Overview
overview
10Static
static
10foo/0044d6...f7.exe
windows7_x64
1foo/0044d6...f7.exe
windows10_x64
1foo/034e4c...a9.exe
windows7_x64
4foo/034e4c...a9.exe
windows10_x64
4foo/035fa2...72.exe
windows7_x64
10foo/035fa2...72.exe
windows10_x64
10foo/04884a...1b.exe
windows7_x64
8foo/04884a...1b.exe
windows10_x64
8foo/06ed82...59.exe
windows7_x64
7foo/06ed82...59.exe
windows10_x64
7foo/07470b...68.exe
windows7_x64
8foo/07470b...68.exe
windows10_x64
8foo/078adb...c0.exe
windows7_x64
10foo/078adb...c0.exe
windows10_x64
10foo/09e5c8...b4.exe
windows7_x64
1foo/09e5c8...b4.exe
windows10_x64
1foo/0becfe...f4.exe
windows7_x64
10foo/0becfe...f4.exe
windows10_x64
10foo/1a78d3...a3.exe
windows7_x64
5foo/1a78d3...a3.exe
windows10_x64
5foo/1ffe82...a6.exe
windows7_x64
10foo/1ffe82...a6.exe
windows10_x64
10foo/255028...e1.dll
windows7_x64
1foo/255028...e1.dll
windows10_x64
1foo/27601d...cc.exe
windows7_x64
8foo/27601d...cc.exe
windows10_x64
8foo/27f911...49.exe
windows7_x64
10foo/27f911...49.exe
windows10_x64
10foo/28408c...c5.exe
windows7_x64
10foo/28408c...c5.exe
windows10_x64
10foo/296822...e4.dll
windows7_x64
3foo/296822...e4.dll
windows10_x64
3foo/2de7b8...a4.exe
windows7_x64
10foo/2de7b8...a4.exe
windows10_x64
10foo/2e00df...8b.exe
windows7_x64
9foo/2e00df...8b.exe
windows10_x64
9foo/2e90a1...22.exe
windows7_x64
6foo/2e90a1...22.exe
windows10_x64
6foo/2f215e...b0.dll
windows7_x64
10foo/2f215e...b0.dll
windows10_x64
10foo/30bc06...3e.exe
windows7_x64
10foo/30bc06...3e.exe
windows10_x64
10foo/312e67...f3.exe
windows7_x64
4foo/312e67...f3.exe
windows10_x64
4foo/383497...1b.exe
windows7_x64
10foo/383497...1b.exe
windows10_x64
10foo/39555e...ec.exe
windows7_x64
10foo/39555e...ec.exe
windows10_x64
10foo/39e531...04.exe
windows7_x64
10foo/39e531...04.exe
windows10_x64
10foo/3aba72...cd.exe
windows7_x64
1foo/3aba72...cd.exe
windows10_x64
1foo/406c9b...fe.exe
windows7_x64
10foo/406c9b...fe.exe
windows10_x64
10foo/457cfd...ca.exe
windows7_x64
7foo/457cfd...ca.exe
windows10_x64
7foo/4761e4...60.exe
windows7_x64
8foo/4761e4...60.exe
windows10_x64
8foo/487f1b...04.exe
windows7_x64
8foo/487f1b...04.exe
windows10_x64
7foo/4a74c9...cf.exe
windows7_x64
10foo/4a74c9...cf.exe
windows10_x64
10foo/4b2d78...4b.exe
windows7_x64
8foo/4b2d78...4b.exe
windows10_x64
8foo/4c49c2...ba.exe
windows7_x64
1foo/4c49c2...ba.exe
windows10_x64
1foo/4cfe8f...77.exe
windows7_x64
9foo/4cfe8f...77.exe
windows10_x64
9foo/4ea454...13.exe
windows7_x64
8foo/4ea454...13.exe
windows10_x64
8foo/52d6c5...7e.exe
windows7_x64
7foo/52d6c5...7e.exe
windows10_x64
7foo/55fc11...e0.exe
windows7_x64
foo/55fc11...e0.exe
windows10_x64
10foo/59f0fb...06.exe
windows7_x64
1foo/59f0fb...06.exe
windows10_x64
1foo/5b1c0d...cb.exe
windows7_x64
1foo/5b1c0d...cb.exe
windows10_x64
1foo/5bc72a...ea.exe
windows7_x64
8foo/5bc72a...ea.exe
windows10_x64
8foo/5d3305...2a.exe
windows7_x64
7foo/5d3305...2a.exe
windows10_x64
7foo/5d9775...39.exe
windows7_x64
8foo/5d9775...39.exe
windows10_x64
8foo/60121e...3e.exe
windows7_x64
9foo/60121e...3e.exe
windows10_x64
9foo/62565a...fd.exe
windows7_x64
10foo/62565a...fd.exe
windows10_x64
10foo/62a3fd...64.exe
windows7_x64
8foo/62a3fd...64.exe
windows10_x64
10foo/63e9ce...d0.exe
windows7_x64
8foo/63e9ce...d0.exe
windows10_x64
8foo/6497ba...c5.exe
windows7_x64
10foo/6497ba...c5.exe
windows10_x64
10foo/698cc8...31.exe
windows7_x64
7foo/698cc8...31.exe
windows10_x64
7foo/6f2c5c...d5.exe
windows7_x64
7foo/6f2c5c...d5.exe
windows10_x64
7foo/798f5e...ba.exe
windows7_x64
10foo/798f5e...ba.exe
windows10_x64
10foo/7aec86...51.exe
windows7_x64
1foo/7aec86...51.exe
windows10_x64
1foo/84bf6e...64.exe
windows7_x64
8foo/84bf6e...64.exe
windows10_x64
8foo/907b7d...b3.exe
windows7_x64
8foo/907b7d...b3.exe
windows10_x64
8foo/928f1d...ee.exe
windows7_x64
1foo/928f1d...ee.exe
windows10_x64
1foo/9401b0...6c.exe
windows7_x64
1foo/9401b0...6c.exe
windows10_x64
1foo/97dd87...84.exe
windows7_x64
10foo/97dd87...84.exe
windows10_x64
10foo/9b8c48...a4.exe
windows7_x64
8foo/9b8c48...a4.exe
windows10_x64
8foo/9cde71...cd.exe
windows7_x64
6foo/9cde71...cd.exe
windows10_x64
6foo/9d3438...4b.exe
windows7_x64
8foo/9d3438...4b.exe
windows10_x64
1foo/9f8818...2d.exe
windows7_x64
8foo/9f8818...2d.exe
windows10_x64
3foo/a17bdc...cf.exe
windows7_x64
9foo/a17bdc...cf.exe
windows10_x64
9foo/a29811...46.exe
windows7_x64
10foo/a29811...46.exe
windows10_x64
10foo/aa3b51...52.exe
windows7_x64
10foo/aa3b51...52.exe
windows10_x64
10foo/acf0b7...c4.exe
windows7_x64
8foo/acf0b7...c4.exe
windows10_x64
8foo/aeca5c...f7.exe
windows7_x64
1foo/aeca5c...f7.exe
windows10_x64
1foo/b10714...f3.exe
windows7_x64
8foo/b10714...f3.exe
windows10_x64
8foo/b23652...9f.exe
windows7_x64
6foo/b23652...9f.exe
windows10_x64
6foo/b514b5...fc.exe
windows7_x64
1foo/b514b5...fc.exe
windows10_x64
1foo/b64196...23.exe
windows7_x64
7foo/b64196...23.exe
windows10_x64
7foo/b693df...60.exe
windows7_x64
7foo/b693df...60.exe
windows10_x64
7foo/b6e7c9...bc.exe
windows7_x64
10foo/b6e7c9...bc.exe
windows10_x64
10foo/b7d5f0...4a.exe
windows7_x64
10foo/b7d5f0...4a.exe
windows10_x64
10foo/ba2d46...29.exe
windows7_x64
1foo/ba2d46...29.exe
windows10_x64
1foo/bad78e...e5.exe
windows7_x64
9foo/bad78e...e5.exe
windows10_x64
9foo/bc6536...b9.exe
windows7_x64
10foo/bc6536...b9.exe
windows10_x64
10foo/be85e0...2c.exe
windows7_x64
1foo/be85e0...2c.exe
windows10_x64
1foo/c914b1...ee.exe
windows7_x64
3foo/c914b1...ee.exe
windows10_x64
3foo/c944ea...cc.exe
windows7_x64
8foo/c944ea...cc.exe
windows10_x64
8foo/cad363...8b.exe
windows7_x64
6foo/cad363...8b.exe
windows10_x64
6foo/cd89b6...df.exe
windows7_x64
8foo/cd89b6...df.exe
windows10_x64
8foo/d81e76...c4.exe
windows7_x64
10foo/d81e76...c4.exe
windows10_x64
10foo/d86d2c...08.exe
windows7_x64
10foo/d86d2c...08.exe
windows10_x64
10foo/d8e37d...98.exe
windows7_x64
9foo/d8e37d...98.exe
windows10_x64
9foo/dea515...e1.exe
windows7_x64
10foo/dea515...e1.exe
windows10_x64
6foo/dfcc55...b8.exe
windows7_x64
7foo/dfcc55...b8.exe
windows10_x64
7foo/e03bd4...fe.exe
windows7_x64
8foo/e03bd4...fe.exe
windows10_x64
8foo/e16ec7...2d.exe
windows7_x64
8foo/e16ec7...2d.exe
windows10_x64
8foo/e61c0e...0e.exe
windows7_x64
7foo/e61c0e...0e.exe
windows10_x64
7foo/e78fad...51.exe
windows7_x64
8foo/e78fad...51.exe
windows10_x64
8foo/e7ad45...88.exe
windows7_x64
3foo/e7ad45...88.exe
windows10_x64
3foo/e95678...8f.exe
windows7_x64
1foo/e95678...8f.exe
windows10_x64
1foo/edf723...ee.dll
windows7_x64
1foo/edf723...ee.dll
windows10_x64
1foo/f2366f...f5.exe
windows7_x64
1foo/f2366f...f5.exe
windows10_x64
1foo/f645a9...1f.exe
windows7_x64
1foo/f645a9...1f.exe
windows10_x64
1foo/f65e75...56.exe
windows7_x64
1foo/f65e75...56.exe
windows10_x64
1foo/f66028...2b.exe
windows7_x64
8foo/f66028...2b.exe
windows10_x64
8foo/f6c1c7...89.exe
windows7_x64
10foo/f6c1c7...89.exe
windows10_x64
10foo/fbab90...7c.exe
windows7_x64
7foo/fbab90...7c.exe
windows10_x64
7foo/fcdc00...b3.exe
windows7_x64
8foo/fcdc00...b3.exe
windows10_x64
8foo/fffb61...ba.exe
windows7_x64
1foo/fffb61...ba.exe
windows10_x64
1Analysis
-
max time kernel
157s -
max time network
184s -
platform
windows10_x64 -
resource
win10v200722 -
submitted
11-08-2020 12:30
Static task
static1
Behavioral task
behavioral1
Sample
foo/0044d66e4abf7c4af6b5d207065320f7.exe
Resource
win7
windows7_x64
Behavioral task
behavioral2
Sample
foo/0044d66e4abf7c4af6b5d207065320f7.exe
Resource
win10v200722
windows10_x64
Behavioral task
behavioral3
Sample
foo/034e4c62965f8d5dd5d5a2ce34a53ba9.exe
Resource
win7
windows7_x64
Behavioral task
behavioral4
Sample
foo/034e4c62965f8d5dd5d5a2ce34a53ba9.exe
Resource
win10
windows10_x64
Behavioral task
behavioral5
Sample
foo/035fa2f2fae0a8fad733686a7d9ea772.exe
Resource
win7v200722
windows7_x64
Behavioral task
behavioral6
Sample
foo/035fa2f2fae0a8fad733686a7d9ea772.exe
Resource
win10
windows10_x64
Behavioral task
behavioral7
Sample
foo/04884a82d01d733f245d921e1f74fb1b.exe
Resource
win7v200722
windows7_x64
Behavioral task
behavioral8
Sample
foo/04884a82d01d733f245d921e1f74fb1b.exe
Resource
win10
windows10_x64
Behavioral task
behavioral9
Sample
foo/06ed82e88e1f68cc08602d7cd8ec5f59.exe
Resource
win7v200722
windows7_x64
Behavioral task
behavioral10
Sample
foo/06ed82e88e1f68cc08602d7cd8ec5f59.exe
Resource
win10
windows10_x64
Behavioral task
behavioral11
Sample
foo/07470b6ede84f02ec31ab0a601cdc068.exe
Resource
win7
windows7_x64
Behavioral task
behavioral12
Sample
foo/07470b6ede84f02ec31ab0a601cdc068.exe
Resource
win10v200722
windows10_x64
Behavioral task
behavioral13
Sample
foo/078adb95b1a0a6449d8c4ece796deac0.exe
Resource
win7
windows7_x64
Behavioral task
behavioral14
Sample
foo/078adb95b1a0a6449d8c4ece796deac0.exe
Resource
win10v200722
windows10_x64
Behavioral task
behavioral15
Sample
foo/09e5c88a0592763e0c4f30fb88d663b4.exe
Resource
win7v200722
windows7_x64
Behavioral task
behavioral16
Sample
foo/09e5c88a0592763e0c4f30fb88d663b4.exe
Resource
win10v200722
windows10_x64
Behavioral task
behavioral17
Sample
foo/0becfedf4d0b9ad5251aca33274a4cf4.exe
Resource
win7
windows7_x64
Behavioral task
behavioral18
Sample
foo/0becfedf4d0b9ad5251aca33274a4cf4.exe
Resource
win10
windows10_x64
Behavioral task
behavioral19
Sample
foo/1a78d313f2891bd468f78694814a28a3.exe
Resource
win7v200722
windows7_x64
Behavioral task
behavioral20
Sample
foo/1a78d313f2891bd468f78694814a28a3.exe
Resource
win10
windows10_x64
Behavioral task
behavioral21
Sample
foo/1ffe827beb75335731cb6f052a8ec3a6.exe
Resource
win7v200722
windows7_x64
Behavioral task
behavioral22
Sample
foo/1ffe827beb75335731cb6f052a8ec3a6.exe
Resource
win10v200722
windows10_x64
Behavioral task
behavioral23
Sample
foo/255028f2f37838e92f84f27c68aaf4e1.dll
Resource
win7v200722
windows7_x64
Behavioral task
behavioral24
Sample
foo/255028f2f37838e92f84f27c68aaf4e1.dll
Resource
win10
windows10_x64
Behavioral task
behavioral25
Sample
foo/27601d095e5b3761d9289584415a73cc.exe
Resource
win7
windows7_x64
Behavioral task
behavioral26
Sample
foo/27601d095e5b3761d9289584415a73cc.exe
Resource
win10v200722
windows10_x64
Behavioral task
behavioral27
Sample
foo/27f9116902c35a9b784c703762bbd249.exe
Resource
win7
windows7_x64
Behavioral task
behavioral28
Sample
foo/27f9116902c35a9b784c703762bbd249.exe
Resource
win10v200722
windows10_x64
Behavioral task
behavioral29
Sample
foo/28408caa2961caecd35c9f8f7c1aecc5.exe
Resource
win7
windows7_x64
Behavioral task
behavioral30
Sample
foo/28408caa2961caecd35c9f8f7c1aecc5.exe
Resource
win10v200722
windows10_x64
Behavioral task
behavioral31
Sample
foo/29682275a385f42634ee312db7f666e4.dll
Resource
win7
windows7_x64
Behavioral task
behavioral32
Sample
foo/29682275a385f42634ee312db7f666e4.dll
Resource
win10
windows10_x64
Behavioral task
behavioral33
Sample
foo/2de7b886ed3bf5455694d76ac69a96a4.exe
Resource
win7v200722
windows7_x64
Behavioral task
behavioral34
Sample
foo/2de7b886ed3bf5455694d76ac69a96a4.exe
Resource
win10v200722
windows10_x64
Behavioral task
behavioral35
Sample
foo/2e00df497f82c0bf215548969fefc18b.exe
Resource
win7v200722
windows7_x64
Behavioral task
behavioral36
Sample
foo/2e00df497f82c0bf215548969fefc18b.exe
Resource
win10v200722
windows10_x64
Behavioral task
behavioral37
Sample
foo/2e90a15707ad3eb4cd06bd8a05463922.exe
Resource
win7
windows7_x64
Behavioral task
behavioral38
Sample
foo/2e90a15707ad3eb4cd06bd8a05463922.exe
Resource
win10
windows10_x64
Behavioral task
behavioral39
Sample
foo/2f215e008c6a7d8886c578e442b8f1b0.dll
Resource
win7
windows7_x64
Behavioral task
behavioral40
Sample
foo/2f215e008c6a7d8886c578e442b8f1b0.dll
Resource
win10
windows10_x64
Behavioral task
behavioral41
Sample
foo/30bc06d0add076dd6500fcdfbc12643e.exe
Resource
win7
windows7_x64
Behavioral task
behavioral42
Sample
foo/30bc06d0add076dd6500fcdfbc12643e.exe
Resource
win10
windows10_x64
Behavioral task
behavioral43
Sample
foo/312e67dc35992949937d1bad6ba529f3.exe
Resource
win7
windows7_x64
Behavioral task
behavioral44
Sample
foo/312e67dc35992949937d1bad6ba529f3.exe
Resource
win10v200722
windows10_x64
Behavioral task
behavioral45
Sample
foo/383497fda5ca670a06dc688443c2011b.exe
Resource
win7
windows7_x64
Behavioral task
behavioral46
Sample
foo/383497fda5ca670a06dc688443c2011b.exe
Resource
win10v200722
windows10_x64
Behavioral task
behavioral47
Sample
foo/39555eb0403a69906729713ad20888ec.exe
Resource
win7
windows7_x64
Behavioral task
behavioral48
Sample
foo/39555eb0403a69906729713ad20888ec.exe
Resource
win10v200722
windows10_x64
Behavioral task
behavioral49
Sample
foo/39e5310f67f0b1bf98604a2e0edb9204.exe
Resource
win7v200722
windows7_x64
Behavioral task
behavioral50
Sample
foo/39e5310f67f0b1bf98604a2e0edb9204.exe
Resource
win10v200722
windows10_x64
Behavioral task
behavioral51
Sample
foo/3aba72d1f87f4372162972b6a45ed8cd.exe
Resource
win7v200722
windows7_x64
Behavioral task
behavioral52
Sample
foo/3aba72d1f87f4372162972b6a45ed8cd.exe
Resource
win10v200722
windows10_x64
Behavioral task
behavioral53
Sample
foo/406c9b9529109f835fe7292e6cf3fefe.exe
Resource
win7v200722
windows7_x64
Behavioral task
behavioral54
Sample
foo/406c9b9529109f835fe7292e6cf3fefe.exe
Resource
win10v200722
windows10_x64
Behavioral task
behavioral55
Sample
foo/457cfd3e7a53e7500f8206b3ea300aca.exe
Resource
win7v200722
windows7_x64
Behavioral task
behavioral56
Sample
foo/457cfd3e7a53e7500f8206b3ea300aca.exe
Resource
win10
windows10_x64
Behavioral task
behavioral57
Sample
foo/4761e4b165f62d326b9032d96329e460.exe
Resource
win7v200722
windows7_x64
Behavioral task
behavioral58
Sample
foo/4761e4b165f62d326b9032d96329e460.exe
Resource
win10
windows10_x64
Behavioral task
behavioral59
Sample
foo/487f1b1f30212eaa9104c084a667f104.exe
Resource
win7v200722
windows7_x64
Behavioral task
behavioral60
Sample
foo/487f1b1f30212eaa9104c084a667f104.exe
Resource
win10
windows10_x64
Behavioral task
behavioral61
Sample
foo/4a74c9f378007412ec2c8b2eea6da4cf.exe
Resource
win7
windows7_x64
Behavioral task
behavioral62
Sample
foo/4a74c9f378007412ec2c8b2eea6da4cf.exe
Resource
win10v200722
windows10_x64
Behavioral task
behavioral63
Sample
foo/4b2d7854b47943b118e24c6ec79b974b.exe
Resource
win7
windows7_x64
Behavioral task
behavioral64
Sample
foo/4b2d7854b47943b118e24c6ec79b974b.exe
Resource
win10
windows10_x64
Behavioral task
behavioral65
Sample
foo/4c49c2496ae538bcec9e1510f3eb8eba.exe
Resource
win7v200722
windows7_x64
Behavioral task
behavioral66
Sample
foo/4c49c2496ae538bcec9e1510f3eb8eba.exe
Resource
win10v200722
windows10_x64
Behavioral task
behavioral67
Sample
foo/4cfe8f3aa1592035b9a2cdb2c4f54c77.exe
Resource
win7v200722
windows7_x64
Behavioral task
behavioral68
Sample
foo/4cfe8f3aa1592035b9a2cdb2c4f54c77.exe
Resource
win10
windows10_x64
Behavioral task
behavioral69
Sample
foo/4ea45460c3e7c3d8486d3f7bec90c613.exe
Resource
win7
windows7_x64
Behavioral task
behavioral70
Sample
foo/4ea45460c3e7c3d8486d3f7bec90c613.exe
Resource
win10v200722
windows10_x64
Behavioral task
behavioral71
Sample
foo/52d6c59fcfe73048a240c7fdd1f04d7e.exe
Resource
win7
windows7_x64
Behavioral task
behavioral72
Sample
foo/52d6c59fcfe73048a240c7fdd1f04d7e.exe
Resource
win10v200722
windows10_x64
Behavioral task
behavioral73
Sample
foo/55fc11ec67a00177d047d5abc84231e0.exe
Resource
win7v200722
windows7_x64
Behavioral task
behavioral74
Sample
foo/55fc11ec67a00177d047d5abc84231e0.exe
Resource
win10
windows10_x64
Behavioral task
behavioral75
Sample
foo/59f0fbc29bace019804b8a181ce75a06.exe
Resource
win7v200722
windows7_x64
Behavioral task
behavioral76
Sample
foo/59f0fbc29bace019804b8a181ce75a06.exe
Resource
win10
windows10_x64
Behavioral task
behavioral77
Sample
foo/5b1c0df2be80006ec3af6a5eeea17ecb.exe
Resource
win7v200722
windows7_x64
Behavioral task
behavioral78
Sample
foo/5b1c0df2be80006ec3af6a5eeea17ecb.exe
Resource
win10
windows10_x64
Behavioral task
behavioral79
Sample
foo/5bc72a1ae433663758319d97917b77ea.exe
Resource
win7v200722
windows7_x64
Behavioral task
behavioral80
Sample
foo/5bc72a1ae433663758319d97917b77ea.exe
Resource
win10v200722
windows10_x64
Behavioral task
behavioral81
Sample
foo/5d33050f0514054c49f2bc2ff9abee2a.exe
Resource
win7
windows7_x64
Behavioral task
behavioral82
Sample
foo/5d33050f0514054c49f2bc2ff9abee2a.exe
Resource
win10
windows10_x64
Behavioral task
behavioral83
Sample
foo/5d9775622b5e7123d5796d4de5dc2839.exe
Resource
win7
windows7_x64
Behavioral task
behavioral84
Sample
foo/5d9775622b5e7123d5796d4de5dc2839.exe
Resource
win10
windows10_x64
Behavioral task
behavioral85
Sample
foo/60121ea2ab380455f7e143cd9438443e.exe
Resource
win7
windows7_x64
Behavioral task
behavioral86
Sample
foo/60121ea2ab380455f7e143cd9438443e.exe
Resource
win10
windows10_x64
Behavioral task
behavioral87
Sample
foo/62565a39c4a264e48e0678edad5d60fd.exe
Resource
win7
windows7_x64
Behavioral task
behavioral88
Sample
foo/62565a39c4a264e48e0678edad5d60fd.exe
Resource
win10v200722
windows10_x64
Behavioral task
behavioral89
Sample
foo/62a3fd9b4932e59a7192813c22617764.exe
Resource
win7v200722
windows7_x64
Behavioral task
behavioral90
Sample
foo/62a3fd9b4932e59a7192813c22617764.exe
Resource
win10
windows10_x64
Behavioral task
behavioral91
Sample
foo/63e9ce22dbf66934fd75c77bc84954d0.exe
Resource
win7
windows7_x64
Behavioral task
behavioral92
Sample
foo/63e9ce22dbf66934fd75c77bc84954d0.exe
Resource
win10
windows10_x64
Behavioral task
behavioral93
Sample
foo/6497ba06c339ec8ca438ddf0dd2f8fc5.exe
Resource
win7v200722
windows7_x64
Behavioral task
behavioral94
Sample
foo/6497ba06c339ec8ca438ddf0dd2f8fc5.exe
Resource
win10v200722
windows10_x64
Behavioral task
behavioral95
Sample
foo/698cc868cdae13a5cc744020ec00e331.exe
Resource
win7v200722
windows7_x64
Behavioral task
behavioral96
Sample
foo/698cc868cdae13a5cc744020ec00e331.exe
Resource
win10v200722
windows10_x64
Behavioral task
behavioral97
Sample
foo/6f2c5c31fefa00afa2af1adcbdd93ad5.exe
Resource
win7v200722
windows7_x64
Behavioral task
behavioral98
Sample
foo/6f2c5c31fefa00afa2af1adcbdd93ad5.exe
Resource
win10v200722
windows10_x64
Behavioral task
behavioral99
Sample
foo/798f5e61531f527821a490a15ef957ba.exe
Resource
win7v200722
windows7_x64
Behavioral task
behavioral100
Sample
foo/798f5e61531f527821a490a15ef957ba.exe
Resource
win10v200722
windows10_x64
Behavioral task
behavioral101
Sample
foo/7aec86c6c4cc35139b7874a0117e4451.exe
Resource
win7v200722
windows7_x64
Behavioral task
behavioral102
Sample
foo/7aec86c6c4cc35139b7874a0117e4451.exe
Resource
win10v200722
windows10_x64
Behavioral task
behavioral103
Sample
foo/84bf6e1a8fcd94cf6cba6ac7e2a95b64.exe
Resource
win7v200722
windows7_x64
Behavioral task
behavioral104
Sample
foo/84bf6e1a8fcd94cf6cba6ac7e2a95b64.exe
Resource
win10v200722
windows10_x64
Behavioral task
behavioral105
Sample
foo/907b7d9a23ed7821abb700fcbe1c9bb3.exe
Resource
win7v200722
windows7_x64
Behavioral task
behavioral106
Sample
foo/907b7d9a23ed7821abb700fcbe1c9bb3.exe
Resource
win10v200722
windows10_x64
Behavioral task
behavioral107
Sample
foo/928f1db0c63d122f0183686a3bdfccee.exe
Resource
win7v200722
windows7_x64
Behavioral task
behavioral108
Sample
foo/928f1db0c63d122f0183686a3bdfccee.exe
Resource
win10
windows10_x64
Behavioral task
behavioral109
Sample
foo/9401b0788dc22eeb1dace02d23a9596c.exe
Resource
win7
windows7_x64
Behavioral task
behavioral110
Sample
foo/9401b0788dc22eeb1dace02d23a9596c.exe
Resource
win10v200722
windows10_x64
Behavioral task
behavioral111
Sample
foo/97dd8726304f889ef12ef1beb510be84.exe
Resource
win7
windows7_x64
Behavioral task
behavioral112
Sample
foo/97dd8726304f889ef12ef1beb510be84.exe
Resource
win10v200722
windows10_x64
Behavioral task
behavioral113
Sample
foo/9b8c48e6186718b7b290ceed9369a1a4.exe
Resource
win7v200722
windows7_x64
Behavioral task
behavioral114
Sample
foo/9b8c48e6186718b7b290ceed9369a1a4.exe
Resource
win10
windows10_x64
Behavioral task
behavioral115
Sample
foo/9cde71abfd2a6aeb83cdd233cbc04fcd.exe
Resource
win7v200722
windows7_x64
Behavioral task
behavioral116
Sample
foo/9cde71abfd2a6aeb83cdd233cbc04fcd.exe
Resource
win10
windows10_x64
Behavioral task
behavioral117
Sample
foo/9d3438ba1dbdbcc2a65451893e38004b.exe
Resource
win7
windows7_x64
Behavioral task
behavioral118
Sample
foo/9d3438ba1dbdbcc2a65451893e38004b.exe
Resource
win10
windows10_x64
Behavioral task
behavioral119
Sample
foo/9f88187d774cc9eaf89dc65479c4302d.exe
Resource
win7
windows7_x64
Behavioral task
behavioral120
Sample
foo/9f88187d774cc9eaf89dc65479c4302d.exe
Resource
win10
windows10_x64
Behavioral task
behavioral121
Sample
foo/a17bdcde184026e23ae6dc8723f73fcf.exe
Resource
win7v200722
windows7_x64
Behavioral task
behavioral122
Sample
foo/a17bdcde184026e23ae6dc8723f73fcf.exe
Resource
win10v200722
windows10_x64
Behavioral task
behavioral123
Sample
foo/a2981192a30538e97b55f363abbce946.exe
Resource
win7
windows7_x64
Behavioral task
behavioral124
Sample
foo/a2981192a30538e97b55f363abbce946.exe
Resource
win10
windows10_x64
Behavioral task
behavioral125
Sample
foo/aa3b51bd50bcc98f763cffcf7f907152.exe
Resource
win7
windows7_x64
Behavioral task
behavioral126
Sample
foo/aa3b51bd50bcc98f763cffcf7f907152.exe
Resource
win10
windows10_x64
Behavioral task
behavioral127
Sample
foo/acf0b7f4fe980501192187bb9b8e20c4.exe
Resource
win7v200722
windows7_x64
Behavioral task
behavioral128
Sample
foo/acf0b7f4fe980501192187bb9b8e20c4.exe
Resource
win10
windows10_x64
Behavioral task
behavioral129
Sample
foo/aeca5c301d02253e8ffcc240c08f61f7.exe
Resource
win7v200722
windows7_x64
Behavioral task
behavioral130
Sample
foo/aeca5c301d02253e8ffcc240c08f61f7.exe
Resource
win10
windows10_x64
Behavioral task
behavioral131
Sample
foo/b1071426aa88f31339f1b369cf13cef3.exe
Resource
win7v200722
windows7_x64
Behavioral task
behavioral132
Sample
foo/b1071426aa88f31339f1b369cf13cef3.exe
Resource
win10v200722
windows10_x64
Behavioral task
behavioral133
Sample
foo/b2365260985173cc758575cd8059459f.exe
Resource
win7v200722
windows7_x64
Behavioral task
behavioral134
Sample
foo/b2365260985173cc758575cd8059459f.exe
Resource
win10
windows10_x64
Behavioral task
behavioral135
Sample
foo/b514b59324818c52140b431aeac96bfc.exe
Resource
win7v200722
windows7_x64
Behavioral task
behavioral136
Sample
foo/b514b59324818c52140b431aeac96bfc.exe
Resource
win10
windows10_x64
Behavioral task
behavioral137
Sample
foo/b641961018d09dfbd7fa9c15f09a7723.exe
Resource
win7
windows7_x64
Behavioral task
behavioral138
Sample
foo/b641961018d09dfbd7fa9c15f09a7723.exe
Resource
win10
windows10_x64
Behavioral task
behavioral139
Sample
foo/b693dfe99d2915616044eea2cfe18360.exe
Resource
win7
windows7_x64
Behavioral task
behavioral140
Sample
foo/b693dfe99d2915616044eea2cfe18360.exe
Resource
win10
windows10_x64
Behavioral task
behavioral141
Sample
foo/b6e7c9793cf40153bf8865195e06ecbc.exe
Resource
win7v200722
windows7_x64
Behavioral task
behavioral142
Sample
foo/b6e7c9793cf40153bf8865195e06ecbc.exe
Resource
win10v200722
windows10_x64
Behavioral task
behavioral143
Sample
foo/b7d5f0b9bf2e6e13c5b3ca1c2a0a8b4a.exe
Resource
win7
windows7_x64
Behavioral task
behavioral144
Sample
foo/b7d5f0b9bf2e6e13c5b3ca1c2a0a8b4a.exe
Resource
win10v200722
windows10_x64
Behavioral task
behavioral145
Sample
foo/ba2d460199eb2d9e9d6d0559bb455529.exe
Resource
win7
windows7_x64
Behavioral task
behavioral146
Sample
foo/ba2d460199eb2d9e9d6d0559bb455529.exe
Resource
win10v200722
windows10_x64
Behavioral task
behavioral147
Sample
foo/bad78e11371381ce9e1d703aac2821e5.exe
Resource
win7
windows7_x64
Behavioral task
behavioral148
Sample
foo/bad78e11371381ce9e1d703aac2821e5.exe
Resource
win10v200722
windows10_x64
Behavioral task
behavioral149
Sample
foo/bc6536b86b04cf5b3bf7cd353d615ab9.exe
Resource
win7v200722
windows7_x64
Behavioral task
behavioral150
Sample
foo/bc6536b86b04cf5b3bf7cd353d615ab9.exe
Resource
win10v200722
windows10_x64
Behavioral task
behavioral151
Sample
foo/be85e0b2608a55942aa101c66ce6c32c.exe
Resource
win7v200722
windows7_x64
Behavioral task
behavioral152
Sample
foo/be85e0b2608a55942aa101c66ce6c32c.exe
Resource
win10v200722
windows10_x64
Behavioral task
behavioral153
Sample
foo/c914b169d1388c5e78421045d05946ee.exe
Resource
win7v200722
windows7_x64
Behavioral task
behavioral154
Sample
foo/c914b169d1388c5e78421045d05946ee.exe
Resource
win10v200722
windows10_x64
Behavioral task
behavioral155
Sample
foo/c944eadb6e032fd9e7a0988464a6f1cc.exe
Resource
win7v200722
windows7_x64
Behavioral task
behavioral156
Sample
foo/c944eadb6e032fd9e7a0988464a6f1cc.exe
Resource
win10v200722
windows10_x64
Behavioral task
behavioral157
Sample
foo/cad3634df5d5058551bed38237ab8e8b.exe
Resource
win7
windows7_x64
Behavioral task
behavioral158
Sample
foo/cad3634df5d5058551bed38237ab8e8b.exe
Resource
win10v200722
windows10_x64
Behavioral task
behavioral159
Sample
foo/cd89b6c808c296cde0bc77ee630dc7df.exe
Resource
win7v200722
windows7_x64
Behavioral task
behavioral160
Sample
foo/cd89b6c808c296cde0bc77ee630dc7df.exe
Resource
win10v200722
windows10_x64
Behavioral task
behavioral161
Sample
foo/d81e76123ccb64b73eeac2f31a7434c4.exe
Resource
win7v200722
windows7_x64
Behavioral task
behavioral162
Sample
foo/d81e76123ccb64b73eeac2f31a7434c4.exe
Resource
win10
windows10_x64
Behavioral task
behavioral163
Sample
foo/d86d2cb12111422ad0b401afa523e308.exe
Resource
win7v200722
windows7_x64
Behavioral task
behavioral164
Sample
foo/d86d2cb12111422ad0b401afa523e308.exe
Resource
win10v200722
windows10_x64
Behavioral task
behavioral165
Sample
foo/d8e37dd7ca017370a0b54147a27a7498.exe
Resource
win7v200722
windows7_x64
Behavioral task
behavioral166
Sample
foo/d8e37dd7ca017370a0b54147a27a7498.exe
Resource
win10
windows10_x64
Behavioral task
behavioral167
Sample
foo/dea515c25081073ec2cee293b2991ee1.exe
Resource
win7v200722
windows7_x64
Behavioral task
behavioral168
Sample
foo/dea515c25081073ec2cee293b2991ee1.exe
Resource
win10v200722
windows10_x64
Behavioral task
behavioral169
Sample
foo/dfcc555a02bccc9c438b08555b5c2ab8.exe
Resource
win7
windows7_x64
Behavioral task
behavioral170
Sample
foo/dfcc555a02bccc9c438b08555b5c2ab8.exe
Resource
win10v200722
windows10_x64
Behavioral task
behavioral171
Sample
foo/e03bd458de4a107688236bdc4ddc3afe.exe
Resource
win7
windows7_x64
Behavioral task
behavioral172
Sample
foo/e03bd458de4a107688236bdc4ddc3afe.exe
Resource
win10v200722
windows10_x64
Behavioral task
behavioral173
Sample
foo/e16ec7bc29b68f66e90fdbfefe1d3a2d.exe
Resource
win7
windows7_x64
Behavioral task
behavioral174
Sample
foo/e16ec7bc29b68f66e90fdbfefe1d3a2d.exe
Resource
win10
windows10_x64
Behavioral task
behavioral175
Sample
foo/e61c0e180c2616fa81e6c4d581a9520e.exe
Resource
win7v200722
windows7_x64
Behavioral task
behavioral176
Sample
foo/e61c0e180c2616fa81e6c4d581a9520e.exe
Resource
win10v200722
windows10_x64
Behavioral task
behavioral177
Sample
foo/e78fad8a5d0ea89127ed36ed20bc9351.exe
Resource
win7
windows7_x64
Behavioral task
behavioral178
Sample
foo/e78fad8a5d0ea89127ed36ed20bc9351.exe
Resource
win10
windows10_x64
Behavioral task
behavioral179
Sample
foo/e7ad45164be5c3c7f9936e9b5fb28788.exe
Resource
win7
windows7_x64
Behavioral task
behavioral180
Sample
foo/e7ad45164be5c3c7f9936e9b5fb28788.exe
Resource
win10
windows10_x64
Behavioral task
behavioral181
Sample
foo/e95678212c7218c6e7944fca1631c88f.exe
Resource
win7
windows7_x64
Behavioral task
behavioral182
Sample
foo/e95678212c7218c6e7944fca1631c88f.exe
Resource
win10v200722
windows10_x64
Behavioral task
behavioral183
Sample
foo/edf723c8e404cd67041e7dfbbb1a6eee.dll
Resource
win7
windows7_x64
Behavioral task
behavioral184
Sample
foo/edf723c8e404cd67041e7dfbbb1a6eee.dll
Resource
win10
windows10_x64
Behavioral task
behavioral185
Sample
foo/f2366f48d3534bc8af573f2696dce4f5.exe
Resource
win7v200722
windows7_x64
Behavioral task
behavioral186
Sample
foo/f2366f48d3534bc8af573f2696dce4f5.exe
Resource
win10
windows10_x64
Behavioral task
behavioral187
Sample
foo/f645a94491240317caccd6f8508fba1f.exe
Resource
win7v200722
windows7_x64
Behavioral task
behavioral188
Sample
foo/f645a94491240317caccd6f8508fba1f.exe
Resource
win10
windows10_x64
Behavioral task
behavioral189
Sample
foo/f65e75d9675a50f9b4807e79dcc48d56.exe
Resource
win7v200722
windows7_x64
Behavioral task
behavioral190
Sample
foo/f65e75d9675a50f9b4807e79dcc48d56.exe
Resource
win10
windows10_x64
Behavioral task
behavioral191
Sample
foo/f660284cb3574213a512e3f03ca9012b.exe
Resource
win7
windows7_x64
Behavioral task
behavioral192
Sample
foo/f660284cb3574213a512e3f03ca9012b.exe
Resource
win10
windows10_x64
Behavioral task
behavioral193
Sample
foo/f6c1c72f3e45d2f3499b6bd6661b3289.exe
Resource
win7
windows7_x64
Behavioral task
behavioral194
Sample
foo/f6c1c72f3e45d2f3499b6bd6661b3289.exe
Resource
win10
windows10_x64
Behavioral task
behavioral195
Sample
foo/fbab903080d6a4e65a1a2f6bc4d97b7c.exe
Resource
win7
windows7_x64
Behavioral task
behavioral196
Sample
foo/fbab903080d6a4e65a1a2f6bc4d97b7c.exe
Resource
win10
windows10_x64
Behavioral task
behavioral197
Sample
foo/fcdc003a1529fe3660b160fd012173b3.exe
Resource
win7v200722
windows7_x64
Behavioral task
behavioral198
Sample
foo/fcdc003a1529fe3660b160fd012173b3.exe
Resource
win10
windows10_x64
Behavioral task
behavioral199
Sample
foo/fffb61eaaac6e8a40bfaa7a4acb6b9ba.exe
Resource
win7
windows7_x64
Behavioral task
behavioral200
Sample
foo/fffb61eaaac6e8a40bfaa7a4acb6b9ba.exe
Resource
win10v200722
windows10_x64
General
-
Target
foo/84bf6e1a8fcd94cf6cba6ac7e2a95b64.exe
Malware Config
Signatures
-
Executes dropped EXE 4 IoCs
pid Process 3920 setup_antivirus_license.exe 2976 setup.exe 3164 setup.tmp 2972 Upgrade.exe -
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Control Panel\International\Geo\Nation 84bf6e1a8fcd94cf6cba6ac7e2a95b64.exe Key value queried \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Control Panel\International\Geo\Nation Upgrade.exe -
Loads dropped DLL 2 IoCs
pid Process 3164 setup.tmp 3164 setup.tmp -
Drops file in Windows directory 1 IoCs
description ioc Process File opened for modification C:\Windows\Debug\ESE.TXT MicrosoftEdge.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Checks SCSI registry key(s) 3 TTPs 4 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\000A MicrosoftEdgeCP.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\000A MicrosoftEdgeCP.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000 MicrosoftEdgeCP.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000 MicrosoftEdgeCP.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS MicrosoftEdgeCP.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer MicrosoftEdgeCP.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName MicrosoftEdgeCP.exe -
Modifies Control Panel 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Control Panel\Colors MicrosoftEdge.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main browser_broker.exe Key created \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000\Software\Microsoft\Internet Explorer\Main MicrosoftEdge.exe -
Modifies registry class 64 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ReadingMode\SettingsVersion = "2" MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 243a72c3ec6fd601 MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CRLs MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\Favorites\Order = 0c0000000a000000000000000c0000000100000000000000 MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration\AllComplete = "1" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\lendabit.com\ = "87" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "190" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "431" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\youtube.com\ = "0" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\youtube.com\NumberOfSubdomain = "1" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.youtube.com\ = "0" MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$MediaWiki MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total MicrosoftEdgeCP.exe Set value (data) \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 0000000000000000 MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "1048" MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\Certificates MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "354" MicrosoftEdgeCP.exe Set value (data) \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration\MigrationTime = f84f865c2260d601 MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\LowRegistry\DOMStorage MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\lendabit.com\ = "32" MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\lendabit.com\Total = "431" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\lendabit.com\Total = "213" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\lendabit.com\ = "1006" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "268435456" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CTLs MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscc_inventory\ExtensionI MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\FirstRecoveryTime = f84f865c2260d601 MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\lendabit.com\Total = "190" MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\New Windows\AllowInPrivate MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "465" MicrosoftEdgeCP.exe Set value (data) \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing MicrosoftEdgeCP.exe Set value (data) \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000 MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\ChromeMigration\AllComplete = "1" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration\DatabaseComplete = "1" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\EdgeMigration\ManagerHistoryComplete = "1" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-087602 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\Certificates MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\lendabit.com\Total = "1006" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.youtube.com\ = "0" MicrosoftEdgeCP.exe Set value (str) \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CacheLimit = "1" MicrosoftEdgeCP.exe Set value (data) \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Telligent MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\CTLs MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\Certificates MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData\Md5FileCheck = 9fa75725855604a758366c6a1d9f0311 MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\ChromeMigration MicrosoftEdge.exe Set value (str) \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url2 = "https://login.aliexpress.com/" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1400429095-533421673-2598934218-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory MicrosoftEdge.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 3164 setup.tmp 3164 setup.tmp -
Suspicious behavior: MapViewOfSection 4 IoCs
pid Process 2584 MicrosoftEdgeCP.exe 2584 MicrosoftEdgeCP.exe 2584 MicrosoftEdgeCP.exe 2584 MicrosoftEdgeCP.exe -
Suspicious use of AdjustPrivilegeToken 31 IoCs
description pid Process Token: SeDebugPrivilege 2344 MicrosoftEdge.exe Token: SeDebugPrivilege 2344 MicrosoftEdge.exe Token: SeDebugPrivilege 2344 MicrosoftEdge.exe Token: SeDebugPrivilege 2344 MicrosoftEdge.exe Token: SeDebugPrivilege 2384 MicrosoftEdgeCP.exe Token: SeDebugPrivilege 1368 MicrosoftEdgeCP.exe Token: SeDebugPrivilege 2384 MicrosoftEdgeCP.exe Token: SeDebugPrivilege 1368 MicrosoftEdgeCP.exe Token: SeDebugPrivilege 2384 MicrosoftEdgeCP.exe Token: SeDebugPrivilege 4720 MicrosoftEdgeCP.exe Token: SeDebugPrivilege 4720 MicrosoftEdgeCP.exe Token: SeShutdownPrivilege 2384 MicrosoftEdgeCP.exe Token: SeCreatePagefilePrivilege 2384 MicrosoftEdgeCP.exe Token: SeShutdownPrivilege 2384 MicrosoftEdgeCP.exe Token: SeCreatePagefilePrivilege 2384 MicrosoftEdgeCP.exe Token: SeShutdownPrivilege 2384 MicrosoftEdgeCP.exe Token: SeCreatePagefilePrivilege 2384 MicrosoftEdgeCP.exe Token: SeShutdownPrivilege 2384 MicrosoftEdgeCP.exe Token: SeCreatePagefilePrivilege 2384 MicrosoftEdgeCP.exe Token: SeShutdownPrivilege 2384 MicrosoftEdgeCP.exe Token: SeCreatePagefilePrivilege 2384 MicrosoftEdgeCP.exe Token: SeShutdownPrivilege 2384 MicrosoftEdgeCP.exe Token: SeCreatePagefilePrivilege 2384 MicrosoftEdgeCP.exe Token: SeShutdownPrivilege 2384 MicrosoftEdgeCP.exe Token: SeCreatePagefilePrivilege 2384 MicrosoftEdgeCP.exe Token: SeShutdownPrivilege 2384 MicrosoftEdgeCP.exe Token: SeCreatePagefilePrivilege 2384 MicrosoftEdgeCP.exe Token: SeShutdownPrivilege 2384 MicrosoftEdgeCP.exe Token: SeCreatePagefilePrivilege 2384 MicrosoftEdgeCP.exe Token: SeShutdownPrivilege 2384 MicrosoftEdgeCP.exe Token: SeCreatePagefilePrivilege 2384 MicrosoftEdgeCP.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 3164 setup.tmp -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2344 MicrosoftEdge.exe 2584 MicrosoftEdgeCP.exe 2584 MicrosoftEdgeCP.exe -
Suspicious use of WriteProcessMemory 37 IoCs
description pid Process procid_target PID 828 wrote to memory of 3920 828 84bf6e1a8fcd94cf6cba6ac7e2a95b64.exe 69 PID 828 wrote to memory of 3920 828 84bf6e1a8fcd94cf6cba6ac7e2a95b64.exe 69 PID 828 wrote to memory of 3920 828 84bf6e1a8fcd94cf6cba6ac7e2a95b64.exe 69 PID 3920 wrote to memory of 2976 3920 setup_antivirus_license.exe 71 PID 3920 wrote to memory of 2976 3920 setup_antivirus_license.exe 71 PID 3920 wrote to memory of 2976 3920 setup_antivirus_license.exe 71 PID 2976 wrote to memory of 3164 2976 setup.exe 72 PID 2976 wrote to memory of 3164 2976 setup.exe 72 PID 2976 wrote to memory of 3164 2976 setup.exe 72 PID 3164 wrote to memory of 2972 3164 setup.tmp 76 PID 3164 wrote to memory of 2972 3164 setup.tmp 76 PID 3164 wrote to memory of 2972 3164 setup.tmp 76 PID 2584 wrote to memory of 2384 2584 MicrosoftEdgeCP.exe 84 PID 2584 wrote to memory of 2384 2584 MicrosoftEdgeCP.exe 84 PID 2584 wrote to memory of 2384 2584 MicrosoftEdgeCP.exe 84 PID 2584 wrote to memory of 1368 2584 MicrosoftEdgeCP.exe 83 PID 2584 wrote to memory of 1368 2584 MicrosoftEdgeCP.exe 83 PID 2584 wrote to memory of 1368 2584 MicrosoftEdgeCP.exe 83 PID 2584 wrote to memory of 1368 2584 MicrosoftEdgeCP.exe 83 PID 2584 wrote to memory of 1368 2584 MicrosoftEdgeCP.exe 83 PID 2584 wrote to memory of 1368 2584 MicrosoftEdgeCP.exe 83 PID 2584 wrote to memory of 1368 2584 MicrosoftEdgeCP.exe 83 PID 2584 wrote to memory of 2384 2584 MicrosoftEdgeCP.exe 84 PID 2584 wrote to memory of 2384 2584 MicrosoftEdgeCP.exe 84 PID 2584 wrote to memory of 2384 2584 MicrosoftEdgeCP.exe 84 PID 2584 wrote to memory of 2384 2584 MicrosoftEdgeCP.exe 84 PID 2584 wrote to memory of 2384 2584 MicrosoftEdgeCP.exe 84 PID 2584 wrote to memory of 2384 2584 MicrosoftEdgeCP.exe 84 PID 2584 wrote to memory of 2384 2584 MicrosoftEdgeCP.exe 84 PID 2584 wrote to memory of 2384 2584 MicrosoftEdgeCP.exe 84 PID 2584 wrote to memory of 2384 2584 MicrosoftEdgeCP.exe 84 PID 2584 wrote to memory of 2384 2584 MicrosoftEdgeCP.exe 84 PID 2584 wrote to memory of 2384 2584 MicrosoftEdgeCP.exe 84 PID 2584 wrote to memory of 2384 2584 MicrosoftEdgeCP.exe 84 PID 2584 wrote to memory of 2384 2584 MicrosoftEdgeCP.exe 84 PID 2584 wrote to memory of 2384 2584 MicrosoftEdgeCP.exe 84 PID 2584 wrote to memory of 2384 2584 MicrosoftEdgeCP.exe 84
Processes
-
C:\Users\Admin\AppData\Local\Temp\foo\84bf6e1a8fcd94cf6cba6ac7e2a95b64.exe"C:\Users\Admin\AppData\Local\Temp\foo\84bf6e1a8fcd94cf6cba6ac7e2a95b64.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:828 -
C:\Users\Admin\AppData\Local\Temp\RarSFX0\setup_antivirus_license.exe"C:\Users\Admin\AppData\Local\Temp\RarSFX0\setup_antivirus_license.exe"2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3920 -
C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\setup.exe"C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\setup.exe" /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP-3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2976 -
C:\Users\Admin\AppData\Local\Temp\is-D1QTM.tmp\setup.tmp"C:\Users\Admin\AppData\Local\Temp\is-D1QTM.tmp\setup.tmp" /SL5="$301C4,138489,56832,C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\setup.exe" /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP-4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3164 -
C:\Users\Admin\AppData\Local\Temp\is-777C9.tmp\Upgrade.exe"C:\Users\Admin\AppData\Local\Temp\is-777C9.tmp\Upgrade.exe"5⤵
- Executes dropped EXE
- Checks computer location settings
PID:2972
-
-
-
-
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca1⤵
- Drops file in Windows directory
- Modifies Control Panel
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2344
-
C:\Windows\system32\browser_broker.exeC:\Windows\system32\browser_broker.exe -Embedding1⤵
- Modifies Internet Explorer settings
PID:2856
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2584
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:1368
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:2384
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:4720
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
PID:5016
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
PID:5104