aiohttp\_http_writer.cp310-win_amd64.pyd

Filesize
24KB

MD5
50dea505ca281aa212ed274c4a6c8dee

SHA1
9c00ebb80f75016122f0e17d16b4e328930c97f2

SHA256
cf37a3202197a4a51ad604ad054ca056daa23e86d8b4d731aeba76128bd463f2

SHA512
0ff2345a05c8333eda7f68017ca0fb9979ebf2d73575bb9fe17979e86ce226d43bc8942ff5f217cd48afebec782963483c7c00e8de9ad70c377f026a1606afc1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16562\aiohttp\_websocket.cp310-win_amd64.pyd

Filesize
19KB

MD5
d568b417c5f56eda3d369c1ec727cbed

SHA1
eea5b25c417c87913ce0cd7a2d78e80ea658115c

SHA256
6dfa4510da740660fc4f70a79a83b817e55cdb31dd8a393fe78db223ea7b20f3

SHA512
d1749d01a2d64dc1a3182af9b840f4ddadb8f587c403f8a99963fa5a23621f695dc19f6531e1c182219e28d89e4e2f8f55e7b4b9f1f90d673c45302871cbd4df

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16562\base_library.zip

Filesize
812KB

MD5
df49d14d6d87d17ccb2232ed029d8510

SHA1
ca56b190e4084b80b9d877b82fe7844bfb1582e5

SHA256
6ac784b703838cd3ff725b2b694e9656d09075db7a42d5ea1616c7ab0198be30

SHA512
d6dd9c42ce66381b9a2be1b72492ff8b71aee5be58d2d5e23d480f335330008ab512e462ce5826e6ab8d4ad480727a45039a2fa8dd7c3a37c09c9cf8864b29ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16562\cryptography\hazmat\bindings\_rust.pyd

Filesize
2.0MB

MD5
b9f1c1de19b85486e36f7dfcfb5da708

SHA1
939d97a69b46ec9b8cc34da2623b141a608b4c35

SHA256
a502a97210240cd31bab64285a22050e409553de03b7cff981dd17c409d8829b

SHA512
d7cb707837c113579d6130ae3bfb7dc066521efb6ae843d31b27306ae81ea435c5a20408bdb917025b56073dfdf5955198570585f8ab226f36ffe77edf6090d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16562\frozenlist\_frozenlist.cp310-win_amd64.pyd

Filesize
36KB

MD5
703c3909c2a463ae1a766e10c45c9e5a

SHA1
37a1db87e074e9cd9191b1b8d8cc60894adeaf73

SHA256
e7f39b40ba621edfd0dceda41ccdead7c8e96dd1fa34035186db41d26ddee803

SHA512
1c46832b1b7645e3720da6cca170516a38b9fe6a10657e3f5a905166b770c611416c563683ce540b33bc36d37c4a594231e0757458091e3ae9968da2ff029515

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16562\libcrypto-1_1.dll

Filesize
1.1MB

MD5
9c2ffedb0ae90b3985e5cdbedd3363e9

SHA1
a475fbe289a716e1fbe2eab97f76dbba1da322a9

SHA256
7c9418ad6fb6d15acb7d340b7a6533f76337ad302a18e2b4e08d4ee37689913a

SHA512
70d2635d42e24c7426cf5306ed010808f2222049915adb43ffc12c13259c8e7a9fee3a49e096d5ba2b6b733fef18574823d00df2e8d7fb1532e1d65d0c478008

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16562\libffi-7.dll

Filesize
23KB

MD5
8e1d2a11b94e84eaa382d6a680d93f17

SHA1
07750d78022d387292525a7d8385687229795cf1

SHA256
090a90cd17b74abefddf9f82d145effe5c676e7c62cf1a59834528f512d7ee82

SHA512
213bf92a707b14211941e5e071f1926be4b5795babc6df0d168b623ecd6cb7c7e0ae4320369c51d75c75b38ec282b5bf77f15eb94018ae74c8fd14f328b45a4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16562\libssl-1_1.dll

Filesize
203KB

MD5
87bb1a8526b475445b2d7fd298c57587

SHA1
aaad18ea92b132ca74942fd5a9f4c901d02d9b09

SHA256
c35a97d8f24ea84d1e39a8621b6b3027c9ac24885bdd37386c9fcaad1858419d

SHA512
956bd8e9f35c917cbfb570fc633bb2df0d1c2686731fa7179f5e7cd8789e665dd6ff8443e712eafa4e3f8d8661f933cb5675aeb1a2efc195c3bb32211e6d2506

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16562\multidict\_multidict.cp310-win_amd64.pyd

Filesize
20KB

MD5
d282e94282a608185de94e591889e067

SHA1
7d510c2c89c9bd5546cee8475e801df555e620bc

SHA256
84726536b40ff136c6d739d290d7660cd9514e787ab8cefbcbb7c3a8712b69aa

SHA512
e413f7d88dd896d387af5c3cfe3943ba794925c70ffb5f523a200c890bf9ceb6e4da74abe0b1b07d5e7818628cd9bc1f45ebc4e9d1e4316dd4ae27ea5f5450d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16562\python3.DLL

Filesize
63KB

MD5
e0ca371cb1e69e13909bfbd2a7afc60e

SHA1
955c31d85770ae78e929161d6b73a54065187f9e

SHA256
abb50921ef463263acd7e9be19862089045074ea332421d82e765c5f2163e78a

SHA512
dd5a980ba72e4e7be81b927d140e408ad06c7be51b4f509737faee5514e85a42d47518213da1c3e77c25f9bd2eb2109fca173d73d710ff57e6a88a2ff971d0b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16562\python310.dll

Filesize
1.4MB

MD5
c37c30d5cae995bffccc0da265f585ad

SHA1
635668cc5979b81116e0773ab668b1321a91f1c4

SHA256
0b0fc0295c3dbde7021a8224c0c3c842857b416cbccc386b3fce68e442831efe

SHA512
cdaac867ad82eee964a44c41fa8b726b227d10e95e89842dfec8cf29fea71ad53f535e5cb4249af62fbc343ca699795919ba18efde786048fdc9fa74b1fd3d8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16562\select.pyd

Filesize
24KB

MD5
95d036555ab54da526acb5420d54848f

SHA1
3c96a901a428e9dae904001eedc270045c043382

SHA256
08031745dc12a3c96349a3f94f04a7756bd8b7e5eb9b9ce6ce77aca82194f9b7

SHA512
a603ad7ea9c2182e46d92db347b34db6974d9e8db8c53c5cd1ad34262771acd137605cc6303ea81745d3a548126fd0e677e402168f3468b7316e745ef5cfb8be

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16562\sqlite3.dll

Filesize
606KB

MD5
c59f0b781b3ef33cf7caba7017b5f6f1

SHA1
ac5c99d8c2cb4ab43bc81526ecde6cef63c41540

SHA256
1c7502d800a0b7f884de8fba2e39c59102c828f6b2d4e1152f1edef70d30c880

SHA512
fd6d22aff8470fa2c516f669d37495b977c32ca4325f37990860e6133781397f6525547c8ae0230bbb9d658d89f9904d6a744232a2ee2f5dd58671ce07d4bef6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16562\unicodedata.pyd

Filesize
288KB

MD5
5e0ed31e6ca1ad3d9b055c2684e7c029

SHA1
896a2155855531793ee7d753ce980ba434463982

SHA256
0fc3b411684836f4731e08fadaaa59f198dbb2b576a267def19eea33b29e51c5

SHA512
02a6bb34d750ea95f6b52562729dc30aad9bef332cb04f98b0fbe45f76510766c0ffc0dca5356136c1738116543645743c0aca44251bdaae226a3e2c59a58ac8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI16562\yarl\_quoting_c.cp310-win_amd64.pyd

Filesize
40KB

MD5
50dee02b7fe56be5b7ae5bd09faa41ef

SHA1
69123e3aabd7070a551e44336f9ed83d96d333f8

SHA256
91067e48b7dff282a92995afaffff637f8a3b1164d05a25aea0393d5366c6b52

SHA512
7a67c23513a695b2fc527df264564ee08d29d98f0d99ff0700d1c54fbca0c519fa224fc2b5ff696cf016da9001e41842d35afb4fb4c06acf9e9aff08ca2d7dd6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
28ddb56f54ce1e6e962887ed39918aeb

SHA1
018cdf48fe046834cecc4ed36b092412fc345218

SHA256
3cbd0f7f6a693ff5c587563e0c0e45ad0a3a9765d39ab3458528d6439e09a729

SHA512
f159f22fe970f1bf13c4ac634d25fc5dde45c3fe0e4bae80ca17d3aa380b47e48296e16bd1025f482f7e960eeb0eea53a7e070eae80c5daefca385d4ae1ebd73

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\5d9462ee-b72d-4be4-9ae7-0c277a0b5978

Filesize
10KB

MD5
a1d5fb68f0d1d9960fbf644a483b6ab1

SHA1
b2629d4f984758204647a218e0bfd61bee005db4

SHA256
4b014c5c92a736aa641795f5a51751e4fd41aa740f3940ff386c023b9ce73e5a

SHA512
cbac3450592a6fa0ffc1d6f827bd32083324a7b658b0c81a6de28684567bf20280d536de3f1026e7aef532147d471d252af51b2bfa2ee59274e3443d113dd2e5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\efbd8677-33ae-46c7-85bc-d1ad0dfef375

Filesize
746B

MD5
77ccd8952c5d713dcfbb62c2377d55a0

SHA1
841d87f5754b60dd0f50ce025700c646f57cb595

SHA256
167e1fee809a493abef6a092dc9e256aaee418034bd6ccc2aa95e25579ad2a0b

SHA512
aac4d78269051b14f76a6ec7db6ac4a120276cb92905ff1d6b10ecc1a4ba0575b60e6dc8f96be86d2c662b03106bcf6c8d8dddde1d83767ea60c6bbbec7ea9a0

Download Submit
memory/5032-84-0x00007FFC5F110000-0x00007FFC5F13E000-memory.dmp

Filesize
184KB

Download
memory/5032-143-0x00007FFC4C910000-0x00007FFC4D005000-memory.dmp

Filesize
7.0MB

Download
memory/5032-99-0x00007FFC5F7A0000-0x00007FFC5F7B0000-memory.dmp

Filesize
64KB

Download
memory/5032-102-0x00007FFC55A60000-0x00007FFC55A74000-memory.dmp

Filesize
80KB

Download
memory/5032-95-0x00007FFC593D0000-0x00007FFC593E5000-memory.dmp

Filesize
84KB

Download
memory/5032-105-0x00007FFC4DAC0000-0x00007FFC4DAD4000-memory.dmp

Filesize
80KB

Download
memory/5032-92-0x00000207D3D00000-0x00000207D4075000-memory.dmp

Filesize
3.5MB

Download
memory/5032-108-0x00007FFC4D6F0000-0x00007FFC4D808000-memory.dmp

Filesize
1.1MB

Download
memory/5032-91-0x00007FFC4DC00000-0x00007FFC4DF75000-memory.dmp

Filesize
3.5MB

Download
memory/5032-112-0x00007FFC5F440000-0x00007FFC5F462000-memory.dmp

Filesize
136KB

Download
memory/5032-111-0x00007FFC5F220000-0x00007FFC5F23F000-memory.dmp

Filesize
124KB

Download
memory/5032-90-0x00007FFC5FAA0000-0x00007FFC5FAC4000-memory.dmp

Filesize
144KB

Download
memory/5032-117-0x00007FFC5F3E0000-0x00007FFC5F3F7000-memory.dmp

Filesize
92KB

Download
memory/5032-116-0x00007FFC4E720000-0x00007FFC4E889000-memory.dmp

Filesize
1.4MB

Download
memory/5032-86-0x00007FFC4EE30000-0x00007FFC4F29E000-memory.dmp

Filesize
4.4MB

Download
memory/5032-120-0x00007FFC4D350000-0x00007FFC4D41F000-memory.dmp

Filesize
828KB

Download
memory/5032-87-0x00007FFC5F050000-0x00007FFC5F108000-memory.dmp

Filesize
736KB

Download
memory/5032-79-0x00007FFC4E720000-0x00007FFC4E889000-memory.dmp

Filesize
1.4MB

Download
memory/5032-125-0x00007FFC4D810000-0x00007FFC4D829000-memory.dmp

Filesize
100KB

Download
memory/5032-124-0x00007FFC5F050000-0x00007FFC5F108000-memory.dmp

Filesize
736KB

Download
memory/5032-119-0x00007FFC5F110000-0x00007FFC5F13E000-memory.dmp

Filesize
184KB

Download
memory/5032-77-0x00007FFC5F220000-0x00007FFC5F23F000-memory.dmp

Filesize
124KB

Download
memory/5032-129-0x00007FFC4DC00000-0x00007FFC4DF75000-memory.dmp

Filesize
3.5MB

Download
memory/5032-73-0x00007FFC5F140000-0x00007FFC5F16D000-memory.dmp

Filesize
180KB

Download
memory/5032-136-0x00007FFC56680000-0x00007FFC5668A000-memory.dmp

Filesize
40KB

Download
memory/5032-71-0x00007FFC5F240000-0x00007FFC5F259000-memory.dmp

Filesize
100KB

Download
memory/5032-135-0x00007FFC593D0000-0x00007FFC593E5000-memory.dmp

Filesize
84KB

Download
memory/5032-140-0x00007FFC4D010000-0x00007FFC4D02E000-memory.dmp

Filesize
120KB

Download
memory/5032-139-0x00007FFC5F7A0000-0x00007FFC5F7B0000-memory.dmp

Filesize
64KB

Download
memory/5032-67-0x00007FFC5F7B0000-0x00007FFC5F7BD000-memory.dmp

Filesize
52KB

Download
memory/5032-133-0x00007FFC4D220000-0x00007FFC4D231000-memory.dmp

Filesize
68KB

Download
memory/5032-132-0x00007FFC4D240000-0x00007FFC4D28C000-memory.dmp

Filesize
304KB

Download
memory/5032-131-0x00000207D3D00000-0x00000207D4075000-memory.dmp

Filesize
3.5MB

Download
memory/5032-98-0x00007FFC5F7C0000-0x00007FFC5F7D9000-memory.dmp

Filesize
100KB

Download
memory/5032-64-0x00007FFC5F7C0000-0x00007FFC5F7D9000-memory.dmp

Filesize
100KB

Download
memory/5032-146-0x00007FFC4C8D0000-0x00007FFC4C908000-memory.dmp

Filesize
224KB

Download
memory/5032-156-0x00007FFC5FAA0000-0x00007FFC5FAC4000-memory.dmp

Filesize
144KB

Download
memory/5032-161-0x00007FFC5F140000-0x00007FFC5F16D000-memory.dmp

Filesize
180KB

Download
memory/5032-179-0x00007FFC4D010000-0x00007FFC4D02E000-memory.dmp

Filesize
120KB

Download
memory/5032-180-0x00007FFC4C910000-0x00007FFC4D005000-memory.dmp

Filesize
7.0MB

Download
memory/5032-178-0x00007FFC56680000-0x00007FFC5668A000-memory.dmp

Filesize
40KB

Download
memory/5032-177-0x00007FFC4D220000-0x00007FFC4D231000-memory.dmp

Filesize
68KB

Download
memory/5032-176-0x00007FFC4D240000-0x00007FFC4D28C000-memory.dmp

Filesize
304KB

Download
memory/5032-175-0x00007FFC4D810000-0x00007FFC4D829000-memory.dmp

Filesize
100KB

Download
memory/5032-174-0x00007FFC4D350000-0x00007FFC4D41F000-memory.dmp

Filesize
828KB

Download
memory/5032-173-0x00007FFC5F3E0000-0x00007FFC5F3F7000-memory.dmp

Filesize
92KB

Download
memory/5032-172-0x00007FFC5F440000-0x00007FFC5F462000-memory.dmp

Filesize
136KB

Download
memory/5032-171-0x00007FFC4D6F0000-0x00007FFC4D808000-memory.dmp

Filesize
1.1MB

Download
memory/5032-170-0x00007FFC4DAC0000-0x00007FFC4DAD4000-memory.dmp

Filesize
80KB

Download
memory/5032-169-0x00007FFC55A60000-0x00007FFC55A74000-memory.dmp

Filesize
80KB

Download
memory/5032-168-0x00007FFC5F7A0000-0x00007FFC5F7B0000-memory.dmp

Filesize
64KB

Download
memory/5032-167-0x00007FFC593D0000-0x00007FFC593E5000-memory.dmp

Filesize
84KB

Download
memory/5032-166-0x00007FFC4DC00000-0x00007FFC4DF75000-memory.dmp

Filesize
3.5MB

Download
memory/5032-163-0x00007FFC4E720000-0x00007FFC4E889000-memory.dmp

Filesize
1.4MB

Download
memory/5032-162-0x00007FFC5F220000-0x00007FFC5F23F000-memory.dmp

Filesize
124KB

Download
memory/5032-160-0x00007FFC5F240000-0x00007FFC5F259000-memory.dmp

Filesize
100KB

Download
memory/5032-159-0x00007FFC5F7B0000-0x00007FFC5F7BD000-memory.dmp

Filesize
52KB

Download
memory/5032-158-0x00007FFC5F7C0000-0x00007FFC5F7D9000-memory.dmp

Filesize
100KB

Download
memory/5032-181-0x00007FFC4C8D0000-0x00007FFC4C908000-memory.dmp

Filesize
224KB

Download
memory/5032-165-0x00007FFC5F050000-0x00007FFC5F108000-memory.dmp

Filesize
736KB

Download
memory/5032-164-0x00007FFC5F110000-0x00007FFC5F13E000-memory.dmp

Filesize
184KB

Download
memory/5032-157-0x00007FFC5FBF0000-0x00007FFC5FBFF000-memory.dmp

Filesize
60KB

Download
memory/5032-155-0x00007FFC4EE30000-0x00007FFC4F29E000-memory.dmp

Filesize
4.4MB

Download
memory/5032-61-0x00007FFC5FBF0000-0x00007FFC5FBFF000-memory.dmp

Filesize
60KB

Download
memory/5032-59-0x00007FFC5FAA0000-0x00007FFC5FAC4000-memory.dmp

Filesize
144KB

Download
memory/5032-51-0x00007FFC4EE30000-0x00007FFC4F29E000-memory.dmp

Filesize
4.4MB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads