Malware Analysis Report

2025-01-02 06:58

Sample ID 220613-y8mv2aaehn
Target Death.Stranding.Directors.Cut.v1.0.Plus.26.Trainer-FLiNG.zip
SHA256 b9b939533b5194e6f07816386b1301be35830be6a446bd81132faf5b66cf4b4e
Tags
r77
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

b9b939533b5194e6f07816386b1301be35830be6a446bd81132faf5b66cf4b4e

Threat Level: Known bad

The file Death.Stranding.Directors.Cut.v1.0.Plus.26.Trainer-FLiNG.zip was found to be: Known bad.

Malicious Activity Summary

r77

r77 rootkit payload

R77 family

Checks computer location settings

Drops file in Windows directory

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2022-06-13 20:27

Signatures

R77 family

r77

r77 rootkit payload

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2022-06-13 20:27

Reported

2022-06-13 20:28

Platform

win10-20220414-en

Max time kernel

56s

Max time network

59s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Roaming\ChangeUnitGenerationNeeded = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\LowRegistry\DOMStorage C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url5 = "https://twitter.com/" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = 010000002ede2979383c374e200e2b767bd4ab3756cd047bccfe973d5d1674a3abcbce2eb7b7e1c4a3cf6fcdf8f3e0b94243896e3521d6fac1221dc9d74a7c72b64ebfbd4ace343c0bac0abda6fed3a28e0b135b348b5efcd834f474df57 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\DetectPhoneNumberCompleted = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ReadingMode\SettingsVersion = "2" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = 01000000394dd63d19dbd11a636d2bff52022ad4c95f3cb35df34a0fae34fe94b27c3765a080c203e2e0ec202d7cbb2b10133fd6f466e36fe23687fce433 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\ClearBrowsingHistoryOnStart = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = 01000000580d3926bad60edd16c734de0d13fdbd98d96538ed8196f1f794b3abaf377f6f5bbb132455edfc42a922ab3ab01e62f8d75500a8532d2c1449332283647c256fdf8de2cc6d9533a9e3cbb2e39b43dd760187b7a50eb98e0f372fde95f3a9c577f2a561f6f66d0d46ebe1da0bc5211c1a748d171867c6db918ea77dba1960d86a782275ce5b175319b2848fe1ad584a74bc88e8e48ff446187fbdd4e6e63f721d412431bf4d32f43cc1d4abbca38831ad3799603ff2e35f0aad8fbee0ade75c3f3fcb01a3865db149f5f14aa91b5114f90ddea642993314e60b3fd1be60f995e2e1365b4a113ae6c788fb305f20536ea1d57819e00785b878aeeb5f38b913b68498876a4efb6730b3d212fb90392e9797ac87c31b1577902819b56ac756d7e6ae4edd9a36ca86470ebd5678715682ac9f492c3e9624aa7d52dfbb5296eae3b4221758eaee76364c8091e7a8cc7cef88020f85786c2bbeccaf341f2d4382d8fb9cd6174387bc16110da7e573ef7e1578d9d1b3ca61c2538ad5bcff0f6f2b57781dcb3cf14deec8e6d59170e75e909375ddfed6d75ec109aebd120e5548f3c76effb0904f15708f C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\FirstRecoveryTime = 6aa8dc891250d801 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = eafd5dce747fd801 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingDelete\C:\Users\Admin\AppData\Local\Packa = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-087602 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\MigrationTime = 6aa8dc891250d801 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\LowRegistry C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\PageSetup C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\EnableNegotiate = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 1bbe16ce747fd801 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscc_inventory\ExtensionI C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url4 = "https://login.live.com/" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\LowRegistry\DontShowMeThisDialogAgain C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\IEMigration\FlipAheadCompletedVersion = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url2 = "https://login.aliexpress.com/" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscc_inventory C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingDelete C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\LastClosedWidth = "800" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\UserStateMigration\ChromeMigration\AllComplete = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3578829114-180201921-3281645608-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe

"C:\Users\Admin\AppData\Local\Temp\Death Stranding Directors Cut v1.0 Plus 26 Trainer.exe"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

Network

Country Destination Domain Proto
US 8.8.8.8:53 flingtrainer.com udp
US 104.21.35.160:443 flingtrainer.com tcp
US 104.21.35.160:443 flingtrainer.com tcp
US 104.21.35.160:443 flingtrainer.com tcp
US 104.208.16.88:443 tcp

Files

memory/1492-119-0x000001EC24290000-0x000001EC242C2000-memory.dmp

memory/1492-120-0x000001EC3C7FA000-0x000001EC3C7FF000-memory.dmp

memory/1944-121-0x000002C17FE20000-0x000002C17FE30000-memory.dmp

memory/1944-122-0x000002C100000000-0x000002C100010000-memory.dmp

memory/1492-123-0x000001EC3C7FA000-0x000001EC3C7FF000-memory.dmp

memory/1492-125-0x000001EC3C7FA000-0x000001EC3C7FF000-memory.dmp