Key Takeaways Initial access was via a resume lure as part of a TA4557/FIN6 campaign. The threat actor abused LOLbins like ie4uinit.exe and msxsl.exe to run the more_eggs malware. Cobalt Strike and…| The DFIR Report
Reserves, commits, or changes the state of a region of pages in the virtual address space of the calling process. (VirtualAlloc)| learn.microsoft.com