e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
10/08/2024, 21:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
Size

3.1MB
MD5

38f619582609c19210fccc5978fd7a9e
SHA1

cde2a538a01e5cadd03c3cf11898f8bce3ba2ee0
SHA256

e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5
SHA512

1c2dc2a7e3c42f45df896af434eb7a303fee35eded9ad9ca29cd6c069af755e638d5616804f26854b6caf7fcd17f5d76fe97a8ff95583426e914644ca1132afa
SSDEEP

98304:DwVppcSYwQJB1mtUC6hbPVNkAPlNymL1Z1IFi3YGw:DwWsQIWCcjVZ/r1U

Score

9^/10

credential_access discovery stealer

Malware Config

Signatures

Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
credential_access stealer

Credentials from Web Browsers
T1555.003

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe

AutoIT Executable 15 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/memory/2352-352-0x0000000000F20000-0x0000000001A05000-memory.dmp	autoit_exe
behavioral1/memory/2352-363-0x0000000000F20000-0x0000000001A05000-memory.dmp	autoit_exe
behavioral1/memory/2352-364-0x0000000000F20000-0x0000000001A05000-memory.dmp	autoit_exe
behavioral1/memory/2352-425-0x0000000000F20000-0x0000000001A05000-memory.dmp	autoit_exe
behavioral1/memory/2352-1417-0x0000000000F20000-0x0000000001A05000-memory.dmp	autoit_exe
behavioral1/memory/2352-2486-0x0000000000F20000-0x0000000001A05000-memory.dmp	autoit_exe
behavioral1/memory/2352-2487-0x0000000000F20000-0x0000000001A05000-memory.dmp	autoit_exe
behavioral1/memory/2352-2494-0x0000000000F20000-0x0000000001A05000-memory.dmp	autoit_exe
behavioral1/memory/2352-2495-0x0000000000F20000-0x0000000001A05000-memory.dmp	autoit_exe
behavioral1/memory/2352-2496-0x0000000000F20000-0x0000000001A05000-memory.dmp	autoit_exe
behavioral1/memory/2352-2497-0x0000000000F20000-0x0000000001A05000-memory.dmp	autoit_exe
behavioral1/memory/2352-2498-0x0000000000F20000-0x0000000001A05000-memory.dmp	autoit_exe
behavioral1/memory/2352-2499-0x0000000000F20000-0x0000000001A05000-memory.dmp	autoit_exe
behavioral1/memory/2352-2505-0x0000000000F20000-0x0000000001A05000-memory.dmp	autoit_exe
behavioral1/memory/2352-2506-0x0000000000F20000-0x0000000001A05000-memory.dmp	autoit_exe

Suspicious use of NtSetInformationThreadHideFromDebugger 16 IoCs

pid	Process
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	320	firefox.exe
Token: SeDebugPrivilege	320	firefox.exe
Token: SeDebugPrivilege	320	firefox.exe
Token: SeDebugPrivilege	320	firefox.exe
Token: SeDebugPrivilege	320	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
320	firefox.exe
320	firefox.exe
320	firefox.exe
320	firefox.exe
320	firefox.exe
320	firefox.exe
320	firefox.exe
320	firefox.exe
320	firefox.exe
320	firefox.exe
320	firefox.exe
320	firefox.exe
320	firefox.exe
320	firefox.exe
320	firefox.exe
320	firefox.exe
320	firefox.exe
320	firefox.exe
320	firefox.exe
320	firefox.exe
320	firefox.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
320	firefox.exe
320	firefox.exe
320	firefox.exe
320	firefox.exe
320	firefox.exe
320	firefox.exe
320	firefox.exe
320	firefox.exe
320	firefox.exe
320	firefox.exe
320	firefox.exe
320	firefox.exe
320	firefox.exe
320	firefox.exe
320	firefox.exe
320	firefox.exe
320	firefox.exe
320	firefox.exe
320	firefox.exe
320	firefox.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
320	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2352 wrote to memory of 2028	2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe	89
PID 2352 wrote to memory of 2028	2352	e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe	89
PID 2028 wrote to memory of 320	2028	firefox.exe	91
PID 2028 wrote to memory of 320	2028	firefox.exe	91
PID 2028 wrote to memory of 320	2028	firefox.exe	91
PID 2028 wrote to memory of 320	2028	firefox.exe	91
PID 2028 wrote to memory of 320	2028	firefox.exe	91
PID 2028 wrote to memory of 320	2028	firefox.exe	91
PID 2028 wrote to memory of 320	2028	firefox.exe	91
PID 2028 wrote to memory of 320	2028	firefox.exe	91
PID 2028 wrote to memory of 320	2028	firefox.exe	91
PID 2028 wrote to memory of 320	2028	firefox.exe	91
PID 2028 wrote to memory of 320	2028	firefox.exe	91
PID 320 wrote to memory of 1864	320	firefox.exe	92
PID 320 wrote to memory of 1864	320	firefox.exe	92
PID 320 wrote to memory of 1864	320	firefox.exe	92
PID 320 wrote to memory of 1864	320	firefox.exe	92
PID 320 wrote to memory of 1864	320	firefox.exe	92
PID 320 wrote to memory of 1864	320	firefox.exe	92
PID 320 wrote to memory of 1864	320	firefox.exe	92
PID 320 wrote to memory of 1864	320	firefox.exe	92
PID 320 wrote to memory of 1864	320	firefox.exe	92
PID 320 wrote to memory of 1864	320	firefox.exe	92
PID 320 wrote to memory of 1864	320	firefox.exe	92
PID 320 wrote to memory of 1864	320	firefox.exe	92
PID 320 wrote to memory of 1864	320	firefox.exe	92
PID 320 wrote to memory of 1864	320	firefox.exe	92
PID 320 wrote to memory of 1864	320	firefox.exe	92
PID 320 wrote to memory of 1864	320	firefox.exe	92
PID 320 wrote to memory of 1864	320	firefox.exe	92
PID 320 wrote to memory of 1864	320	firefox.exe	92
PID 320 wrote to memory of 1864	320	firefox.exe	92
PID 320 wrote to memory of 1864	320	firefox.exe	92
PID 320 wrote to memory of 1864	320	firefox.exe	92
PID 320 wrote to memory of 1864	320	firefox.exe	92
PID 320 wrote to memory of 1864	320	firefox.exe	92
PID 320 wrote to memory of 1864	320	firefox.exe	92
PID 320 wrote to memory of 1864	320	firefox.exe	92
PID 320 wrote to memory of 1864	320	firefox.exe	92
PID 320 wrote to memory of 1864	320	firefox.exe	92
PID 320 wrote to memory of 1864	320	firefox.exe	92
PID 320 wrote to memory of 1864	320	firefox.exe	92
PID 320 wrote to memory of 1864	320	firefox.exe	92
PID 320 wrote to memory of 1864	320	firefox.exe	92
PID 320 wrote to memory of 1864	320	firefox.exe	92
PID 320 wrote to memory of 1864	320	firefox.exe	92
PID 320 wrote to memory of 1864	320	firefox.exe	92
PID 320 wrote to memory of 1864	320	firefox.exe	92
PID 320 wrote to memory of 1864	320	firefox.exe	92
PID 320 wrote to memory of 1864	320	firefox.exe	92
PID 320 wrote to memory of 1864	320	firefox.exe	92
PID 320 wrote to memory of 1864	320	firefox.exe	92
PID 320 wrote to memory of 1864	320	firefox.exe	92
PID 320 wrote to memory of 1864	320	firefox.exe	92
PID 320 wrote to memory of 1864	320	firefox.exe	92
PID 320 wrote to memory of 1864	320	firefox.exe	92
PID 320 wrote to memory of 1864	320	firefox.exe	92
PID 320 wrote to memory of 1864	320	firefox.exe	92
PID 320 wrote to memory of 3032	320	firefox.exe	94
PID 320 wrote to memory of 3032	320	firefox.exe	94
PID 320 wrote to memory of 3032	320	firefox.exe	94
PID 320 wrote to memory of 3032	320	firefox.exe	94
PID 320 wrote to memory of 3032	320	firefox.exe	94
PID 320 wrote to memory of 3032	320	firefox.exe	94

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe
"C:\Users\Admin\AppData\Local\Temp\e855a64728d573d33d4cdf0c2cf0573c7d99db1fc1c7a3ecf2646bfbce7b78d5.exe"
1⤵
- Checks computer location settings
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2352
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2028
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://myaccount.google.com/signinoptions/password
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:320
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2032 -parentBuildID 20240401114208 -prefsHandle 1940 -prefMapHandle 1932 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {da33b0cb-38ff-41a2-a723-8c61f7c43689} 320 "\\.\pipe\gecko-crash-server-pipe.320" gpu
      4⤵
      PID:1864
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2448 -parentBuildID 20240401114208 -prefsHandle 2440 -prefMapHandle 2436 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4bb1e360-6fd3-4939-9b2e-43a9ec06a4c6} 320 "\\.\pipe\gecko-crash-server-pipe.320" socket
      4⤵
      PID:3032
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3228 -childID 1 -isForBrowser -prefsHandle 3012 -prefMapHandle 3292 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a3b19ef4-2e8d-4a1f-8883-c93392015c61} 320 "\\.\pipe\gecko-crash-server-pipe.320" tab
      4⤵
      PID:2640
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3840 -childID 2 -isForBrowser -prefsHandle 3832 -prefMapHandle 3828 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf541435-a4ff-41ac-af7c-bfc106952651} 320 "\\.\pipe\gecko-crash-server-pipe.320" tab
      4⤵
      PID:3728
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4912 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4904 -prefMapHandle 4900 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee7899d6-756a-4cb8-847e-ca6102294540} 320 "\\.\pipe\gecko-crash-server-pipe.320" utility
      4⤵
      Checks processor information in registry
      PID:5296
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5624 -childID 3 -isForBrowser -prefsHandle 5572 -prefMapHandle 5600 -prefsLen 27182 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {65c7daa9-d7df-441f-8dd2-d7f05fb28c94} 320 "\\.\pipe\gecko-crash-server-pipe.320" tab
      4⤵
      PID:6140
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5852 -childID 4 -isForBrowser -prefsHandle 5872 -prefMapHandle 5860 -prefsLen 27182 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {37a00023-62c5-41b8-be74-afc2eb3cdc4c} 320 "\\.\pipe\gecko-crash-server-pipe.320" tab
      4⤵
      PID:736
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5968 -childID 5 -isForBrowser -prefsHandle 5980 -prefMapHandle 5872 -prefsLen 27182 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {83fd847e-3fa2-4196-8c72-f9f710d1985a} 320 "\\.\pipe\gecko-crash-server-pipe.320" tab
      4⤵
      PID:2440
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6132 -childID 6 -isForBrowser -prefsHandle 6140 -prefMapHandle 5964 -prefsLen 27182 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {843837f0-4f36-4c80-a65c-25224ee56259} 320 "\\.\pipe\gecko-crash-server-pipe.320" tab
      4⤵
      PID:1756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\activity-stream.discovery_stream.json

Filesize
42KB

MD5
b0998e6502b13f88e9b93909ded6e31c

SHA1
04477b0aa95fa89d77b4603ee4c93034c2bc00e4

SHA256
6dde653606395ce7b8d47cfe4b6297248fed1e29a920ac6f09c34147e4e23843

SHA512
bcac477eb7a390f3a7889f1b64c821c17d385e38a9a63c1220848db1dfd02d11f9aa5d56a002497e85386d888c1e53b4267b35b66d7eb826a4286107895d62b2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\cache2\entries\E449899591A9BC91DFBA673EC0589B51E541A88B

Filesize
13KB

MD5
103528b910a20aa70dde51b6d1cf4b73

SHA1
96e983979f3297449b4d465cb2da144ca28fd463

SHA256
32beae10eb526aca898075af352d349e9a6747766f1af067d93b887e9c02376d

SHA512
b938b9b6ead47069ba5f39e4273c20051d9247c8a1131d8f4a79d9981ad8bdb4feb7d1a8d790e9440c1dc7dbb8cbe4aa5ec9cba4f5ee6feb73370ce85762373c

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\AlternateServices.bin

Filesize
7KB

MD5
bf1b13bc82ce1829d11ce569fcb1b880

SHA1
7b00411f7806a3d7f43b68db80c1296ac4cf4670

SHA256
ef917c39a307be7e96bf3ee71a88ce8c2daa8c4ab010c446eb48de34f392a12a

SHA512
4c698d2d33ac25b5e7bb6c1dfd216e45227811c4ccad93ac5c92ded81820e4328f83ef1b006d20df68d88e44a067a0e898ac34a2a3db0e833d39a5ffe6d8bb2c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\AlternateServices.bin

Filesize
10KB

MD5
dade7384047c042546c52b3acd4932b7

SHA1
8ac335c6c46a3ce13b901c076ea83dbe6b442521

SHA256
bb1ceadc5826b2a3c2b4fb9d8e85b6fb166544c52ba4eb38929b0d583e16b801

SHA512
8087e0ca826f8bdec72c386bd0e1a9282750893fd2039d990611ba59c32f49d914a1897d47f641d80de2cc064fba0b1906304cf5f7dd41fae8b9b30184bbd271

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\datareporting\glean\db\data.safe.tmp

Filesize
3KB

MD5
a84af35e7279fa935b1f09fac37df37f

SHA1
cc20b62223d0d3f44af8011565f128c4e3ec831f

SHA256
1bf6315c1fc1c71bbde281c89ff4b3b5c87e6e366021b70d8193605931e3c257

SHA512
9d054620001707f2485d4d511c90ff6f7edf60169b3831a30759107b0fd3d5d152d043cecbacd4609683810e18c4037328d7b23381d4d7c5677864044777a80d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\datareporting\glean\db\data.safe.tmp

Filesize
16KB

MD5
7fb31c9ddbb2aa7b3375f9395e4e5838

SHA1
aadc19e9106630ced491489e1ad3814f3b62fba7

SHA256
484c7fefcfaf42588822689c8bd07ec96cd604946e2144451054861b4adce1ac

SHA512
bcc626f9f380f0c697c9e014401cff63973974f3af265772f107ff7647f03dc3ee1d16ca05d6cbfe35a93189a56824fded16ada62691316da953b96347903b7a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
4f5d63b5dd9a5007e76b9ea14a16a42f

SHA1
bfa332a0f3a2094ce1efd5ea627d9528bbc8ffda

SHA256
092429539eecc484cf6071e4cab3be4f9534997589ca2e64555196578fbf7dd6

SHA512
8be717c867bd8e1abe855a7d3fe41067a11a8a7f7cc060dcc83a667d9024bd36d4d317415b52fc58167ffa5f9bf85368c85f489a013547f9f7efd4f19480301e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\datareporting\glean\pending_pings\18dfd410-c73e-4dbc-a09b-3b3f1ff019ac

Filesize
27KB

MD5
d7b34fa9381f0eb724432040440b5eab

SHA1
2a3c509d14a61b2ba2d1430373bdc4dae895ff65

SHA256
32d7fe3bd67468580066f105f1252ed641e36466f13043ef9568996a6f785163

SHA512
b32405da88fcfcd6b0786f45890320979106666c40dcb69e4e8e131112ba0895f3e1172a6837f13179d4d20de3ffb298bfd68790ffd39f75589d9dd60935252d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\datareporting\glean\pending_pings\49f2e81b-a5be-4f9b-87e3-737671c7706d

Filesize
671B

MD5
261ff46ef526aa7324851dca06543169

SHA1
8ca164c65d4a04d85d0787eb3a7f1f2352237df2

SHA256
ac21d7b96582d0ffd1756b9faa75d9780d7c210daf96b1597a3cbadfddad920c

SHA512
45f54f661ef6d92673fbb0bfe62773c61a3f51ed4457f6d64188f02fc7b0a4efce5255100cd20f2dd9be02c9b6c1bfa13126e6022f97d3c701c6f06ce90b5c26

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\datareporting\glean\pending_pings\d09daa32-2687-423a-b77a-eab7b0289438

Filesize
982B

MD5
37a43ec4dd3c4c8f3f132d30eba99640

SHA1
11d9b8a27fed3f4fb40be6474c2ba7c8194f2cf0

SHA256
0b33f3f9a7b3bb286b470982e726b37e034e7cb85cb641aa6f9d451355df7e25

SHA512
af99e0148b58dbfdd5d62df7804bfaba94f360195658ea34a268e214b2f2b689647c1d5a6df3bb14e58f954fb6ab7f43c60ca9b4143024de9850c57a279e2cdd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\prefs-1.js

Filesize
16KB

MD5
f0289f34847c5fc7804b56b37bcf9a29

SHA1
a943e6ed553c024e3cd5e190b1cd5dac6e1e6fa5

SHA256
b6161492f0de2872a7d594fecd1d180bd5b5f2e0e3459702cbdaba62d7b27893

SHA512
bf795792ad524c02545ce231424c268195d5aa0eaaf38059a15d83a8fb209c3b907ad19bbe967054e35b83b4e80426ef155ec553b143edeebe75d60441b6a67e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\prefs.js

Filesize
11KB

MD5
3b2c7b3d222ce5596b77a63268358228

SHA1
bcbedcf94eeef2aa08b137338a3aa38a7c1f53dd

SHA256
be252da6a16d731d36d53631f2323694e9dee01ec1c0426504ec0a50930f06ac

SHA512
175cd0330402e70db28d4dd34b58845da20663c2d88451959d10c152d92bfcf72da5c190166043f01979c2a42a5e2d44b63a000f3debeaefc4d907858fbd920e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\prefs.js

Filesize
11KB

MD5
761ad46ed932918b75ab1cd24e8316bc

SHA1
62ac47be76ef6169caca8f7d3aabe4b76d788155

SHA256
6e1151f14a4eb0a3b62de58690b3aec0ee59e154e33ece572df6588900a88859

SHA512
a41ab70012a7afddf6b1422634bc124cda4b9160ef73b2508f3501516b7598f54d31ca6fdc0aa77aada7a3a0ca88f6055a137961167e56869130d9bdc222b659

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\prefs.js

Filesize
11KB

MD5
0d7a38c5221597b9b4c290e78f50c338

SHA1
80efd4dedbc1a99bce2d712c69a57c538e84d032

SHA256
c5844324a93b96e63e04557c800809d11440b0ee329afddfb4f6c71c2f2d1f89

SHA512
1d9565cde11d7dab816a2eee6988fd634bcbea2cd31fff6354e0306a06d0c7e5fec1d0aa1542308e516581f2e0f420e49bdc30d10b251a563a723514c2c3cec6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5r4i2p4s.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.3MB

MD5
c59a0627702f366e8e4b4141fb2d4ab0

SHA1
4212f06f9a937b7ee66e8ff0aa4483fee4a22459

SHA256
bdb8bdfc19516ede4e5584deb9344afdae3a208e718960a3d48e5ddce9756e1c

SHA512
ecb2bc4df20e19f928b41cdc7ef24ad3bbae9eba974dc0c9836fdca630b80fcaf5b828c78a9f594f5208ffccd29cb1702286be33efdf27c511db9d5028962b2a

Download Submit
memory/2352-1-0x00000000FF630000-0x00000000FFA01000-memory.dmp

Filesize
3.8MB

Download
memory/2352-2486-0x0000000000F20000-0x0000000001A05000-memory.dmp

Filesize
10.9MB

Download
memory/2352-2-0x0000000077372000-0x0000000077373000-memory.dmp

Filesize
4KB

Download
memory/2352-0-0x0000000000F20000-0x0000000001A05000-memory.dmp

Filesize
10.9MB

Download
memory/2352-363-0x0000000000F20000-0x0000000001A05000-memory.dmp

Filesize
10.9MB

Download
memory/2352-352-0x0000000000F20000-0x0000000001A05000-memory.dmp

Filesize
10.9MB

Download
memory/2352-369-0x00000000FF630000-0x00000000FFA01000-memory.dmp

Filesize
3.8MB

Download
memory/2352-364-0x0000000000F20000-0x0000000001A05000-memory.dmp

Filesize
10.9MB

Download
memory/2352-1417-0x0000000000F20000-0x0000000001A05000-memory.dmp

Filesize
10.9MB

Download
memory/2352-425-0x0000000000F20000-0x0000000001A05000-memory.dmp

Filesize
10.9MB

Download
memory/2352-2487-0x0000000000F20000-0x0000000001A05000-memory.dmp

Filesize
10.9MB

Download
memory/2352-2494-0x0000000000F20000-0x0000000001A05000-memory.dmp

Filesize
10.9MB

Download
memory/2352-2495-0x0000000000F20000-0x0000000001A05000-memory.dmp

Filesize
10.9MB

Download
memory/2352-2496-0x0000000000F20000-0x0000000001A05000-memory.dmp

Filesize
10.9MB

Download
memory/2352-2497-0x0000000000F20000-0x0000000001A05000-memory.dmp

Filesize
10.9MB

Download
memory/2352-2498-0x0000000000F20000-0x0000000001A05000-memory.dmp

Filesize
10.9MB

Download
memory/2352-2499-0x0000000000F20000-0x0000000001A05000-memory.dmp

Filesize
10.9MB

Download
memory/2352-2505-0x0000000000F20000-0x0000000001A05000-memory.dmp

Filesize
10.9MB

Download
memory/2352-2506-0x0000000000F20000-0x0000000001A05000-memory.dmp

Filesize
10.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads