cryptolocker | hxxps://github[.]com/Da2dalus/The-MALWARE-Repo/blob/master/Banking-Malware/DanaBot[.]exe

Analysis

max time kernel
163s
max time network
169s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
17-11-2024 21:19

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Banking-Malware/DanaBot.exe

Score

10^/10

cryptolocker danabot banker botnet discovery persistence ransomware trojan

Malware Config

Extracted

Family

danabot

51.178.195.151

51.222.39.81

149.255.35.125

38.68.50.179

51.77.7.204

rsa_pubkey.plain

Signatures

CryptoLocker
Ransomware family with multiple variants.
ransomware cryptolocker
Cryptolocker family
cryptolocker
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
trojan banker danabot
Danabot family
danabot

Danabot x86 payload 1 IoCs

Detection of Danabot x86 payload, mapped in memory during the execution of its loader.

botnet

Processes:

resource	yara_rule
C:\Users\Admin\Desktop\DanaBot.dll	family_danabot

Blocklisted process makes network request 7 IoCs

Processes:

rundll32.exe

flow pid process

75 2412 rundll32.exe
77 2412 rundll32.exe
78 2412 rundll32.exe
121 2412 rundll32.exe
143 2412 rundll32.exe
147 2412 rundll32.exe
149 2412 rundll32.exe
Downloads MZ/PE file
Executes dropped EXE 2 IoCs

Processes:

{34184A33-0407-212E-3320-09040709E2C2}.exe{34184A33-0407-212E-3320-09040709E2C2}.exe

pid process

5960 {34184A33-0407-212E-3320-09040709E2C2}.exe
4960 {34184A33-0407-212E-3320-09040709E2C2}.exe
Loads dropped DLL 3 IoCs

Processes:

regsvr32.exerundll32.exe

pid process

2604 regsvr32.exe
2412 rundll32.exe
2412 rundll32.exe

flow	pid	process
75	2412	rundll32.exe
77	2412	rundll32.exe
78	2412	rundll32.exe
121	2412	rundll32.exe
143	2412	rundll32.exe
147	2412	rundll32.exe
149	2412	rundll32.exe

pid	process
5960	{34184A33-0407-212E-3320-09040709E2C2}.exe
4960	{34184A33-0407-212E-3320-09040709E2C2}.exe

pid	process
2604	regsvr32.exe
2412	rundll32.exe
2412	rundll32.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

{34184A33-0407-212E-3320-09040709E2C2}.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CryptoLocker = "C:\\Users\\Admin\\AppData\\Roaming\\{34184A33-0407-212E-3320-09040709E2C2}.exe"	{34184A33-0407-212E-3320-09040709E2C2}.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

48 raw.githubusercontent.com
49 raw.githubusercontent.com
Drops file in Windows directory 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Windows\SystemTemp chrome.exe
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Program crash 3 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exe

pid pid_target process target process

1632 3500 WerFault.exe DanaBot.exe
2280 412 WerFault.exe DanaBot.exe
188 2412 WerFault.exe rundll32.exe

flow	ioc
48	raw.githubusercontent.com
49	raw.githubusercontent.com

description	ioc	process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

pid	pid_target	process	target process
1632	3500	WerFault.exe	DanaBot.exe
2280	412	WerFault.exe	DanaBot.exe
188	2412	WerFault.exe	rundll32.exe

System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

CryptoLocker.exe{34184A33-0407-212E-3320-09040709E2C2}.exe{34184A33-0407-212E-3320-09040709E2C2}.exeDanaBot.exeregsvr32.exerundll32.exeDanaBot.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	CryptoLocker.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	{34184A33-0407-212E-3320-09040709E2C2}.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	{34184A33-0407-212E-3320-09040709E2C2}.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DanaBot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DanaBot.exe

Checks processor information in registry 2 TTPs 24 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 17 IoCs

Processes:

chrome.exeLogonUI.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "130"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133763519766117052"	chrome.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe

Modifies registry class 3 IoCs

Processes:

OpenWith.exeOpenWith.exefirefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1669812756-2240353048-2660728061-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

4040 chrome.exe
4040 chrome.exe
2860 chrome.exe
2860 chrome.exe
2860 chrome.exe
2860 chrome.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

OpenWith.exe

pid process

4372 OpenWith.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

chrome.exe

pid process

4040 chrome.exe
4040 chrome.exe

pid	process
4372	OpenWith.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe
Token: SeShutdownPrivilege	4040	chrome.exe
Token: SeCreatePagefilePrivilege	4040	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exefirefox.exe

pid	process
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
3652	firefox.exe
3652	firefox.exe
3652	firefox.exe
3652	firefox.exe
3652	firefox.exe
3652	firefox.exe
3652	firefox.exe
3652	firefox.exe
3652	firefox.exe
3652	firefox.exe
3652	firefox.exe
3652	firefox.exe
3652	firefox.exe
3652	firefox.exe
3652	firefox.exe
3652	firefox.exe
3652	firefox.exe
3652	firefox.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

chrome.exefirefox.exefirefox.exe

pid	process
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
4040	chrome.exe
3652	firefox.exe
3652	firefox.exe
3652	firefox.exe
3652	firefox.exe
3652	firefox.exe
3652	firefox.exe
3652	firefox.exe
3652	firefox.exe
3652	firefox.exe
3652	firefox.exe
3652	firefox.exe
3652	firefox.exe
3652	firefox.exe
3652	firefox.exe
3652	firefox.exe
3652	firefox.exe
3652	firefox.exe
3652	firefox.exe
3652	firefox.exe
3652	firefox.exe
5132	firefox.exe
5132	firefox.exe
5132	firefox.exe
5132	firefox.exe
5132	firefox.exe
5132	firefox.exe
5132	firefox.exe
5132	firefox.exe

Suspicious use of SetWindowsHookEx 26 IoCs

Processes:

OpenWith.exeOpenWith.exefirefox.exefirefox.exeLogonUI.exe

pid	process
4204	OpenWith.exe
4372	OpenWith.exe
4372	OpenWith.exe
4372	OpenWith.exe
4372	OpenWith.exe
4372	OpenWith.exe
4372	OpenWith.exe
4372	OpenWith.exe
4372	OpenWith.exe
4372	OpenWith.exe
4372	OpenWith.exe
4372	OpenWith.exe
4372	OpenWith.exe
4372	OpenWith.exe
4372	OpenWith.exe
4372	OpenWith.exe
4372	OpenWith.exe
4372	OpenWith.exe
4372	OpenWith.exe
4372	OpenWith.exe
3652	firefox.exe
3652	firefox.exe
3652	firefox.exe
3652	firefox.exe
5132	firefox.exe
4624	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4040 wrote to memory of 3232	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 3232	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 1400	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 1400	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 1400	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 1400	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 1400	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 1400	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 1400	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 1400	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 1400	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 1400	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 1400	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 1400	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 1400	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 1400	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 1400	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 1400	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 1400	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 1400	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 1400	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 1400	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 1400	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 1400	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 1400	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 1400	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 1400	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 1400	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 1400	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 1400	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 1400	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 1400	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 1500	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 1500	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4672	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4672	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4672	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4672	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4672	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4672	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4672	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4672	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4672	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4672	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4672	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4672	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4672	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4672	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4672	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4672	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4672	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4672	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4672	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4672	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4672	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4672	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4672	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4672	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4672	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4672	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4672	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4672	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4672	4040	chrome.exe	chrome.exe
PID 4040 wrote to memory of 4672	4040	chrome.exe	chrome.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Banking-Malware/DanaBot.exe
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff9cf80cc40,0x7ff9cf80cc4c,0x7ff9cf80cc58
  2⤵
  PID:3232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1932,i,4960590003291582563,16491723915973082816,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1928 /prefetch:2
  2⤵
  PID:1400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1988,i,4960590003291582563,16491723915973082816,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2276,i,4960590003291582563,16491723915973082816,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2480 /prefetch:8
  2⤵
  PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,4960590003291582563,16491723915973082816,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3160,i,4960590003291582563,16491723915973082816,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:3144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4560,i,4960590003291582563,16491723915973082816,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4708 /prefetch:8
  2⤵
  PID:3084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5156,i,4960590003291582563,16491723915973082816,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5152 /prefetch:8
  2⤵
  PID:4960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5200,i,4960590003291582563,16491723915973082816,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5332 /prefetch:8
  2⤵
  PID:3868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5204,i,4960590003291582563,16491723915973082816,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5512 /prefetch:8
  2⤵
  PID:956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5364,i,4960590003291582563,16491723915973082816,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5636 /prefetch:8
  2⤵
  PID:1984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5396,i,4960590003291582563,16491723915973082816,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5784 /prefetch:8
  2⤵
  PID:704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5696,i,4960590003291582563,16491723915973082816,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5756 /prefetch:8
  2⤵
  PID:3692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5160,i,4960590003291582563,16491723915973082816,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4612 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5772,i,4960590003291582563,16491723915973082816,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5708 /prefetch:8
  2⤵
  PID:4864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5740,i,4960590003291582563,16491723915973082816,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5884 /prefetch:8
  2⤵
  PID:3516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5764,i,4960590003291582563,16491723915973082816,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5268 /prefetch:8
  2⤵
  PID:6084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5380,i,4960590003291582563,16491723915973082816,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5804 /prefetch:8
  2⤵
  PID:6068

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3960

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1076

C:\Users\Admin\Desktop\DanaBot.exe
"C:\Users\Admin\Desktop\DanaBot.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3500
- C:\Windows\SysWOW64\regsvr32.exe
  C:\Windows\system32\regsvr32.exe -s C:\Users\Admin\Desktop\DanaBot.dll f1 C:\Users\Admin\Desktop\DanaBot.exe@3500
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2604
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe C:\Users\Admin\Desktop\DanaBot.dll,f0
    3⤵
    - Blocklisted process makes network request
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:2412
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 932
      4⤵
      Program crash
      PID:188
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 468
  2⤵
  - Program crash
  PID:1632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 3500 -ip 3500
1⤵
PID:3004

C:\Users\Admin\Desktop\DanaBot.exe
"C:\Users\Admin\Desktop\DanaBot.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:412
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 412 -s 148
  2⤵
  - Program crash
  PID:2280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 412 -ip 412
1⤵
PID:1108

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4204

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4372
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Desktop\DanaBot.dll"
  2⤵
  PID:680
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Desktop\DanaBot.dll
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:3652
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1940 -parentBuildID 20240401114208 -prefsHandle 1856 -prefMapHandle 1848 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c9c7f87b-f0cb-4fbc-84fc-9d10b4d2ee6d} 3652 "\\.\pipe\gecko-crash-server-pipe.3652" gpu
      4⤵
      PID:548
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2436 -parentBuildID 20240401114208 -prefsHandle 2412 -prefMapHandle 2408 -prefsLen 24601 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca057be9-7fcc-4c3e-b5b8-2d2addab4234} 3652 "\\.\pipe\gecko-crash-server-pipe.3652" socket
      4⤵
      Checks processor information in registry
      PID:3620
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3252 -childID 1 -isForBrowser -prefsHandle 2560 -prefMapHandle 2616 -prefsLen 24742 -prefMapSize 244658 -jsInitHandle 1240 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a69b1442-eadc-4ceb-86c7-e2c432874fcc} 3652 "\\.\pipe\gecko-crash-server-pipe.3652" tab
      4⤵
      PID:4928
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1232 -childID 2 -isForBrowser -prefsHandle 4168 -prefMapHandle 4164 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1240 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {adc428b4-85ae-46f3-8067-8eeb664a3b6e} 3652 "\\.\pipe\gecko-crash-server-pipe.3652" tab
      4⤵
      PID:4844
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5096 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 5088 -prefMapHandle 5076 -prefsLen 29198 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5812bc0-4422-44f8-b5f6-e196f0cd3777} 3652 "\\.\pipe\gecko-crash-server-pipe.3652" utility
      4⤵
      Checks processor information in registry
      PID:5996
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5236 -childID 3 -isForBrowser -prefsHandle 5228 -prefMapHandle 5224 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1240 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee44a02b-afa5-4036-8f07-47bba9bc2495} 3652 "\\.\pipe\gecko-crash-server-pipe.3652" tab
      4⤵
      PID:6028
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5404 -childID 4 -isForBrowser -prefsHandle 5412 -prefMapHandle 5420 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1240 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {99c921a6-9b0e-4977-b0d7-bab2b5788d7c} 3652 "\\.\pipe\gecko-crash-server-pipe.3652" tab
      4⤵
      PID:6048
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5668 -childID 5 -isForBrowser -prefsHandle 5568 -prefMapHandle 5572 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1240 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0bdc2638-7f3c-4647-8ab7-789532f98970} 3652 "\\.\pipe\gecko-crash-server-pipe.3652" tab
      4⤵
      PID:6064

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\DanaBot.dll"
1⤵
PID:5168
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\DanaBot.dll
  2⤵
  - Checks processor information in registry
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:5132
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1952 -parentBuildID 20240401114208 -prefsHandle 1880 -prefMapHandle 1872 -prefsLen 23681 -prefMapSize 244694 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a3712154-1505-4f54-934c-03c9da0c4cb7} 5132 "\\.\pipe\gecko-crash-server-pipe.5132" gpu
    3⤵
    PID:5388
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2300 -parentBuildID 20240401114208 -prefsHandle 2276 -prefMapHandle 2272 -prefsLen 23681 -prefMapSize 244694 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc34d7a3-59c2-41cd-855f-a0a08c501689} 5132 "\\.\pipe\gecko-crash-server-pipe.5132" socket
    3⤵
    - Checks processor information in registry
    PID:5456
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2924 -childID 1 -isForBrowser -prefsHandle 3232 -prefMapHandle 3284 -prefsLen 25064 -prefMapSize 244694 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f67b4822-70b5-4696-a067-c165eca95e5b} 5132 "\\.\pipe\gecko-crash-server-pipe.5132" tab
    3⤵
    PID:6100
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3704 -childID 2 -isForBrowser -prefsHandle 3700 -prefMapHandle 3696 -prefsLen 29413 -prefMapSize 244694 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {005c8683-8cd9-4b93-92d7-0387d314e38a} 5132 "\\.\pipe\gecko-crash-server-pipe.5132" tab
    3⤵
    PID:6052
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4888 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4904 -prefMapHandle 4900 -prefsLen 29467 -prefMapSize 244694 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5d1239d2-30ea-41ba-869f-6f577c3cfafb} 5132 "\\.\pipe\gecko-crash-server-pipe.5132" utility
    3⤵
    - Checks processor information in registry
    PID:3708
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5348 -childID 3 -isForBrowser -prefsHandle 5384 -prefMapHandle 5400 -prefsLen 27320 -prefMapSize 244694 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {de42a7d9-fe43-4477-bfb4-4cc7f477e008} 5132 "\\.\pipe\gecko-crash-server-pipe.5132" tab
    3⤵
    PID:6096
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5636 -childID 4 -isForBrowser -prefsHandle 5556 -prefMapHandle 5560 -prefsLen 27320 -prefMapSize 244694 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1ebc7c6-cecf-4f99-94a1-a691ce1f03e3} 5132 "\\.\pipe\gecko-crash-server-pipe.5132" tab
    3⤵
    PID:2784
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5760 -childID 5 -isForBrowser -prefsHandle 5836 -prefMapHandle 5832 -prefsLen 27320 -prefMapSize 244694 -jsInitHandle 1308 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2825b08c-6204-4779-b6ae-a4c9b24da721} 5132 "\\.\pipe\gecko-crash-server-pipe.5132" tab
    3⤵
    PID:1528

C:\Users\Admin\Desktop\CryptoLocker.exe
"C:\Users\Admin\Desktop\CryptoLocker.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:5808
- C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe
  "C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe" "/rC:\Users\Admin\Desktop\CryptoLocker.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  PID:5960
- - C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe
    "C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe" /w00000248
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:4960

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa39c9855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:4624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 2412 -ip 2412
1⤵
PID:416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
d561672f66586110e0f7f3b44ee7db83

SHA1
d2f056e1cbd2168f17c1d6ec3b1dca1151ddf8fc

SHA256
a165384dfe7fedc58ad1fa1cd990c2280cf13f568b8bfa4b98437effbb307220

SHA512
09b5f6aaf57ff4a45a8a296e45297f33939c8032e575d73229fddf85e6e148aaedf53bd76cc437b03f782c85fdc789d26de0c14ac8b4462b7d1ab58e2ebdeabc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
7bb2f9a67b74e9e88839d6a89c960f23

SHA1
74e265341c8cd27ae648b24a9963f47456bc2085

SHA256
91f1b5babe9d882152b3c6d1ce6183d6f94c1e761054f98d98b3466944437dbe

SHA512
26d0d53563d6913557063f1197b1278fc7362800fcfdc803dadff0b404ea910a93281ead40bf236331100d8a167f3f63e3ed610eb5f14b246aadd1b959bd1340

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
28d6e6c79124612fa13fba5483eacb57

SHA1
11986c6753f8fc9d25f843a002f55eb1defbdd12

SHA256
6ee7e09303706d773ff16a42e83a2fc09954871567dad2f778107ba944023cf4

SHA512
bf1b045a3957e274a9562871bf6854c5f2265fe4b11d71429a36d548a39920eced5926a45f9561d355ef65cb4665c2253c8d01f54e140767b1f4bed560995e63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
dae319eeff368eb4afe324f24954513f

SHA1
a0d3bda2f926b5c33058abdd022ab6822fc36c6f

SHA256
98e99c7b050d7a43a8b4792fe8e56896a3bf2c6f6de72d44e3e8cc142ce45e10

SHA512
4f6806bd7d47694eae8b4345bc428fe74a2ced95e1c1747577eae8a3e7cccdbadf2f71f7166085453baeca00319bcd5e1050119ddbfb85498ed2e1410281cae1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9d8a0366d999f7e2efe00e4df09ec4c5

SHA1
2299b34bb78b3251d9acbddb3d1d0dde9833c2ab

SHA256
f22ca6630f2ee8293a79cd8e58b1f1c8afda074bd490d3a02953d5b7a04e0bcd

SHA512
1c2363c75faebffb1a16127ee800603e6f20d4e190c98524bfc77963a73ab8021c13ccf2f1376e8d52f92eda55f7875ac9147e219cb641b3cbef0ab4ddbabc33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5ba7d572343617f13aa9e96fc399682c

SHA1
18d03254061cc453ba6881fea621c2db53b97082

SHA256
177b667bd367afd5b6e694f41ae38006869afb09809acb5353319b7cb8053ad7

SHA512
a7778a3f5a0ecc29cc6bc91beccb26b44acccb0e19944bc2856da50c58d28b4c2eeb550f045c931a6851ae438b777a1d360decf07614142afa1a53f8fcbd12c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d05754b3cabcc68f96da85f0cae35907

SHA1
910385c9e1953c1d33032292701188d9350b901f

SHA256
ab0a77826bed2cca48e8b84d5d45eaf2ef669cfc6122b35d85238e1e77575d1a

SHA512
d9c5becbb53d077c5df56c6bcf7b22b421861f755ef04fac486dde1a9cd58d67a629e76c48470283826fae1e76adf74878ca28429255b0e795333b96a9ed5709

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d9574cfc81a9d71bf411dfb01cd5b2dd

SHA1
e7f1c00bfc2d10ca8c4d48251620a02b14b49178

SHA256
4a1564b0fa196c538ed9510510ba7080c9b2b147eba01614092aec0f2a7fc238

SHA512
c17dccd93a0fce1fffeda43c16c54744f2b00311cc38181c50333b13d4149812fa44db9a16dee2a1ae39d620c17240bda2d3d2ce57471b8d63f3be136e59c35e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
adef728f342bbfbbc9fae46c1fd2ca47

SHA1
43d1301d2cd624cb46f6a579962dcd9aa82243a7

SHA256
064327cedfb292df699b4d2ed6513c7a58b768b09d8601814a202ab7e4f6648e

SHA512
0cf7d2c41b20a0830b6404aec64ce1714d62f59b1ccf4498ec53302a490d36f3851cebba4703203c13afab1e4ab3b3b95ac4a0a466ac8e1f01ea2281c0cdbc7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d659fd50a8785bb138b70707aeea5144

SHA1
083621c6d7b3c782cf24dc85e314b86a4a9f29e0

SHA256
d0581218fa16aac1c9040e1705a7b93c65d2dd65ea925a1ee9c1c91847309191

SHA512
0f5ab5197c09ab940b4ddea3af11a0bc5961a1e9fb004a54bb4e190cfceb6e0f21756e99da18c6ea9a0f781c324fadaae4660e62306d7a7ecd99652201ea86b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
123f11ebcda7c7c28b3920aa4a695e93

SHA1
7af42226110b84b5c585694fdc30aebcd077397f

SHA256
f0ef00708b1edce238d50bd1e34662b00e5c71ed01b217e7219159d0742cfcf0

SHA512
0ef44c6ced040c6346f02333fd86fb5a1b2e9e69e3207017662720b87276fc6ed40999731db6e1f995a18532d166cb4d432242151f15b37ef621fef0826dfde5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
29b8306628b2bdbfbdb723d528c602a6

SHA1
d0f3cd3b108ecd6c12e0c08a29764d9971f99baa

SHA256
ba4efc66bd7acaa1c5fbb2f6a6069e457bb84e2c65a4b238e8f0f211637e4ea0

SHA512
12cd3eaedf1c37d9cb3e678612d3b5a4df5f09e2d4a1603b365cab69f9866fb0f4d528cf0f7dfb1fe456d4bb38c53268576a4bbdf3a600e88c3fe6a44bdb4998

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6fc851200cb3731ec2cdea0729f8f646

SHA1
d3b42f2e82abbdc8d547379c17a25df68d8b2cc9

SHA256
70088cc0d3ebe2ad5f0a973772f67765fba6b6766fccd02124c9439ea2ceda45

SHA512
c3dadffe5fb6baa493929c546d4efca004a614d97ec806540ed31d9e557928678f85b3d8e6189223509806a2d90b709ad999e6766dcfb8a81f16933b6ba1be21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
73c28675cf65a8ffc01e3de6aa29278b

SHA1
1d2c7dc69f16222ec02aa8ba5bec5fb0c380cc7b

SHA256
f30530cfe0665d19060d70401550efa7660bcdb8cc9126a001a898f2f9ea5301

SHA512
ca7d278f5013ef357d3a63c9f87cf19f542fff44d29663b9761d252f4a67286e3d9ceb639f86c60647e59f0bc8bb71e5679414dd25682b1728fd42b6e2faefd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
72127534a62988e73cb4f6ae5d6e8598

SHA1
b6112310ebd06660ae31fd8a991a3f66046d14e9

SHA256
f0336f697e73d98d9b9b49c54a9bb209605e17955d7b8d6609808cf5ad662c1a

SHA512
1c2be7b31adca482319bd2b5c2ba10d5e5265a09bb9bccfef53b230a083205f03128a50d4539564cf5bf1c8fb1e98f056c9041c45bf516c64b2ed37fa21c7a12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6ccd56eda4c96e43ac82a98c0db7f911

SHA1
d9a583fddfc36d9bff3796d4535b7c27e2b4e502

SHA256
dc6b80a11dd6ae25d7c7a8a69c8f19d9c41daa4c182bd94643cb39c764555e44

SHA512
dffbaa9ea165112bf33f0144de61eb3a4e85994a933ec27c9225567ae4b16075486f0afb31e29df6b1f486fbc4214e2876bf6a5abf636c142169e992005843fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
54215d90dc4818a7a99836999543042f

SHA1
bbc00096e1308cc07d495d567de0846ae75168c0

SHA256
838a5788f86214d3db0abe15b07d13bc1ebfb6d2c6dcaacbd6be0767bea8e563

SHA512
24fb78d0cd9d0ff0dee0ed1982ac56e6801075c7a9174361f5c95ad94b6a6dff4bd82b7c327f2c661786b173e45823aecda7ac725971f72e12133dd372db895e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
926fba8d378ac2c66d677c0bfbf1176b

SHA1
c7d2262ba826b0aeadb96af6e768f728e050fe18

SHA256
9c7b3b3ab2806e58eef8d97fa74374ebc97443f3e58013b8725be159c3597770

SHA512
228604099a0bbdc59750fcb19a010293f8022ded2b802a49c02f2b0d611b8693a98e9b615178c04ac34249e54e574aab0d46988c206fcb9e27a571888c52f325

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b6f9316ad641010541cacb72ae4ee786

SHA1
4182bf8bdf8f946328133f29f1731aa7faffe85c

SHA256
7e61b7c1ff5ea655f5147a3a3bd0e90cd517288e76f77f2dec48aa437decb25c

SHA512
335e1e8d7aed6c58a48c602da61fda00ad89a9e9978a01358632269bef92b34b65a8346f373a1f30c8bfc977ed593edf166bc833a4ccb6bfaab4428fa5df4c80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ad7ca874-599e-4cbf-b938-4fac992f0f8c.tmp

Filesize
10KB

MD5
e96146d84268f2b9bf1f2803a032eede

SHA1
42e4a73ea1e0802c21e1a28864bad3fc2ac967c4

SHA256
d41fe2a16632ecc3d2f6a9f10c7dd45e09ff33280ad255a8ef72622313377104

SHA512
8f33f5b0792c345e39482a835a81f75536c362098593c460800f0144cb96af4c54678d741f4f4a43065f555642c9613edeb52c5472dcaf8d0369b6f2a975ba36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
ec163d15fd60e63b5ebb09ee72506e1b

SHA1
9132ded4adb551cf430c173133c7c806872e4020

SHA256
6a9e54d579e3706a0d86bbd7f2e79cf609d92dec2715376960c71a8004ba073f

SHA512
4a16f058618c26b05fd99f4de2484e2be787a1501b6c88fc932c8c35c840ac83ddeae2da74570e8d58b747bf780f7996f598ee741b54faaba432d5751e32c348

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
3f56d2de8e1d9c6e27cad8d27b29056a

SHA1
8bb996e14f98b416b058adb7a07fe2e94a4a2a30

SHA256
441717f08dcffb1aa42647cddecbb5c44f11cf86112051b2d033c15e23375e44

SHA512
f6ab102f959c5fe212670bcac52fd7dbb65b25908c2fbb184aa6829fdb09b93e3834c8d124023b355783a3e967946c1bfb04952b31b672d5cafb6b76d0794bfe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
18b4209960b100ece783e3af7ddb274d

SHA1
c5a19543edf19f4157830eb31a4f4992003889fe

SHA256
33088bc2a22149cbb13e17482c35e2dab0ba16796bee18b720086a4a3bca89b6

SHA512
348913ee030d188c063e8fd7098b0191f43e29ca8b42e302e5e6b363501e6012fcf96e03d596695af4eb6e622ed0602c9400bef069ec0b8b4e3ffb916c7c60e5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afyb4qvh.default-release\activity-stream.discovery_stream.json

Filesize
19KB

MD5
24cdfeb396a9e8745408c38487814876

SHA1
d7fe0be2ce03e3609d9cb4aa03c93b7c7c3a7b66

SHA256
b566514e704df4aa6afb64957d4826a62529530fb3e024ec14d2f78d9636b336

SHA512
a716cae385418b28b143d59f99548bf9c746e7c1521e96ae0e2978b01fca96fffe6e91134f3a15c8a3480a2b20dd83e05a0cb91053ef87f76dd090aeb9aa0041

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afyb4qvh.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

Filesize
9KB

MD5
bcbb5e5edf774858e2890d9977ec3992

SHA1
07834116d7936b11d3c0929d2af71555406d3102

SHA256
dc62f32177b931ad58a54db806d1dd7bf7b3770d88e1d7280e4a20cbe9301ead

SHA512
dd94b91773daf2d16bbacbd3a83ec76fedbd12dfaff2e330eda75a5ec789918de238cc5bafb3f1e3667d6172d2f6a7e44bae069493be9ac85d28a2443eba038c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afyb4qvh.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
14KB

MD5
65b221539556268a2e0dcb180df852e7

SHA1
07be09f4b22834154ed03ef9eeb5e9232909cd37

SHA256
512f13c20f11d859ba43109622a4a58760b5e6517e53e50c40663c73c933f07c

SHA512
d286be29bafb37376215b589cd7b69f01c8a44e856e87320aa35ea14da1a00401a4781a55962035e2786dbb6452c08599d8713d5baeb7445c187f18e5d6910dd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afyb4qvh.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
13KB

MD5
f99b4984bd93547ff4ab09d35b9ed6d5

SHA1
73bf4d313cb094bb6ead04460da9547106794007

SHA256
402571262fd1f6dca336f822ceb0ec2a368a25dfe2f4bfa13b45c983e88b6069

SHA512
cd0ed84a24d3faae94290aca1b5ef65eef4cfba8a983da9f88ee3268fc611484a72bd44ca0947c0ca8de174619debae4604e15e4b2c364e636424ba1d37e1759

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afyb4qvh.default-release\startupCache\scriptCache-child.bin

Filesize
462KB

MD5
24d6c20c2371bb9028a30bf2a6c873cb

SHA1
0c3e9dd4ae0d70fa241ff9c9104bc8800a8e703c

SHA256
5531f258fd34995aad0248d4781fa9182332fdad29406e3dee6d99fc2b7205ee

SHA512
a06ec9cc88980c6a9c8f18f65a205599f49eb62071d5a06e0328853de9e888687eb6eba70d7f0e4bc8d403a5cff532d2f93defbeefa3d469986c0466d8e02dc9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afyb4qvh.default-release\startupCache\scriptCache.bin

Filesize
8.9MB

MD5
8e2d2681f63f499c002daa9c1d308b00

SHA1
3479349bead123f049c6d6d30c55e9e191fa74b4

SHA256
5a243345dad07619b0c47cdc00befb438789710e36eb69acbe25540361075fe2

SHA512
8815d2006fce5ae587de348b10d6e2436fa78e033f240516f08d974605785d30e2965f9b2135689b7d7da70d011db442530f28dae7c697f779b4e761945d9890

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afyb4qvh.default-release\startupCache\urlCache.bin

Filesize
2KB

MD5
5b8b736585d7f0e8cd5c7684b51a61fd

SHA1
42f68e42e3b62c353a9dd7af2eca84c1edcbdc1d

SHA256
4c3dc9de596f5342ca2b0f00e627cc125ce1a33d3e73f9cf6a21441c471253a7

SHA512
c3cb7a68b698768a182438c46b75fda6a1423c2161ac0339f2011ec44e042bfad832687797d355e96e97d36fd33d60bfaf12912bda5a265893abe6269e150159

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afyb4qvh.default-release\startupCache\webext.sc.lz4

Filesize
107KB

MD5
57e70e4ffd50bd76f83a4673f42fdee9

SHA1
77c67126c819062026145d3a7b66ad134a1cefff

SHA256
b6a58161b347a5e823a31f60871cda93c3a06c1a5c9c11fbe4fc108ac49f8ab3

SHA512
b93dcf98d90016be56bad0ad18fe388d038c82654dae5758cee2c74b45b369fec74ea18767bf487eefba41ba3eb0cade8371862d3dce0f62c64466bbd965283d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\AlternateServices.bin

Filesize
6KB

MD5
738ec9d84ddc366799d8d4dd6636895b

SHA1
68942827e8722c90cb461b35fe8824fcd30d3355

SHA256
ea59b0a1e780e109c64d00acf361348ddc6df811b23664c7beccbb0bd8cd08a6

SHA512
1f81c9177ed87ca96fc8b319c61c784afa85e6872173c29c1f6e528aef6fe797cc1227703e73e45c953499668d3e388260d8d7d7c302184e6d3ed29f98f4efbc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\SiteSecurityServiceState.bin

Filesize
858B

MD5
3e61151b701ad5b5b56487132fb75fe5

SHA1
6ce62fb0eb5103057df4fba39b5990c6ee896d06

SHA256
7a8ceb31a8d9800803688f26426bd81a0a9d2abee5c75826dd4ec48f2213f82b

SHA512
b065bc4ab1228e77371bf66822b28c92ff2351bd89765f716a9f0514cfaa10f4ddd0044f221e598cdf22645a48d4491464424cad6dcb82a61f00092975e06cba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\datareporting\glean\db\data.safe.bin

Filesize
16KB

MD5
67e13e9e70e18e701d33333a4dce76bc

SHA1
ff977ffe95c041fbea1f5e932245ec357d994437

SHA256
6d726989502ca9c2ed9b435db872ea59e2fa3bf66db2c948e5dc0b0d0ecc0995

SHA512
c16d299ad49f9fbf38c73f280f8302dfc48b64ea1b11e94a92592f424187653af0c6ad0f261b03e580afadfc40985c48d9b7da47f082d27cfe67afd890dec56b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\datareporting\glean\db\data.safe.tmp

Filesize
16KB

MD5
b81614f7bc7f350d7044ef373e627da1

SHA1
e85c541a0c8797b32f479afa905255a829eaeb1c

SHA256
2616c70bab3a84c55ac780aee4f5dc5836c4f2148aeb33abe51bfd8f6792d453

SHA512
cfb6c59869ddbd4b3e2094a62a5a8ecf95b0850fff9f5d5fe8d1d068a701e6793c26cfd1e67c57a2db794bc8cb90c37b44746f80ceb3a7ba7eb35f35f332c919

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\datareporting\glean\db\data.safe.tmp

Filesize
16KB

MD5
a42a2148f74ac8c65b6d93922a2809c2

SHA1
1fffaa2dd4ca123b69b36ed6c92b53c0aba31f02

SHA256
59070ea98c20f50c477e68287601c7701337d838229f51a669dafc442e619898

SHA512
8209f01c31557246cf574d3ef15f918c43526518b0f648b2df10dcfa1c1342e0c467f4b7c42e7a477d5fe5fbf3487532cb6271856743b89aff133a22642811fb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
631c4ee33962d4baf086c236757fcfec

SHA1
d6177dda6933eec83f505da661a97f257f40b328

SHA256
a240de0ad22cc3876420ef763ca120b0ae64f4fa3f7156b40276ea78ac166f19

SHA512
245aff58afc925db4776acd6624075913ddcea50f1c7a717d8b64dba17d562d26dccfb9672027fdacec976033da51fd20bc8e42a3758c8668db200394ac50509

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\datareporting\glean\events\events

Filesize
104B

MD5
defbf00981795a992d85fe5a8925f8af

SHA1
796910412264ffafc35a3402f2fc1d24236a7752

SHA256
db353ec3ecd2bb41dfbe5ed16f68c12da844ff82762b386c8899601d1f61031d

SHA512
d01df9cab58abf22ff765736053f79f42e35153e6984c62a375eb4d184c52f233423bb759a52c8eed249a6625d5b984a575ca4d7bf3a0ed72fc447b547e4f20a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\datareporting\glean\pending_pings\2b056b90-0f44-462c-8b99-449a8974b856

Filesize
671B

MD5
f24199155ee482cfb2b152c01709554f

SHA1
44a4760f526b6dc6d6e12db7544e46517f113c99

SHA256
fefc1a8abe020aee2e05779f5de2d78afb6e99b593bfd6fcd8c0d64785063f5e

SHA512
53280f18712f65406910101d0adeeafda62d5b979fff8796a439efca5f012d3de517634cdcb66151482bfa4165ac9bc01287ecd8a56ae7c99c6a40bf232890d0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\datareporting\glean\pending_pings\60543da0-4201-4fc7-8e51-2108bff4faf6

Filesize
659B

MD5
cb444c9874bd16e5682513ca989d8f9d

SHA1
cbf7e3d745732f2c6125024d352cb4a45f8a04db

SHA256
e967c14eeb6263a69690e8204c857f579378269054317d1f53317e29f3da5bbd

SHA512
c1250e3b64904de441ea543bf7d1a5bc8073c352700fa2deea51bf1beaf15642e4438a896a61dfa5c1d8f4038e9da624d49996103d12679b38e1ff138977473c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\datareporting\glean\pending_pings\cfd62ae3-0eff-400c-9c5d-86feb323d72e

Filesize
982B

MD5
11ab011f6b1f85d32a191cdbcafcb335

SHA1
7b4482ec93960d7462bcce7ca85b8ae7c5175e58

SHA256
e25104f8fcc7168e1883b10cef34e88fff3c993576f4eff3e2cf3d35436d54e3

SHA512
f466ec0b111b7ceb8eda43c6304f07268b7a1fb76338eae0ba1fb15abc5068f4fbdea4bb906c1639bca95007f13d6ae22129e10902b6717dab3965a2c4bcca40

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\datareporting\glean\pending_pings\dcff74d0-b514-49e5-af9c-7ed464b9765a

Filesize
26KB

MD5
cfe39878df75bf90d0a0eaca62d604ce

SHA1
bddad87f91d2a2df3523dfc0aa7044bdc2630c14

SHA256
253b5c574e6e35efb5d70c0ce6e32fe433d39b1e3f13debf074899e203f9bcda

SHA512
f84dd869f092d3eed1c17253209226ba704ccf4fb61d7205a78c4a6c86da11affe2270d678100a7c77b4de703031b031b33a5bbd228c00855a749a64d0202ca1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\datareporting\glean\pending_pings\f35e6df4-3cc5-419e-9e74-b77ccbed3601

Filesize
905B

MD5
53ce6f6ea53de3495b07e6a2d6742c39

SHA1
07f780d75cb2b57bce7b57f9441c006094646ed0

SHA256
a38c6d6782da5a3629ac5e1cfe37818463074669fe0f6c4caa3745418944252c

SHA512
771cbacd7339fb4f7628153391bf684fb859e38124049fa36a467c1a4c38c022fc3236275bd1a74674bfb7a3063ebfcce054db46a43003cd24860f14976ec5f1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\handlers.json

Filesize
452B

MD5
9e0d9aa9213bd1271039e8a9ebf2d81b

SHA1
e6971540cdefa3084fef5d3c6f8778f97b6cacbc

SHA256
13bef787240cbc4ab3b390245d7c9d5a6accb5716dfb589dc5db8ef70f46a144

SHA512
333d84bbbbe2c6de890352429cd55be6eabfccb93f05edbe2664956e2c672fa1767c1c877a56a6e1d9c3944e0090f17bae17072445dcab3ff98c453bc35474d0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\places.sqlite

Filesize
5.0MB

MD5
a2b0801d829ad5e80da341c86d07a0a6

SHA1
99804e204b6c7e0b65fb9861d489efd4fa9b6c23

SHA256
124a7efc6d953e63fa00fd1e1e1109386f91aa42683cc2dd4d1e25b7e5492adc

SHA512
179f0adc30b940c6fc5200a317b94628cf0d648c1f122c669b0a123c0e7badd2e3164cb167df18184f9ff75d2f9bfda21ff4442c73deab7d46c5ce8168f99efb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\prefs-1.js

Filesize
11KB

MD5
ea04412993c54b0c51b7d72f36721ffc

SHA1
14243516c38051eb10e09fc02e98da1bb0768cc1

SHA256
d40ebe69b09c77ebffc743d987b28f702d1c8affea5e2e979290078e9d868004

SHA512
7f9c2a29d1345dc5cd325da0c8d3865bb8027f49ea1c848973b944176f5a4dd70c762ce162147cded28319ddd2b3082e02838dbf243d1fd384fbe0dfe978c4e2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\prefs-1.js

Filesize
11KB

MD5
1c7b666e052dc68909c9867324fc2654

SHA1
5a24c574095490eb29a127c31782893dbac7cf40

SHA256
f97078fe553d30e7f9801ea3b0f0b2c0ac13aa9bb93a8c6aa6d9ab3bb2b1cc44

SHA512
a3516e22530f792bc9045451f83d70905dba0afa7db65798d938cdf41a3c5fc22578de3be79811e40abb883a129f5fe6bef766f3d71f74366300bfad6a73e0e1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\prefs.js

Filesize
10KB

MD5
bf53d6a05cb02919a74c24436e2da5fe

SHA1
fc72b9b69679b6aea1638d2d009bb2a47abbb386

SHA256
70d8e702c86545860a28ef63a47db87510610c05beb6cea64153ba45bf8f6c8c

SHA512
2afdee0e8f4de23db8f2e70c1cee1660c1aa7634c2d0c8d7e849bf817f9bbd5dd99ead8615c7e5d5806ada24d23f0acdc8435ef8049e82a5ebd45589925f769f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\prefs.js

Filesize
11KB

MD5
ed1ac32e8ad8405decf17d45d9e47d8c

SHA1
f216a49df2395c60a081eb743544db5035983c51

SHA256
c4f2270d854f1f9754b74fcff77503b22dc1dad1c7986ad3e850335782a5cbd1

SHA512
1e2b84843bf41087dc5d5db405d82cebe57caf229cca264032bf4644bc037b0ed6890328ad42a72782cfd097030e7fcc5443d1b1cc839b2b18c2c2361085a11c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\prefs.js

Filesize
11KB

MD5
7b1ab16b089f7e21dc05cf30f612de02

SHA1
3f7abf66521096a0561c0720fe13cbe6c4356061

SHA256
1f2d252ae93fce00bb4fa41ed05201e57f87d88e5ee8681da000f2f9ea87270a

SHA512
f47f1b008b1c9f4495ebe717d91e1e09f460ca2c099c98397063007ce942acc60f061e3eb612a8866c897a69f456dea5e3e9a9bd11444a7b94d361c8db5dea5e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\protections.sqlite

Filesize
64KB

MD5
76786a4c0dd19d88d6d3ed95a293bf2f

SHA1
b0d6d676127a7694fc6e71ee57fcc2ffaa621ff7

SHA256
1a2564c1ba20b8038d35c2319258d94dc15d97914dcf753b31c48b79940dfd31

SHA512
8cd3298e2ebba763d3c80ac4b17e44af7eb63b46304967d0c6316d314baf8611c05f7b9979c2c5c329ac167aea0246e8c9f057ffbb272481c13fd5e4b4bcb2d0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\sessionCheckpoints.json

Filesize
228B

MD5
a0821bc1a142e3b5bca852e1090c9f2c

SHA1
e51beb8731e990129d965ddb60530d198c73825f

SHA256
db037b650f36ff45da5df59bc07b0c5948f9e9b7b148ead4454ab84cb04fd0e2

SHA512
997528e2ecd24a7e697d95cd1a2a7de46a3d80b37fd67fac4fb0da0db756b60a24648b7074255dc38f7651302f70894a53c3d789f3d7cd9f80fb91bd0cade4be

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\sessionCheckpoints.json

Filesize
122B

MD5
99601438ae1349b653fcd00278943f90

SHA1
8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9

SHA256
72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a

SHA512
ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\sessionCheckpoints.json

Filesize
146B

MD5
65690c43c42921410ec8043e34f09079

SHA1
362add4dbd0c978ae222a354a4e8d35563da14b4

SHA256
7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d

SHA512
c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\sessionCheckpoints.json.tmp

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\sessionCheckpoints.json.tmp

Filesize
288B

MD5
948a7403e323297c6bb8a5c791b42866

SHA1
88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

SHA256
2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

SHA512
17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\sessionstore.jsonlz4

Filesize
1KB

MD5
9ff688de64129a9d152779852eb3ecd3

SHA1
96732914833530c4e7ed2cb0dbe47e4de89d98d9

SHA256
597c820726233f996b0128288a19f39e044d1d3d27bbdf7ebc010fdd1a0fea56

SHA512
253f45fdffc07e8f90611e287c6bfecff572be051b31553e534c277238d1f002c5e7963da27ef5389d2ef8b94d906e489d586d2ee07fc46b7290fd6f62a857bd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

Filesize
48KB

MD5
8c5bd57ec5676d8ce0a8b1b24b48929e

SHA1
d79e9f0e3f97cf77d7928252e170063246a53fb1

SHA256
5236e7d0e57fd307ca034469243579101d64ccd36677efe5376bd56eb4064869

SHA512
4c0ce49b565471724a06d4fe0c9b2452d9c5776d0a2df16199da972d79d879ac5e8af016893ab0af018858db1af223d6641939ff81d0631bdd2ba6e7c23b3fda

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
384KB

MD5
12814305ec223fc3ccf3912d061b7e35

SHA1
03c7b504654c6083d937770d10e250507b52efee

SHA256
3c6cafaa6c1ecfff5a764b7a6536ddfe5ca9a614775499ce790423f17c9b8bb3

SHA512
b1264ca49e2e4d5d59826a1377f3de37f193e58d0ec8d296bd22577cd025c006be2d56beec534b07958d641298c265b6433d800341109f5924bea3bacdab7cd7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afyb4qvh.default-release\xulstore.json

Filesize
217B

MD5
3c7edbdeecdb47fba617e3d03c36b0d3

SHA1
53628ce8c5170810fabafab8e001bfd971d47825

SHA256
c3db6f2519b071b7441022f9ed508b0da5ba40295be0ee449a27bd6146595d04

SHA512
bbf56ea374114173f7de198cd71ac6e75276b0f30926c6690db512f45ac2e54d099d990c285578f702696494d2884d8550e5dddadeee01077933034ac3817842

Download Submit
C:\Users\Admin\Desktop\DanaBot.dll

Filesize
2.4MB

MD5
7e76f7a5c55a5bc5f5e2d7a9e886782b

SHA1
fc500153dba682e53776bef53123086f00c0e041

SHA256
abd75572f897cdda88cec22922d15b509ee8c840fa5894b0aecbef6de23908a3

SHA512
0318e0040f4dbf954f27fb10a69bce2248e785a31d855615a1eaf303a772ad51d47906a113605d7bfd3c2b2265bf83c61538f78b071f85ee3c4948f5cde3fb24

Download Submit
C:\Users\Admin\Downloads\CryptoLocker.exe

Filesize
338KB

MD5
04fb36199787f2e3e2135611a38321eb

SHA1
65559245709fe98052eb284577f1fd61c01ad20d

SHA256
d765e722e295969c0a5c2d90f549db8b89ab617900bf4698db41c7cdad993bb9

SHA512
533d6603f6e2a77bd1b2c6591a135c4717753d53317c1be06e43774e896d9543bcd0ea6904a0688aa84b2d8424641d68994b1e7dc4aa46d66c36feecb6145444

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 528208.crdownload

Filesize
2.7MB

MD5
48d8f7bbb500af66baa765279ce58045

SHA1
2cdb5fdeee4e9c7bd2e5f744150521963487eb71

SHA256
db0d72bc7d10209f7fa354ec100d57abbb9fe2e57ce72789f5f88257c5d3ebd1

SHA512
aef8aa8e0d16aab35b5cc19487e53583691e4471064bc556a2ee13e94a0546b54a33995739f0fa3c4de6ff4c6abf02014aef3efb0d93ca6847bad2220c3302bd

Download Submit
\??\pipe\crashpad_4040_HCJHTJWFXIZLWLTT

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/412-258-0x0000000000400000-0x0000000000AAD000-memory.dmp

Filesize
6.7MB

Download
memory/2412-241-0x0000000002470000-0x00000000026DB000-memory.dmp

Filesize
2.4MB

Download
memory/2412-245-0x0000000002470000-0x00000000026DB000-memory.dmp

Filesize
2.4MB

Download
memory/2412-273-0x0000000002470000-0x00000000026DB000-memory.dmp

Filesize
2.4MB

Download
memory/2412-1149-0x0000000002470000-0x00000000026DB000-memory.dmp

Filesize
2.4MB

Download
memory/2604-238-0x0000000000F80000-0x0000000000F81000-memory.dmp

Filesize
4KB

Download
memory/3500-242-0x0000000000400000-0x0000000000AAD000-memory.dmp

Filesize
6.7MB

Download
memory/3500-243-0x0000000002A80000-0x0000000002D0D000-memory.dmp

Filesize
2.6MB

Download
memory/3500-244-0x0000000000400000-0x000000000069A000-memory.dmp

Filesize
2.6MB

Download
memory/3500-234-0x0000000000400000-0x0000000000AAD000-memory.dmp

Filesize
6.7MB

Download
memory/3500-224-0x0000000000400000-0x000000000069A000-memory.dmp

Filesize
2.6MB

Download
memory/3500-223-0x0000000002A80000-0x0000000002D0D000-memory.dmp

Filesize
2.6MB

Download
memory/3500-222-0x00000000027F0000-0x0000000002A74000-memory.dmp

Filesize
2.5MB

Download

Analysis

Sharing

Errors

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads