5001f73bf27e0507fe9a7dac37293f3ba4959fb147a00829163ff219256da294

Resubmissions

03/09/2024, 07:58

240903-jt29vasfle 10

03/09/2024, 07:55

240903-jsfdpa1flm 5

03/09/2024, 05:48

240903-ghfklazejh 5

Analysis

max time kernel
149s
max time network
146s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
03/09/2024, 07:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NOTA CREDITO FACTURA FECG-36060.msg
Size

77KB
MD5

b197979f2689f810030171a5721dfd2f
SHA1

f2c11d73ed520e25738582f29362b6ebf77a2c1d
SHA256

5001f73bf27e0507fe9a7dac37293f3ba4959fb147a00829163ff219256da294
SHA512

e799518669e2c6ca1306a59053559e64f64eeb7781bd207c6be7c5da7385eefe7fddb4f4bab6e379e12d4b5ee66e41ee6c083034be8fd732cc66a7d26b97df1e
SSDEEP

1536:2HRfzfgBjIL2lWBzEkKW4XvSmURjrIb2kWXDi1k:uRLmK2cokEXvSmIa29i1

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 14 IoCs

description	ioc	Process
File created	C:\Windows\system32\perfh010.dat	OUTLOOK.EXE
File opened for modification	C:\Windows\SysWOW64\PerfStringBackup.INI	OUTLOOK.EXE
File created	C:\Windows\system32\perfc007.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfc00A.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfh00C.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfh011.dat	OUTLOOK.EXE
File created	C:\Windows\SysWOW64\PerfStringBackup.TMP	OUTLOOK.EXE
File created	C:\Windows\system32\perfc009.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfc00C.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfc010.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfh007.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfh009.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfh00A.dat	OUTLOOK.EXE
File created	C:\Windows\system32\perfc011.dat	OUTLOOK.EXE

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\inf\Outlook\outlperf.h	OUTLOOK.EXE
File opened for modification	C:\Windows\inf\Outlook\outlperf.h	OUTLOOK.EXE
File created	C:\Windows\inf\Outlook\0009\outlperf.ini	OUTLOOK.EXE

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OUTLOOK.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Checks processor information in registry 2 TTPs 24 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\PhishingFilter	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = 3037eec1d6fdda01	iexplore.exe

Modifies Internet Explorer settings 1 TTPs 39 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{F9AE7631-69C9-11EF-A839-E6BAD4272658} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	OUTLOOK.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 803eddd0d6fdda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	OUTLOOK.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e337bacba951544a9a832c52e69bfb0000000000020000000000106600000001000020000000022339a0a027ac4fa62f7375b1077877478166b84427eeaa09bf6fca09a523a6000000000e8000000002000020000000a5169855cb74de58163f796389018d51e92aa257a0d1d605db0847ba830fd9959000000059dd7b21daaa1e94d612b570385d580310641b9fd8b2fc7b5c11c823881b992dd09c50f2b7395fdd239724560a85c5151a22bd0920d15d49bf265bca10be82e1bbb30c21c3d9f6a8f14fc99f58351ac24aae2f17b2942c53db789803e850691d9f67419fb2dcf1d40dc5d6050e8e4b8232086e8edd5a1fc9f29dce869f29a2a579e16f3bdb6124c61fba1f13a67442ac40000000161146832a24ddf0e683ffcb499effff1e04ebdb1f02077b78885265266e16086e0e8a6f19cd268f69497fd9deaa1d533d101dcac7f6061c53dfcc4f970eb337	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "431512035"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	OUTLOOK.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e337bacba951544a9a832c52e69bfb000000000002000000000010660000000100002000000050dd100ff640ae3ceb139955ce2f78ec7f4a349fd58d20b15eea8e5ea95fb52a000000000e8000000002000020000000d07319ac68bb785d4531f9158145714f3541c09c50d9cf44a9c61de692b51ef320000000f4e75fc659ba71f4a11ec99021a1c66eda567362942bc4e5fdc586d7f070f0ce40000000c733fe0db58c9c1ef2656a60e1a9e6d294e35f87df3fa8ee04b669734d9554341efe65b490008deaef3c01205c35b2fc5ee43c4d74d5600879338a31c920897f	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE

Modifies registry class 6 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Charset	OUTLOOK.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Codepage	OUTLOOK.EXE
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_Classes\Local Settings	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_Classes\Local Settings	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\0001222365589556623514578484512245784452.tar.gz:Zone.Identifier	firefox.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
3936	NOTEPAD.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2560	OUTLOOK.EXE

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	1828	firefox.exe
Token: SeDebugPrivilege	1828	firefox.exe
Token: SeDebugPrivilege	1828	firefox.exe

Suspicious use of FindShellTrayWindow 8 IoCs

pid	Process
2560	OUTLOOK.EXE
2152	iexplore.exe
2152	iexplore.exe
1828	firefox.exe
1828	firefox.exe
1828	firefox.exe
1828	firefox.exe
2152	iexplore.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
1828	firefox.exe
1828	firefox.exe
1828	firefox.exe

Suspicious use of SetWindowsHookEx 39 IoCs

pid	Process
2560	OUTLOOK.EXE
2560	OUTLOOK.EXE
2560	OUTLOOK.EXE
2560	OUTLOOK.EXE
2560	OUTLOOK.EXE
2560	OUTLOOK.EXE
2560	OUTLOOK.EXE
2560	OUTLOOK.EXE
2560	OUTLOOK.EXE
2560	OUTLOOK.EXE
2560	OUTLOOK.EXE
2560	OUTLOOK.EXE
2560	OUTLOOK.EXE
2560	OUTLOOK.EXE
2560	OUTLOOK.EXE
2560	OUTLOOK.EXE
2560	OUTLOOK.EXE
2560	OUTLOOK.EXE
2560	OUTLOOK.EXE
2560	OUTLOOK.EXE
2560	OUTLOOK.EXE
2152	iexplore.exe
2152	iexplore.exe
2172	IEXPLORE.EXE
2172	IEXPLORE.EXE
2560	OUTLOOK.EXE
2172	IEXPLORE.EXE
2172	IEXPLORE.EXE
1828	firefox.exe
1828	firefox.exe
1828	firefox.exe
1828	firefox.exe
1828	firefox.exe
1828	firefox.exe
1828	firefox.exe
1828	firefox.exe
1828	firefox.exe
2172	IEXPLORE.EXE
2172	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2560 wrote to memory of 2152	2560	OUTLOOK.EXE	31
PID 2560 wrote to memory of 2152	2560	OUTLOOK.EXE	31
PID 2560 wrote to memory of 2152	2560	OUTLOOK.EXE	31
PID 2560 wrote to memory of 2152	2560	OUTLOOK.EXE	31
PID 2152 wrote to memory of 2172	2152	iexplore.exe	32
PID 2152 wrote to memory of 2172	2152	iexplore.exe	32
PID 2152 wrote to memory of 2172	2152	iexplore.exe	32
PID 2152 wrote to memory of 2172	2152	iexplore.exe	32
PID 2152 wrote to memory of 548	2152	iexplore.exe	34
PID 2152 wrote to memory of 548	2152	iexplore.exe	34
PID 2152 wrote to memory of 548	2152	iexplore.exe	34
PID 548 wrote to memory of 2372	548	rundll32.exe	35
PID 548 wrote to memory of 2372	548	rundll32.exe	35
PID 548 wrote to memory of 2372	548	rundll32.exe	35
PID 2372 wrote to memory of 1360	2372	rundll32.exe	36
PID 2372 wrote to memory of 1360	2372	rundll32.exe	36
PID 2372 wrote to memory of 1360	2372	rundll32.exe	36
PID 1360 wrote to memory of 1828	1360	firefox.exe	37
PID 1360 wrote to memory of 1828	1360	firefox.exe	37
PID 1360 wrote to memory of 1828	1360	firefox.exe	37
PID 1360 wrote to memory of 1828	1360	firefox.exe	37
PID 1360 wrote to memory of 1828	1360	firefox.exe	37
PID 1360 wrote to memory of 1828	1360	firefox.exe	37
PID 1360 wrote to memory of 1828	1360	firefox.exe	37
PID 1360 wrote to memory of 1828	1360	firefox.exe	37
PID 1360 wrote to memory of 1828	1360	firefox.exe	37
PID 1360 wrote to memory of 1828	1360	firefox.exe	37
PID 1360 wrote to memory of 1828	1360	firefox.exe	37
PID 1360 wrote to memory of 1828	1360	firefox.exe	37
PID 1828 wrote to memory of 1976	1828	firefox.exe	38
PID 1828 wrote to memory of 1976	1828	firefox.exe	38
PID 1828 wrote to memory of 1976	1828	firefox.exe	38
PID 1828 wrote to memory of 1992	1828	firefox.exe	39
PID 1828 wrote to memory of 1992	1828	firefox.exe	39
PID 1828 wrote to memory of 1992	1828	firefox.exe	39
PID 1828 wrote to memory of 1992	1828	firefox.exe	39
PID 1828 wrote to memory of 1992	1828	firefox.exe	39
PID 1828 wrote to memory of 1992	1828	firefox.exe	39
PID 1828 wrote to memory of 1992	1828	firefox.exe	39
PID 1828 wrote to memory of 1992	1828	firefox.exe	39
PID 1828 wrote to memory of 1992	1828	firefox.exe	39
PID 1828 wrote to memory of 1992	1828	firefox.exe	39
PID 1828 wrote to memory of 1992	1828	firefox.exe	39
PID 1828 wrote to memory of 1992	1828	firefox.exe	39
PID 1828 wrote to memory of 1992	1828	firefox.exe	39
PID 1828 wrote to memory of 1992	1828	firefox.exe	39
PID 1828 wrote to memory of 1992	1828	firefox.exe	39
PID 1828 wrote to memory of 1992	1828	firefox.exe	39
PID 1828 wrote to memory of 1992	1828	firefox.exe	39
PID 1828 wrote to memory of 1992	1828	firefox.exe	39
PID 1828 wrote to memory of 1992	1828	firefox.exe	39
PID 1828 wrote to memory of 1992	1828	firefox.exe	39
PID 1828 wrote to memory of 1992	1828	firefox.exe	39
PID 1828 wrote to memory of 1992	1828	firefox.exe	39
PID 1828 wrote to memory of 1992	1828	firefox.exe	39
PID 1828 wrote to memory of 1992	1828	firefox.exe	39
PID 1828 wrote to memory of 1992	1828	firefox.exe	39
PID 1828 wrote to memory of 1992	1828	firefox.exe	39
PID 1828 wrote to memory of 1992	1828	firefox.exe	39
PID 1828 wrote to memory of 1992	1828	firefox.exe	39
PID 1828 wrote to memory of 1992	1828	firefox.exe	39
PID 1828 wrote to memory of 1992	1828	firefox.exe	39
PID 1828 wrote to memory of 1992	1828	firefox.exe	39
PID 1828 wrote to memory of 1992	1828	firefox.exe	39

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE" /f "C:\Users\Admin\AppData\Local\Temp\NOTA CREDITO FACTURA FECG-36060.msg"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2560
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.google.com%2Fuc%3Fexport%3Ddownload%26id%3D1SDKzVX8CnQi3u88rp8cCi-GoR6rjct2w&data=05%7C02%7Cramon.ramirez%40adres.gov.co%7Cc5f30a40488c4f2b6e8208dcc1f2dcfc%7C806240d03ba34102984c4f5d6f1b3bc4%7C0%7C0%7C638598496087858129%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C40000%7C%7C%7C&sdata=S%2BZM4EyJUMcD52JnUnJ66drDwJqC2SkCPROXf7hkrDA%3D&reserved=0
  2⤵
  - Modifies Internet Explorer Phishing Filter
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2152
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2152 CREDAT:275457 /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2172
- - C:\Windows\system32\rundll32.exe
    "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WHDSWW5V\0001222365589556623514578484512245784452.tar.gz
    3⤵
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:548
  - - C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WHDSWW5V\0001222365589556623514578484512245784452.tar.gz
      4⤵
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:2372
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WHDSWW5V\0001222365589556623514578484512245784452.tar.gz"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:1360
      - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WHDSWW5V\0001222365589556623514578484512245784452.tar.gz"
        6⤵
        Checks processor information in registry
        Modifies registry class
        NTFS ADS
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1828
        
        C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1828.0.366217984\1504601818" -parentBuildID 20221007134813 -prefsHandle 1272 -prefMapHandle 1264 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7207809c-b03c-46df-b1cb-b2cdc97c70a3} 1828 "\\.\pipe\gecko-crash-server-pipe.1828" 1372 11ad3e58 gpu
        7⤵
        
        PID:1976
        
        C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1828.1.1040996966\721305019" -parentBuildID 20221007134813 -prefsHandle 1524 -prefMapHandle 1520 -prefsLen 21708 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {01e61706-0e2d-46a2-bde1-1b07d587fc1c} 1828 "\\.\pipe\gecko-crash-server-pipe.1828" 1536 e73f58 socket
        7⤵
        
        PID:1992
        
        C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1828.2.972067416\1087212841" -childID 1 -isForBrowser -prefsHandle 2076 -prefMapHandle 2072 -prefsLen 21746 -prefMapSize 233444 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {42b8c6ef-a51d-40a0-bc45-5baa164c6614} 1828 "\\.\pipe\gecko-crash-server-pipe.1828" 2088 11a5fd58 tab
        7⤵
        
        PID:2440
        
        C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1828.3.1592001532\347331452" -childID 2 -isForBrowser -prefsHandle 2596 -prefMapHandle 2592 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {055bf933-a71d-44f8-9c7f-67c1b02435c1} 1828 "\\.\pipe\gecko-crash-server-pipe.1828" 2608 e70558 tab
        7⤵
        
        PID:2752
        
        C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1828.4.188685437\423653934" -childID 3 -isForBrowser -prefsHandle 1072 -prefMapHandle 2040 -prefsLen 26450 -prefMapSize 233444 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f51ae67-f765-4b6c-a026-839a2df8f4d4} 1828 "\\.\pipe\gecko-crash-server-pipe.1828" 3648 20987358 tab
        7⤵
        
        PID:2640
        
        C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1828.5.147465091\1982501461" -childID 4 -isForBrowser -prefsHandle 4004 -prefMapHandle 4008 -prefsLen 26450 -prefMapSize 233444 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c797d9e8-2f2a-486d-b635-0fe420ffc302} 1828 "\\.\pipe\gecko-crash-server-pipe.1828" 3984 20987958 tab
        7⤵
        
        PID:2284
        
        C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1828.6.1549043074\555740766" -childID 5 -isForBrowser -prefsHandle 4192 -prefMapHandle 4196 -prefsLen 26450 -prefMapSize 233444 -jsInitHandle 864 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {12189aa2-765f-4807-8afb-79a465b34f7b} 1828 "\\.\pipe\gecko-crash-server-pipe.1828" 4180 209e9258 tab
        7⤵
        
        PID:1816

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\0001222365589556623514578484512245784452.tar.gz"
1⤵
PID:1756
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\0001222365589556623514578484512245784452.tar.gz
  2⤵
  - Checks processor information in registry
  PID:1680

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\0001222365589556623514578484512245784452.tar.gz"
1⤵
PID:2632
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\0001222365589556623514578484512245784452.tar.gz
  2⤵
  - Checks processor information in registry
  PID:1340

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\0001222365589556623514578484512245784452.tar.gz"
1⤵
PID:380
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\0001222365589556623514578484512245784452.tar.gz
  2⤵
  - Checks processor information in registry
  PID:2296

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\0001222365589556623514578484512245784452.tar.gz
1⤵
- Opens file in notepad (likely ransom note)
PID:3936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
bf511594e3e725571bd033b559415d04

SHA1
c3f5e2eaeac3165e31be33e9e8bbf218461faaae

SHA256
b2cee36520fea0ce8a46c5b536989c4861526b035fa600c19113e1ea99bc2dc4

SHA512
745102fcd72a438e626cdcb73362668934735951b7f5d31508af4132bfe4e0d2517d91f36dd638c0480c1a1eca94e50608ff4c7aadc571644e127d781d3cb264

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a2f679dafde58c2d060b46e0332a5c60

SHA1
f7cff0d2b000a345225578377b48ae1df48993df

SHA256
f85aaa68d68123c381aa3dfecea0465253ae2474f27de00ef6d519dd60323585

SHA512
cc24e60fdb29712d10bbfe3c5836981a002c6726ef368feab874d45c83c97c89f58bb2c50177efed89e8805bc23f99e6473760a7a0f92787ce82d58db0611ddd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9a577b827d5905fe79b7188cbc73d798

SHA1
17d131ea783d7b5db30bc743e98940f543700faf

SHA256
1583aeaaa10c4b4bf485dd51446584ca0e971aa3ee0f065aeeff1cbcc5b46dcf

SHA512
49a3ae6f27d921c81321d6371359032c4e4bda83df20308eec8ea96724ad814ca0b907bfe8b8b834675a19f5cc904462b50fabcf960faa94944eff2b34212f30

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a1c735db0e6bedae0da6a5598898acda

SHA1
c8a08090904e06009871f39e4fd6b36e6f7afe70

SHA256
1cc37403457f1f47c1a765efb2cb2ac028539a1638b9a3e653ff9b136239e3a3

SHA512
7843c85c0707809979eaf7536a1d8b111ae2807c3c612200b92b4783aca13453c79c72df076617e754f5f4e07d966837780869989c7eb6fc49240b00b486e655

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cfc3de34eec00e2db5babe4cb812c824

SHA1
64cd3d49bbebd35b122ca54de460afae907deaf1

SHA256
7e1bf4f2a6dd0613b4dafd4c8131be8a14834d8e4e2af43dfa968ec81fe201f8

SHA512
df650c17918c2f342f61f45acc27a1a9cc95ce3ecd255209905e114d54408ee570bfead6d7c57bc013b8f348211d3d86248f6a68a7cf6091c1457e571e6aa768

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
143fff15dcc5bc05173b87c712a7a082

SHA1
32d59b159a6734a04429715e7d86bcd8b6614e2d

SHA256
1769295950d5b657c6dd79ad2ea059506d47f23fa3d745cbcf2a45e85cb4276a

SHA512
3a16a0aeb4be3669db5b9ff88dd6e091bfeb10979fd603d3de7b97c7eeea90edfe79169dbab075386f82da1afdc934792be52247b7cc28741d710526881d0722

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eab3f687555de0feb30a3d6b945c6e8f

SHA1
3d5da0a1b8de7ca1acb37152a8ee3d1a7ce35b8a

SHA256
0201d6bfe44c71629d7bfb07507a321c83304e9d333a363e63cdc326a3f2c52e

SHA512
162bab84a64ed74af3f15ce816f7bc9f54ead56594874be60b99451d927b2f4720b9a8f77b2d71b7f0d6b6be0815c841204eead52445fb8f367d9717511bf778

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
57e9f69e50ed562825f9d79361d3af96

SHA1
ebc41840b8ce90172d6cf776267633cf34351c60

SHA256
3e27de0a286545b6136c437eec33402a037bdce0fb0acd40f5132c7740973c27

SHA512
bffdcc2653dc414e9f6a2ee441df5e50112fed3bf6221107f92e05110fcdcdd49b2065c46accda44e206553e037b164918dc100a262014b7491f07b599a970e3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2dfbf8ccc58d5e1045b385a00c826905

SHA1
7d1b011ce41360c2527801a17e680de6a1100c66

SHA256
32a1f9dea30ec46fec972975985730810a3618f8b933b0226e3313c6ca2aee5c

SHA512
ab7a370b142bb5399c75a59efa7917d660199fbbab41e0971e8045ed968646647d5fd67072454685958249d5330ea7e5629378ccf5a3250985b838eb7285beb1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d968f4107db28327ab8cd1c19b816fe1

SHA1
c9b558a4141a40de7b47e9d2761ec94460c64990

SHA256
71a0dcca73b5807794f2a61dfe79941fd3b3747ac70f8843817153a111afcd4a

SHA512
5a9c7a9e3dbd9ba7ada4dee4a8ec65fe4e37eb09af4cb1112caa80f5a0b35279ddc1ab4313c249bf105c29f1dc9904b5c419b3179654ef2eb09f743764e0bd7e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
92409dc7c89b46f41e2f093955b20181

SHA1
0e0c7ae3ee634ecb84ae789e815b6604cfd1146e

SHA256
161cea8f7f292dfd6b6aebecce7751a6b48512abec54cfe8b692484bb8e9f216

SHA512
30947e529652c15522dcbd04d755908b9a4fea2dcd78f536acb53d7c48dcf1e79334700b30dd309388d2cd991a9f8e0cb9ebeaf9ecd4ba1d26e7559a35aae695

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b3fb876b597201d0f506a1c9befc9af0

SHA1
232f4b265727afa43e84df2c488da8130a5a4b32

SHA256
e893537082237398ede5b8dda359ab896a04c7630c049e55fdd8bdee5c089cea

SHA512
b98507ae7d2b1f57f1146c8465024e802c1dfea0f6a3106b40f6494b74ba8685ed7a59dff40b07e020eeb2a7692fe73c39856c6dc4bade3bc4efd8197c5b212f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ed57ae0a7c67375b2ec4ae84fff31025

SHA1
d98651408cbe3827b0702d6624c8e9d3f18c2602

SHA256
0a6c5b854a3d00349c05a6dd07f2ac0cf60faf94892b97351ac441d6595bac70

SHA512
3a9044094cbe0f4cb0044e6f5c04e8e791c53b38a37a4295f45495c3cf7669c80f5f62b19b11b8fd0b85353619e57f549ccbfb957585ad74201b844ab75fa437

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
76d5d279b95f33792c55ca7a221fb288

SHA1
19d76ed74f1e5f811fc3b69fcecda55b10fd304e

SHA256
c19a204319a7b8e622f03cb7715cd6e782d000edc777a5acd77d92f5ed119192

SHA512
529d12c7056d8cb37b6760daa5334a3a39b5fb234b0d8e7123615e53fbd988bf6dfe7cb8f4ea31c2a4c2f9d1f76fda0795a8b2a8acfb33085322312a9a722d47

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a654db5870243209f3138fd5ace60efb

SHA1
da0bd9d87bd14aa6e303041c31fecf6a803352cf

SHA256
2a5b4725eeabdd832bc14ead43bf1ac0d7f27beea859be3bdb1ee6cde6e2bb1b

SHA512
7bb5dfd84ef5bbfd9f90bba70e80b450f306dcdbac977716e61c0050ec173869af6f1c8ea7488a9f2ce0d210e960ba01153b4e01d484e496f08b16dd225dc1a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
10319912ef55b687baf230e3dc49d624

SHA1
d411ad878c0a70ad58b6ace9bb705e710d4d250a

SHA256
c8705db317b27b34d27c3f03b0deb2fa47209467f6a2fb860b680589271fd164

SHA512
77974e5870535bfcf4f831bec074a74a75d0abd9cb8f290fc9e8aa976e38b4136f1b50552ad16671b09b14f7b406259836bb87244796d8a2425d04ad31d1de49

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1331df1ef0f267b2f9d54d9e89da3cd0

SHA1
ef2bd0d4943dadaa25eaaf4dc62d3e30638ee872

SHA256
ff286500d4ad6dc6f6552948e00e1da1ff1a2f11ceabcf45da4d58120630293b

SHA512
c4fbf3f613636097c58be7f7350dded723f4b05451fd4898465f5d1df2309df34f4c73e11aa7468a2a0aeeea0bd1cd5e70c0742b1a694d2b5a8e5da0a07ab6a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e10467377f04246f3c871e4d21b6daf5

SHA1
7efef624ce343567dabb161d465d402c03f830a6

SHA256
bd7e5c22b9075bb49a6bed00d08e9e3beb300db50e1652e3c4f14f6a1f840796

SHA512
0772b24fc9ba209af0ed08c188dbe21b50da04fe0add62ad60643679c67bdf4a1712e28c297a624c3900a240e0228cab2eb2a4d1768526b91ea54a00252f8e83

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
66b45587487c68e246a434f76ceb9526

SHA1
d8d2dc82420d9d5359530ae221a1b181b739c29f

SHA256
0adfaec5f180b8181dd1e82f6dc4413692b6f72450532edf53954d0ea0b47629

SHA512
fa639b3b56e02b3eeecffb1c1a89ab8c783f01d6ad02a2031cd6938b7da9d85b3c23155e555c6666d94f082b0386fe51b8037379e2c47faa01bbf55358ce124f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c03a3db9712a95caa00743b41d6b08e4

SHA1
959aa0c3ad0e91ac0116307251c9856c9a858f45

SHA256
ff60e6a080e22d73310d601e99dbb253a80596de04c7cf038577b843cf573e34

SHA512
70cd2fb7b3b13f6cc890b840d437076d1c1af7945647c8fae8f2b5828e0ff48bf36ef685e8f7b911c9e4baf5fae02c2df8583c90712af0a0cfb7cd094bca4ccd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b0d754c2f2c03ab2f8b660f9eeb79305

SHA1
1f1c473efc0c3fb0a4e2cc92dec8590eccd8ac8c

SHA256
593660a07b82df0d63fd065b0da0ee3cd6dc439655e0ceabe15f4c922aa6583e

SHA512
5869a17dfe9da3fd21f90721556013a6c3ce2261eb9478c0eebd16b5bef9908a107e881cea8d0df45518eb469a8c1e614ec0211a2da89c90930e7b9ef4f6c71a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
733463075c1d29bc9051baeada7ad3e1

SHA1
bcd648ba5a78b97dc5b37d1a1b8def36866bde9a

SHA256
e1daba70fbd5b421eba7ec1a763079fe0a901883f826f5d7010ed83ff36ee151

SHA512
479ec5ee2745587f45e6c2f20b406b00a8211fb415b2bb6c1e8e26a8f3ae819f54ce5e555e59d0d5d20d1d38ecfe60d6ba9ab34e00be2c9e6430419f3cac21d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

Filesize
240KB

MD5
8b9470b2dbd5e06d9dbbe9882f436e74

SHA1
12e0e8378e4bbc46d62d5031b1d5af80f9c5365e

SHA256
0768dad4ca0c55adc54d85c55808e3b6fd8977ec395e3d22a827629a20607921

SHA512
b12efbcb4aeaa36d9b7808d8bd9c0281465d3094c5ab34a33d5effc10b0e0f0de67d1f440b8df127823b411bc4984a5b2fc9df699ff952b945904aa12d7ac206

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\ivwlua0\imagestore.dat

Filesize
1KB

MD5
5179dcc6ec90e4e3564dc72722007ba9

SHA1
4595501402a644c1c4da5ee3b5453a49c83b2d4a

SHA256
81e3dac7e01a08cb4a0dfe1ac42d46c1625b165fa69b8164178e38ef527803a0

SHA512
29d2d9e8e171cdf7149b115922cdd0c8801f303890bb93c98f50619011dd5f048f1415c67d5e9375f8b37db2a90c78cce37cd579023880e81b6bdca40b4e7487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Outlook\mapisvc.inf

Filesize
1KB

MD5
48dd6cae43ce26b992c35799fcd76898

SHA1
8e600544df0250da7d634599ce6ee50da11c0355

SHA256
7bfe1f3691e2b4fb4d61fbf5e9f7782fbe49da1342dbd32201c2cc8e540dbd1a

SHA512
c1b9322c900f5be0ad166ddcfec9146918fb2589a17607d61490fd816602123f3af310a3e6d98a37d16000d4acbbcd599236f03c3c7f9376aeba7a489b329f31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6XUZ2JLF\0001222365589556623514578484512245784452.tar[1].gz

Filesize
1.4MB

MD5
faef59f8573d911c67eccf47edbab74c

SHA1
eb2cccd011a79aedee57d442e616f502b16b42df

SHA256
cc954e90f5da21ad92ddea419a2a2520ebee6bc02275588b529e6a426e573428

SHA512
4c573cca69f9431fc49160099178f1cbbab4d27d8641d7b47e2e462f0283c177c5b10360620b747b92e4f3d2f642c5c2cbd059bc5186dea62ebf52584490c2f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6XUZ2JLF\drive_2022q3_32dp[1].png

Filesize
1KB

MD5
c66f20f2e39eb2f6a0a4cdbe0d955e5f

SHA1
575ef086ce461e0ef83662e3acb3c1a789ebb0a8

SHA256
2ab9cd0ffdddf7bf060620ae328fe626bfa2c004739adedb74ec894faf9bee31

SHA512
b9c44a2113fb078d83e968dc0af2e78995bb6dd4ca25abff31e9ab180849c5de3036b69931cca295ac64155d5b168b634e35b7699f3fe65d4a30e9058a2639bd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\activity-stream.discovery_stream.json.tmp

Filesize
36KB

MD5
fb7745c3cea871684646bb4915667c64

SHA1
34be6ac34ea29b7ad4705260fd45ba91fa82981b

SHA256
5982f55c65e4dab71c237909ec436e70a68f9d6ee8c865655eade7c985d0302f

SHA512
79d68fb362af4f7f10a60f827712de9f3c0e86877c2ce53c82ca6f52d4b08e9347e588ab89078dd7f524a97879d7bcdcbb60b26cc65f745973d9f272da71343a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\58EFA56DB4BFFECB0EDA547894BC9A057159E22F

Filesize
13KB

MD5
c331a9e059045bc1c8baa6ea06d357de

SHA1
220242ca1b13f1b335d2a5cf5ee361d77edb2aec

SHA256
37afbf3cc0a98f47875c01c83d1a8b7b2aa60ad7915a09acdb4ce096c0b5df84

SHA512
7691b20f235931fac9498460e4fb2ed54c6f5265860491531b5c5795e56ef7922b80fc01ee58a3212ecbf092742c4a13b7affc507ab4ff8e8c3162b4033a115e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\39ptzwfm.default-release\cache2\entries\F8CBD54DDA10F4286A41EC6A537240712D6C2308

Filesize
9KB

MD5
f964eff552b48447008822ecc1b86a70

SHA1
3268fc9725c2d1421cd0a673ac8e2a9f06a14055

SHA256
842f9b35444e30b97fae8301a825d05f1d9788a63ee9dffe9295e8efc1d59118

SHA512
8880b8be1bb3a2dbd4f5c5c67ddce2b927b5c952585c853c9e3059f5e5d8654fe8109d7aa70edf9a2aedec6765b4f3f75913931504f2d726a6e95ce42bc816e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF44F.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar18B1.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Local\Temp\{262CC7F8-E197-43FF-8FBD-63612437E6ED}.html

Filesize
6KB

MD5
adf3db405fe75820ba7ddc92dc3c54fb

SHA1
af664360e136fd5af829fd7f297eb493a2928d60

SHA256
4c73525d8b563d65a16dee49c4fd6af4a52852d3e8f579c0fb2f9bb1da83e476

SHA512
69de07622b0422d86f7960579b15b3f2e4d4b4e92c6e5fcc7e7e0b8c64075c3609aa6e5152beec13f9950ed68330939f6827df26525fc6520628226f598b7a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
a4fd958055ae19121e3858096fe37740

SHA1
a6915f2e5883f7404ec4aa3baab742ee68237e45

SHA256
56cd12478ca50180331632cd58592d91c5a5efd3b4038883c0353d2d75720930

SHA512
6370ac540089c5956fd8f86cded2568d6bcb0ba00c69ca408a9f44fb0465eb812192852d5093fb937c73d1eed47caaa073ef4d7cbfca725c8b118d52ceae2ba5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\datareporting\glean\pending_pings\9eccabcf-7543-4662-9c53-5a7b7821f893

Filesize
745B

MD5
6caf9030f0807137461bb624494a426a

SHA1
303172367d8130ea48356e7a8f396d16187ad671

SHA256
78ee6adf052ed2920d7984e52c2b6dce3182b1857d23806ca405c8dfa0e0c972

SHA512
147d67bd68125205f605f798699ec3965b9a81d572891c3867cb13cce7128b798023aa32d98f50b1c533a71b2e0fb38a87d0a697a2a07cae1ee8c0c8e56cca47

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\datareporting\glean\pending_pings\b7b7f103-1dcb-4ce5-98c5-e05f4dd47732

Filesize
12KB

MD5
add726c3e84347bf2759cb32ca867bd6

SHA1
5460bb006ea441d90f8998729258fb9c7b3c7c02

SHA256
71140c803356a09cc65c44e9d58f08763352613b4b9653677e403c33d3f87bc9

SHA512
5f46103017643a8b7284dccf393ba19566b917b2155a280065fd6587f74675728eba6f0fa4a441566fdf2440e9f441536ff25f13962ea69e9f777ae93866cb2c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\handlers.json.tmp

Filesize
464B

MD5
d0afda1db066c698b08be80bb0e0da83

SHA1
10684b3f3e84f3949e017a05f377f9591b516f25

SHA256
b926e49980d2165548097f0b49751162e05d3855fccc6c7ac4bcf27c587de5c7

SHA512
b82b620e73af4fde6eeec4cca12875f70d30222b6455860909aef14d546d096d39afe7211d6c366adaaab4e3b5d0164b05772f7d8b28434e5533b3502e3ce297

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\prefs-1.js

Filesize
6KB

MD5
ff69dc17d53cf4f216f0eba88fb66543

SHA1
5c1b1cab6140ae970790581e57de6e769a9a05ab

SHA256
5614fe829465cb8e7ffcf8b92aff4ac4e4f610484c09996b7e9a3ce0b382c0c7

SHA512
51e8fbf2fa9a5b144122da749f03c0c05e42dbb59b6d0ec6ec68404d4a412765a22d434ed2dd3fe225dca022245c519f8df32ce70d7b6162d5b70bc920b11f97

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\prefs-1.js

Filesize
8KB

MD5
6e372912b8667c4c87e25805871d4aa8

SHA1
a094d8e3c02a845cc1abd630a8c5eae391be7319

SHA256
aaa9ebd1b2d9c4853eea963255fe49f9b356ef97054850a3e1963915a4158760

SHA512
be6ac7308267ae1ac1217f8fdbceaa8e98af37823758463ee2dbd7631a3ad47fb984d868e9227fff6eecf2f0056126e014dad7443ca336b3219da93f1d57586d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
3ffb4956a1e4023e0cb4bc7797394659

SHA1
083b654a7e11dd9904f4a7fae393e49e35b14fa4

SHA256
3e9438112a3c5464e9a2ee5aade9496ebbad55b8448a3a3d2b0c54c7713907d2

SHA512
c48048a42deb237f10f85bcf492f34042e2dbc246e5a6c801d6f085d53467400c9ba9cd228a1daf1eb223f3d53bb1b5d467fc4a4c09f96922d23c29dfc9fe04b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
e126a2c2861352df0f186e082c8b9b8a

SHA1
89d53caca772414cc172a5bdb818ba91cff377b6

SHA256
ab9dfe1dc0c2bdf571846fd50bb47ef64348d1471a8cfb8a114cdcfbbc4a7ceb

SHA512
dc49c110790bddba7ff340616e0971a2e721fd824e98df97f57e3ed1570c8aa5bc38508ce5fc24423947b25489d672747d29e41e1aac7df6546a103d8095d030

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
f2fd6499b46c91acc4a03a895ffc8328

SHA1
aa0245466bb4f7327e43cf1590868974275ba64b

SHA256
3450bfbc6730571a9b4ee38a39a83ff95a8a2fc8f924940402d2aabc9a7d9c68

SHA512
3090a8483a5e77364859ece4bec62498afb07c710e34b9d753829e1ef7c9de1b08fa1bbc808bfc3cd08c162d185344364661d9e5ac56877bd1305b123f924f2f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
8.0MB

MD5
22c753865f2d7f0aa9a00986ccb44ba6

SHA1
909f9aff7a2e788a28d67a83ba2c91ca339f13b2

SHA256
832fa27804038c80f7cf6e9cc8acc9067bd8259e5dfb54272224d5150b4120dc

SHA512
6f151ffa1f977fefc7da434638e83b1e09cb337a3088d64e94d602a3a376f06bbcfe48f6bad4d47129fb5584afa093da40a839d137b1ea3dd6311268afd5587c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\39ptzwfm.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
882067807fef40b9d676c047cbf40733

SHA1
3968914e157a7c8a1bc064ddbc696db00b1efaa4

SHA256
039ebf42e6ee51d8609774cffb2b609b1d08bc0e2ad0d2ff10d46c7aead9e215

SHA512
70694df6c9d86ad94df46213e5b25fa71336873e78043492ae551f5517ae4d9b3768fc478b8d3dd09f19f364075e8ea0565b9db1b0033cb88275587e1b89a66c

Download Submit
memory/2560-0-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/2560-124-0x0000000073D3D000-0x0000000073D48000-memory.dmp

Filesize
44KB

Download
memory/2560-1-0x0000000073D3D000-0x0000000073D48000-memory.dmp

Filesize
44KB

Download
memory/2560-162-0x000000006B181000-0x000000006B182000-memory.dmp

Filesize
4KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads