Resubmissions
18-11-2022 14:52
221118-r85mhshf55 108-11-2022 14:30
221108-rvcpkscaa3 807-11-2022 15:52
221107-tbh4csefh4 807-11-2022 10:35
221107-mm5m6secgn 106-11-2022 13:08
221106-qdjk5aehgj 905-11-2022 20:23
221105-y589vsbhcj 805-11-2022 16:11
221105-tm8s6aaggj 1005-11-2022 07:34
221105-jd7jmaggal 804-11-2022 20:40
221104-zgabascfgq 8Analysis
-
max time kernel
585s -
max time network
628s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
07-11-2022 15:52
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://github.com
Resource
win10v2004-20220901-en
General
-
Target
https://github.com
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
ChromeRecovery.exepid process 2932 ChromeRecovery.exe -
Adds Run key to start application 2 TTPs 4 IoCs
Processes:
msedge.exemsedge.exemsedge.exemsedge.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Windows\CurrentVersion\Run msedge.exe Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Windows\CurrentVersion\Run msedge.exe Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Windows\CurrentVersion\Run msedge.exe Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Windows\CurrentVersion\Run msedge.exe -
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
Processes:
MEMZ.exedescription ioc process File opened for modification \??\PhysicalDrive0 MEMZ.exe -
Drops file in Program Files directory 9 IoCs
Processes:
elevation_service.exesetup.exedescription ioc process File created C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir1444_940425717\ChromeRecovery.exe elevation_service.exe File opened for modification C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir1444_940425717\ChromeRecovery.exe elevation_service.exe File opened for modification C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir1444_940425717\manifest.json elevation_service.exe File created C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir1444_940425717\ChromeRecoveryCRX.crx elevation_service.exe File created C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir1444_940425717\_metadata\verified_contents.json elevation_service.exe File opened for modification C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir1444_940425717\_metadata\verified_contents.json elevation_service.exe File created C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\f74a6636-0fd2-46b5-ae9e-5e9dcf6b6cc4.tmp setup.exe File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20221107160032.pma setup.exe File created C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir1444_940425717\manifest.json elevation_service.exe -
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
Processes:
taskmgr.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName taskmgr.exe -
Checks processor information in registry 2 TTPs 10 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
firefox.exefirefox.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe -
Enumerates system info in registry 2 TTPs 15 IoCs
Processes:
chrome.exemsedge.exemsedge.exemsedge.exemsedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 4 IoCs
Processes:
calc.exefirefox.exefirefox.exemsedge.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings calc.exe Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings firefox.exe Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings firefox.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe -
NTFS ADS 2 IoCs
Processes:
firefox.exefirefox.exedescription ioc process File created C:\Users\Admin\AppData\Local\Temp\MEMZ-master.zip:Zone.Identifier firefox.exe File created C:\Users\Admin\Downloads\MEMZ-master.zip:Zone.Identifier firefox.exe -
Runs regedit.exe 1 IoCs
Processes:
regedit.exepid process 5104 regedit.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
chrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exepid process 2892 chrome.exe 2892 chrome.exe 3368 chrome.exe 3368 chrome.exe 2244 chrome.exe 2244 chrome.exe 3908 chrome.exe 3908 chrome.exe 3884 chrome.exe 3884 chrome.exe 4060 chrome.exe 4060 chrome.exe 4104 chrome.exe 4104 chrome.exe 3392 chrome.exe 3392 chrome.exe 2232 chrome.exe 2232 chrome.exe 2232 chrome.exe 2232 chrome.exe 1684 MEMZ.exe 1684 MEMZ.exe 1948 MEMZ.exe 3160 MEMZ.exe 1948 MEMZ.exe 3160 MEMZ.exe 1684 MEMZ.exe 1684 MEMZ.exe 1948 MEMZ.exe 3160 MEMZ.exe 1948 MEMZ.exe 3160 MEMZ.exe 3160 MEMZ.exe 3160 MEMZ.exe 2076 MEMZ.exe 1684 MEMZ.exe 2076 MEMZ.exe 1684 MEMZ.exe 2228 MEMZ.exe 2228 MEMZ.exe 1948 MEMZ.exe 1948 MEMZ.exe 3160 MEMZ.exe 2076 MEMZ.exe 2076 MEMZ.exe 3160 MEMZ.exe 1684 MEMZ.exe 1684 MEMZ.exe 1948 MEMZ.exe 1948 MEMZ.exe 2228 MEMZ.exe 2228 MEMZ.exe 3160 MEMZ.exe 2076 MEMZ.exe 2076 MEMZ.exe 3160 MEMZ.exe 1684 MEMZ.exe 1684 MEMZ.exe 2228 MEMZ.exe 1948 MEMZ.exe 1948 MEMZ.exe 2228 MEMZ.exe 1684 MEMZ.exe 1684 MEMZ.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
regedit.exepid process 5104 regedit.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 36 IoCs
Processes:
chrome.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exepid process 3368 chrome.exe 3368 chrome.exe 3368 chrome.exe 3368 chrome.exe 3368 chrome.exe 3368 chrome.exe 3368 chrome.exe 3368 chrome.exe 3368 chrome.exe 3368 chrome.exe 3368 chrome.exe 3424 msedge.exe 3424 msedge.exe 3424 msedge.exe 3424 msedge.exe 3424 msedge.exe 3424 msedge.exe 3424 msedge.exe 5880 msedge.exe 5880 msedge.exe 5880 msedge.exe 5880 msedge.exe 5880 msedge.exe 5796 msedge.exe 5796 msedge.exe 5796 msedge.exe 5796 msedge.exe 5796 msedge.exe 5796 msedge.exe 5796 msedge.exe 3596 msedge.exe 3596 msedge.exe 3596 msedge.exe 3596 msedge.exe 3596 msedge.exe 3596 msedge.exe -
Suspicious use of AdjustPrivilegeToken 15 IoCs
Processes:
svchost.exefirefox.exefirefox.exetaskmgr.exeAUDIODG.EXEdescription pid process Token: SeManageVolumePrivilege 3740 svchost.exe Token: SeDebugPrivilege 5096 firefox.exe Token: SeDebugPrivilege 5096 firefox.exe Token: SeDebugPrivilege 5096 firefox.exe Token: SeDebugPrivilege 4216 firefox.exe Token: SeDebugPrivilege 4216 firefox.exe Token: SeDebugPrivilege 4216 firefox.exe Token: SeDebugPrivilege 4216 firefox.exe Token: SeDebugPrivilege 4216 firefox.exe Token: SeDebugPrivilege 3752 taskmgr.exe Token: SeSystemProfilePrivilege 3752 taskmgr.exe Token: SeCreateGlobalPrivilege 3752 taskmgr.exe Token: 33 428 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 428 AUDIODG.EXE Token: SeDebugPrivilege 4216 firefox.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
chrome.exefirefox.exefirefox.exemsedge.exemsedge.exetaskmgr.exepid process 3368 chrome.exe 3368 chrome.exe 3368 chrome.exe 3368 chrome.exe 3368 chrome.exe 3368 chrome.exe 3368 chrome.exe 3368 chrome.exe 3368 chrome.exe 3368 chrome.exe 3368 chrome.exe 3368 chrome.exe 3368 chrome.exe 3368 chrome.exe 3368 chrome.exe 3368 chrome.exe 3368 chrome.exe 3368 chrome.exe 3368 chrome.exe 3368 chrome.exe 3368 chrome.exe 3368 chrome.exe 3368 chrome.exe 3368 chrome.exe 3368 chrome.exe 3368 chrome.exe 3368 chrome.exe 5096 firefox.exe 5096 firefox.exe 5096 firefox.exe 5096 firefox.exe 4216 firefox.exe 4216 firefox.exe 4216 firefox.exe 4216 firefox.exe 4216 firefox.exe 3424 msedge.exe 3424 msedge.exe 3424 msedge.exe 5880 msedge.exe 5880 msedge.exe 3752 taskmgr.exe 3752 taskmgr.exe 3752 taskmgr.exe 3752 taskmgr.exe 3752 taskmgr.exe 3752 taskmgr.exe 3752 taskmgr.exe 3752 taskmgr.exe 3752 taskmgr.exe 3752 taskmgr.exe 3752 taskmgr.exe 3752 taskmgr.exe 3752 taskmgr.exe 3752 taskmgr.exe 3752 taskmgr.exe 3752 taskmgr.exe 3752 taskmgr.exe 3752 taskmgr.exe 3752 taskmgr.exe 3752 taskmgr.exe 3752 taskmgr.exe 3752 taskmgr.exe 3752 taskmgr.exe -
Suspicious use of SendNotifyMessage 64 IoCs
Processes:
chrome.exefirefox.exefirefox.exetaskmgr.exepid process 3368 chrome.exe 3368 chrome.exe 3368 chrome.exe 3368 chrome.exe 3368 chrome.exe 3368 chrome.exe 3368 chrome.exe 3368 chrome.exe 3368 chrome.exe 3368 chrome.exe 3368 chrome.exe 3368 chrome.exe 3368 chrome.exe 3368 chrome.exe 3368 chrome.exe 3368 chrome.exe 3368 chrome.exe 3368 chrome.exe 3368 chrome.exe 3368 chrome.exe 3368 chrome.exe 3368 chrome.exe 3368 chrome.exe 3368 chrome.exe 5096 firefox.exe 5096 firefox.exe 5096 firefox.exe 4216 firefox.exe 4216 firefox.exe 4216 firefox.exe 4216 firefox.exe 3752 taskmgr.exe 3752 taskmgr.exe 3752 taskmgr.exe 3752 taskmgr.exe 3752 taskmgr.exe 3752 taskmgr.exe 3752 taskmgr.exe 3752 taskmgr.exe 3752 taskmgr.exe 3752 taskmgr.exe 3752 taskmgr.exe 3752 taskmgr.exe 3752 taskmgr.exe 3752 taskmgr.exe 3752 taskmgr.exe 3752 taskmgr.exe 3752 taskmgr.exe 3752 taskmgr.exe 3752 taskmgr.exe 3752 taskmgr.exe 3752 taskmgr.exe 3752 taskmgr.exe 3752 taskmgr.exe 3752 taskmgr.exe 3752 taskmgr.exe 3752 taskmgr.exe 3752 taskmgr.exe 3752 taskmgr.exe 3752 taskmgr.exe 3752 taskmgr.exe 3752 taskmgr.exe 3752 taskmgr.exe 3752 taskmgr.exe -
Suspicious use of SetWindowsHookEx 29 IoCs
Processes:
firefox.exefirefox.exeOpenWith.exeMEMZ.exepid process 5096 firefox.exe 5096 firefox.exe 5096 firefox.exe 5096 firefox.exe 5096 firefox.exe 5096 firefox.exe 5096 firefox.exe 5096 firefox.exe 5096 firefox.exe 5096 firefox.exe 4216 firefox.exe 4216 firefox.exe 4216 firefox.exe 4216 firefox.exe 4216 firefox.exe 4216 firefox.exe 4216 firefox.exe 4216 firefox.exe 4216 firefox.exe 4216 firefox.exe 4216 firefox.exe 4216 firefox.exe 4216 firefox.exe 4216 firefox.exe 4216 firefox.exe 4216 firefox.exe 5580 OpenWith.exe 4172 MEMZ.exe 4172 MEMZ.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 3368 wrote to memory of 5080 3368 chrome.exe chrome.exe PID 3368 wrote to memory of 5080 3368 chrome.exe chrome.exe PID 3368 wrote to memory of 4604 3368 chrome.exe chrome.exe PID 3368 wrote to memory of 4604 3368 chrome.exe chrome.exe PID 3368 wrote to memory of 4604 3368 chrome.exe chrome.exe PID 3368 wrote to memory of 4604 3368 chrome.exe chrome.exe PID 3368 wrote to memory of 4604 3368 chrome.exe chrome.exe PID 3368 wrote to memory of 4604 3368 chrome.exe chrome.exe PID 3368 wrote to memory of 4604 3368 chrome.exe chrome.exe PID 3368 wrote to memory of 4604 3368 chrome.exe chrome.exe PID 3368 wrote to memory of 4604 3368 chrome.exe chrome.exe PID 3368 wrote to memory of 4604 3368 chrome.exe chrome.exe PID 3368 wrote to memory of 4604 3368 chrome.exe chrome.exe PID 3368 wrote to memory of 4604 3368 chrome.exe chrome.exe PID 3368 wrote to memory of 4604 3368 chrome.exe chrome.exe PID 3368 wrote to memory of 4604 3368 chrome.exe chrome.exe PID 3368 wrote to memory of 4604 3368 chrome.exe chrome.exe PID 3368 wrote to memory of 4604 3368 chrome.exe chrome.exe PID 3368 wrote to memory of 4604 3368 chrome.exe chrome.exe PID 3368 wrote to memory of 4604 3368 chrome.exe chrome.exe PID 3368 wrote to memory of 4604 3368 chrome.exe chrome.exe PID 3368 wrote to memory of 4604 3368 chrome.exe chrome.exe PID 3368 wrote to memory of 4604 3368 chrome.exe chrome.exe PID 3368 wrote to memory of 4604 3368 chrome.exe chrome.exe PID 3368 wrote to memory of 4604 3368 chrome.exe chrome.exe PID 3368 wrote to memory of 4604 3368 chrome.exe chrome.exe PID 3368 wrote to memory of 4604 3368 chrome.exe chrome.exe PID 3368 wrote to memory of 4604 3368 chrome.exe chrome.exe PID 3368 wrote to memory of 4604 3368 chrome.exe chrome.exe PID 3368 wrote to memory of 4604 3368 chrome.exe chrome.exe PID 3368 wrote to memory of 4604 3368 chrome.exe chrome.exe PID 3368 wrote to memory of 4604 3368 chrome.exe chrome.exe PID 3368 wrote to memory of 4604 3368 chrome.exe chrome.exe PID 3368 wrote to memory of 4604 3368 chrome.exe chrome.exe PID 3368 wrote to memory of 4604 3368 chrome.exe chrome.exe PID 3368 wrote to memory of 4604 3368 chrome.exe chrome.exe PID 3368 wrote to memory of 4604 3368 chrome.exe chrome.exe PID 3368 wrote to memory of 4604 3368 chrome.exe chrome.exe PID 3368 wrote to memory of 4604 3368 chrome.exe chrome.exe PID 3368 wrote to memory of 4604 3368 chrome.exe chrome.exe PID 3368 wrote to memory of 4604 3368 chrome.exe chrome.exe PID 3368 wrote to memory of 4604 3368 chrome.exe chrome.exe PID 3368 wrote to memory of 2892 3368 chrome.exe chrome.exe PID 3368 wrote to memory of 2892 3368 chrome.exe chrome.exe PID 3368 wrote to memory of 3596 3368 chrome.exe chrome.exe PID 3368 wrote to memory of 3596 3368 chrome.exe chrome.exe PID 3368 wrote to memory of 3596 3368 chrome.exe chrome.exe PID 3368 wrote to memory of 3596 3368 chrome.exe chrome.exe PID 3368 wrote to memory of 3596 3368 chrome.exe chrome.exe PID 3368 wrote to memory of 3596 3368 chrome.exe chrome.exe PID 3368 wrote to memory of 3596 3368 chrome.exe chrome.exe PID 3368 wrote to memory of 3596 3368 chrome.exe chrome.exe PID 3368 wrote to memory of 3596 3368 chrome.exe chrome.exe PID 3368 wrote to memory of 3596 3368 chrome.exe chrome.exe PID 3368 wrote to memory of 3596 3368 chrome.exe chrome.exe PID 3368 wrote to memory of 3596 3368 chrome.exe chrome.exe PID 3368 wrote to memory of 3596 3368 chrome.exe chrome.exe PID 3368 wrote to memory of 3596 3368 chrome.exe chrome.exe PID 3368 wrote to memory of 3596 3368 chrome.exe chrome.exe PID 3368 wrote to memory of 3596 3368 chrome.exe chrome.exe PID 3368 wrote to memory of 3596 3368 chrome.exe chrome.exe PID 3368 wrote to memory of 3596 3368 chrome.exe chrome.exe PID 3368 wrote to memory of 3596 3368 chrome.exe chrome.exe PID 3368 wrote to memory of 3596 3368 chrome.exe chrome.exe
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" https://github.com1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc57644f50,0x7ffc57644f60,0x7ffc57644f702⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1692,8029795764383579387,3149043761314045935,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1712 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1692,8029795764383579387,3149043761314045935,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2032 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1692,8029795764383579387,3149043761314045935,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2280 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1692,8029795764383579387,3149043761314045935,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3052 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1692,8029795764383579387,3149043761314045935,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3092 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1692,8029795764383579387,3149043761314045935,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4312 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1692,8029795764383579387,3149043761314045935,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4640 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1692,8029795764383579387,3149043761314045935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4648 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1692,8029795764383579387,3149043761314045935,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4988 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1692,8029795764383579387,3149043761314045935,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5076 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1692,8029795764383579387,3149043761314045935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1692,8029795764383579387,3149043761314045935,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5016 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1692,8029795764383579387,3149043761314045935,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5024 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1692,8029795764383579387,3149043761314045935,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4368 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1692,8029795764383579387,3149043761314045935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1692,8029795764383579387,3149043761314045935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1692,8029795764383579387,3149043761314045935,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2564 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1692,8029795764383579387,3149043761314045935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4476 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1692,8029795764383579387,3149043761314045935,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3552 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1692,8029795764383579387,3149043761314045935,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2544 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1692,8029795764383579387,3149043761314045935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4528 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1692,8029795764383579387,3149043761314045935,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4324 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1692,8029795764383579387,3149043761314045935,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4872 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1692,8029795764383579387,3149043761314045935,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4856 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1692,8029795764383579387,3149043761314045935,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1032 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1692,8029795764383579387,3149043761314045935,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1144 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1692,8029795764383579387,3149043761314045935,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1692,8029795764383579387,3149043761314045935,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2584 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1692,8029795764383579387,3149043761314045935,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2492 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1692,8029795764383579387,3149043761314045935,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3104 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1692,8029795764383579387,3149043761314045935,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1692,8029795764383579387,3149043761314045935,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1180 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1692,8029795764383579387,3149043761314045935,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1692,8029795764383579387,3149043761314045935,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:12⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe"1⤵
- Drops file in Program Files directory
-
C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir1444_940425717\ChromeRecovery.exe"C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir1444_940425717\ChromeRecovery.exe" --appguid={8A69D345-D564-463c-AFF1-A69D9E530F96} --browser-version=89.0.4389.114 --sessionid={e541b65b-bed2-420d-b498-4c064276f068} --system2⤵
- Executes dropped EXE
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k UnistackSvcGroup1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5096.0.1896157462\1080006169" -parentBuildID 20200403170909 -prefsHandle 1708 -prefMapHandle 1700 -prefsLen 1 -prefMapSize 219940 -appdir "C:\Program Files\Mozilla Firefox\browser" - 5096 "\\.\pipe\gecko-crash-server-pipe.5096" 1780 gpu3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5096.3.1695192406\2068300204" -childID 1 -isForBrowser -prefsHandle 2512 -prefMapHandle 2472 -prefsLen 78 -prefMapSize 219940 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 5096 "\\.\pipe\gecko-crash-server-pipe.5096" 2504 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5096.13.63900146\276961642" -childID 2 -isForBrowser -prefsHandle 3768 -prefMapHandle 3652 -prefsLen 6860 -prefMapSize 219940 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 5096 "\\.\pipe\gecko-crash-server-pipe.5096" 2476 tab3⤵
-
C:\Windows\system32\rundll32.exeC:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4216.0.1514377295\59403373" -parentBuildID 20200403170909 -prefsHandle 1624 -prefMapHandle 1616 -prefsLen 1 -prefMapSize 220326 -appdir "C:\Program Files\Mozilla Firefox\browser" - 4216 "\\.\pipe\gecko-crash-server-pipe.4216" 1712 gpu3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4216.3.749064257\553185931" -childID 1 -isForBrowser -prefsHandle 2424 -prefMapHandle 2516 -prefsLen 438 -prefMapSize 220326 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 4216 "\\.\pipe\gecko-crash-server-pipe.4216" 2380 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4216.13.1257951712\198025743" -childID 2 -isForBrowser -prefsHandle 3720 -prefMapHandle 3716 -prefsLen 6594 -prefMapSize 220326 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 4216 "\\.\pipe\gecko-crash-server-pipe.4216" 3728 tab3⤵
-
C:\Users\Admin\Desktop\MEMZ.exe"C:\Users\Admin\Desktop\MEMZ.exe"1⤵
-
C:\Users\Admin\Desktop\MEMZ.exe"C:\Users\Admin\Desktop\MEMZ.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\Desktop\MEMZ.exe"C:\Users\Admin\Desktop\MEMZ.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\Desktop\MEMZ.exe"C:\Users\Admin\Desktop\MEMZ.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\Desktop\MEMZ.exe"C:\Users\Admin\Desktop\MEMZ.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\Desktop\MEMZ.exe"C:\Users\Admin\Desktop\MEMZ.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\Desktop\MEMZ.exe"C:\Users\Admin\Desktop\MEMZ.exe" /main2⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\notepad.exe"C:\Windows\System32\notepad.exe" \note.txt3⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+remove+memz+trojan+virus3⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffc48c246f8,0x7ffc48c24708,0x7ffc48c247184⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1532,7150057094398201368,8491017685229502049,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:24⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1532,7150057094398201368,8491017685229502049,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:34⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1532,7150057094398201368,8491017685229502049,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1532,7150057094398201368,8491017685229502049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3804 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1532,7150057094398201368,8491017685229502049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3816 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1532,7150057094398201368,8491017685229502049,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4928 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1532,7150057094398201368,8491017685229502049,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1532,7150057094398201368,8491017685229502049,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4220 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1532,7150057094398201368,8491017685229502049,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1532,7150057094398201368,8491017685229502049,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5588 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1532,7150057094398201368,8491017685229502049,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings4⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x294,0x298,0x29c,0x270,0x2a0,0x7ff66f4a5460,0x7ff66f4a5470,0x7ff66f4a54805⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1532,7150057094398201368,8491017685229502049,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1532,7150057094398201368,8491017685229502049,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1532,7150057094398201368,8491017685229502049,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+20163⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc48c246f8,0x7ffc48c24708,0x7ffc48c247184⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic3⤵
- Adds Run key to start application
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc48c246f8,0x7ffc48c24708,0x7ffc48c247184⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2236,3376737861139867583,7548680608948100488,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:24⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2236,3376737861139867583,7548680608948100488,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2556 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2236,3376737861139867583,7548680608948100488,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:34⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,3376737861139867583,7548680608948100488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3104 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,3376737861139867583,7548680608948100488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3116 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2236,3376737861139867583,7548680608948100488,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4088 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,3376737861139867583,7548680608948100488,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2752 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2236,3376737861139867583,7548680608948100488,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4260 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2236,3376737861139867583,7548680608948100488,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4216 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2236,3376737861139867583,7548680608948100488,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4216 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,3376737861139867583,7548680608948100488,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3992 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,3376737861139867583,7548680608948100488,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:14⤵
-
C:\Windows\SysWOW64\calc.exe"C:\Windows\System32\calc.exe"3⤵
- Modifies registry class
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton3⤵
- Adds Run key to start application
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc43c346f8,0x7ffc43c34708,0x7ffc43c347184⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,10122263954253147401,6199482893718173775,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:24⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,10122263954253147401,6199482893718173775,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10122263954253147401,6199482893718173775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,10122263954253147401,6199482893718173775,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:34⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10122263954253147401,6199482893718173775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2148,10122263954253147401,6199482893718173775,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4404 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10122263954253147401,6199482893718173775,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3916 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2148,10122263954253147401,6199482893718173775,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4152 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,10122263954253147401,6199482893718173775,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4140 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,10122263954253147401,6199482893718173775,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4140 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10122263954253147401,6199482893718173775,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10122263954253147401,6199482893718173775,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3996 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10122263954253147401,6199482893718173775,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,10122263954253147401,6199482893718173775,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4532 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=stanky+danky+maymays3⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xf8,0x12c,0x7ffc43c346f8,0x7ffc43c34708,0x7ffc43c347184⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus+builder+legit+free+download3⤵
- Adds Run key to start application
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc43c346f8,0x7ffc43c34708,0x7ffc43c347184⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,237556866613374479,13215333928580379241,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:24⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,237556866613374479,13215333928580379241,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:34⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,237556866613374479,13215333928580379241,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,237556866613374479,13215333928580379241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,237556866613374479,13215333928580379241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2184,237556866613374479,13215333928580379241,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4684 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,237556866613374479,13215333928580379241,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2184,237556866613374479,13215333928580379241,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4056 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,237556866613374479,13215333928580379241,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,237556866613374479,13215333928580379241,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,237556866613374479,13215333928580379241,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,237556866613374479,13215333928580379241,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,237556866613374479,13215333928580379241,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:14⤵
-
C:\Windows\SysWOW64\regedit.exe"C:\Windows\System32\regedit.exe"3⤵
- Runs regedit.exe
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/3⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc445546f8,0x7ffc44554708,0x7ffc445547184⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,10197480161850244822,18000231860761967037,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:24⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,10197480161850244822,18000231860761967037,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:34⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,10197480161850244822,18000231860761967037,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3004 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10197480161850244822,18000231860761967037,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10197480161850244822,18000231860761967037,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2080,10197480161850244822,18000231860761967037,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4576 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10197480161850244822,18000231860761967037,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4544 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=dank+memz3⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc47e946f8,0x7ffc47e94708,0x7ffc47e947184⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,470796710190605444,14439433109576979203,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:24⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,470796710190605444,14439433109576979203,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:34⤵
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,470796710190605444,14439433109576979203,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,470796710190605444,14439433109576979203,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,470796710190605444,14439433109576979203,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2148,470796710190605444,14439433109576979203,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4068 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,470796710190605444,14439433109576979203,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3924 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2148,470796710190605444,14439433109576979203,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3768 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,470796710190605444,14439433109576979203,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3564 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,470796710190605444,14439433109576979203,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3564 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,470796710190605444,14439433109576979203,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,470796710190605444,14439433109576979203,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:14⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4cc 0x3081⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir1444_940425717\ChromeRecovery.exeFilesize
253KB
MD549ac3c96d270702a27b4895e4ce1f42a
SHA155b90405f1e1b72143c64113e8bc65608dd3fd76
SHA25682aa3fd6a25cda9e16689cfadea175091be010cecae537e517f392e0bef5ba0f
SHA512b62f6501cb4c992d42d9097e356805c88ac4ac5a46ead4a8eee9f8cbae197b2305da8aab5b4a61891fe73951588025f2d642c32524b360687993f98c913138a0
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\RecoveryImproved\1.3.36.141\Recovery.crx3Filesize
141KB
MD5ea1c1ffd3ea54d1fb117bfdbb3569c60
SHA110958b0f690ae8f5240e1528b1ccffff28a33272
SHA2567c3a6a7d16ac44c3200f572a764bce7d8fa84b9572dd028b15c59bdccbc0a77d
SHA5126c30728cac9eac53f0b27b7dbe2222da83225c3b63617d6b271a6cfedf18e8f0a8dffa1053e1cbc4c5e16625f4bbc0d03aa306a946c9d72faa4ceb779f8ffcaf
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ycivfgho.default-release\cache2\entries\0B7482935FD2838B012FD2E171620C445F3B7506Filesize
49KB
MD532191739928f126625284efceaac07cb
SHA1719ef0aa9f5a889dcec9b78b7605821ef85fd7f5
SHA2565c87152dbae4dcac7de045455def3bc654d0e21d5d44f6adbf297d300db27a28
SHA51277455bc99797b8fe37848534e7852fa4c5dc0e445b188a0466d219fbf95091734608b9d6e2ebf9a838b8f774e87a806c9d78607f73f6de970a98909022e0c695
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ycivfgho.default-release\cache2\entries\4903E7ABE348ED39D98D1C844FB81A906D5ECA16Filesize
9KB
MD517ce479c87131fe97792e3c93d6562e0
SHA1f55e4a583580a0813c94ebe42f4d436286c4fd9b
SHA2562853471b44fa4ea5451b858728699912561489f9ed0461b686fb19dbcc047d1d
SHA512534aec9a3f789861d2c89d96ef075deebd3d500da291f93e2b7ea39056d78e04bd361ddac8b355a15c292cd8dbc2565a0362989b01c5e899856a75f55b4087fa
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ycivfgho.default-release\cache2\entries\6AC9BD0802E051FCD579CC69A96979DE29682F3DFilesize
259B
MD5e0afa5490a8dddedc51867b38f5e2c32
SHA14f49d695902eb2b5b6a8d67a30a93df7ba9b4bca
SHA2563c2dac0b917c036a503f8b6311112f1971c55e313d7ccd12234e287d038b0631
SHA512a6c47df94ade4d22d8afb9d6bf220044dbb9291ae7ebdd35ba8387302ce228a0d42a907498685a88d79b065ba02868108a3d06779012295c51f36f0c41099199
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ycivfgho.default-release\cache2\entries\D267CB43EEDB24FD03280AF7B77A5B35BD5DFCD5Filesize
13KB
MD5b31d18bc07655ec1cfdcdc6889092c16
SHA15004a665d3de064326ded4d73ed3f942d4d136d1
SHA256a05ae5df1d7783c2a957aef7d012399d8818641d3663f9c1f69c60feaf92dc5f
SHA5122bd0e7e6260a34c5fc756466afcb1d5e5b45482fcff9d0a52fc352a3a3522fe8305d301d58654fb7c5fc7a8987df2cd8cf5d74872abc5c40cb74d7e5c1d3f6f5
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ycivfgho.default-release\startupCache\scriptCache-child.binFilesize
710KB
MD5abc24374f5f2de85d61a56f94e5d6b44
SHA1b8abb954ee5f65629a0fb250261efb3fc797f9e7
SHA25649fd5e15aeb2e56cf2bc1a4e5172bc3f2493e9fd78f4dc6fa85fe2d70dfaab2b
SHA512fd630de06ffb1a5e19a171d4b333a2fb1f8e7817780e10c0f0d12f3c7e02736b73a68799e70569512d6b1cea438b6a57bdc956927e49cb68bb900cc78c40583d
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ycivfgho.default-release\startupCache\scriptCache.binFilesize
6.7MB
MD5ee4e2c43371be5834ae7c3d15fadd6c9
SHA1eb990f817889d1ddffcebf7e488eba102b3979c4
SHA2566c514ea2c350e212cb2f3771a16c62b935d12f612a96f16eb4346ffc8fc88ad4
SHA512bf2f20b10e5d31730f7cebfe99cf696b7a7b917042a5b4ab7b4b0659e93dc8771f62b86ba22b5c356b5ce87ab3ef3522cda30b82443c9899a4764ca0e53fca68
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ycivfgho.default-release\startupCache\startupCache.8.littleFilesize
1.7MB
MD5aacb66df30af74b1e6daaca5c58959c3
SHA138dbe1a8935d6f391d262ded64280b71600e808e
SHA2561af8b054ef0d883218d7004d9c36426ed95df669a73ae421db042afa99922f1d
SHA512d9e0485ee74385feee6e89c0000a02efa41006a5084b8a50447ffe21d8c16a320d528026da4067963794187ec1f62d2651f1d2440fdf88e9c8dc758564acd8c3
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ycivfgho.default-release\startupCache\urlCache.binFilesize
2KB
MD595b811f500c70c3d2aa19e9e6f9c0543
SHA1a00256d3048b0218dcfecb888568aa1f98e8332c
SHA256849cf2486ef649625bc2bc7b8ffab1d870a347198fbc14dd732dc97b71f4299c
SHA5129d2256a860c57ac8cab112ddadaeeeead988de16d25c2476e01598b756488c9df28780f12c3197bfc6c7761052ea6de0cb273ab2e27e3e457de0c177457312d9
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ycivfgho.default-release\thumbnails\eb78d9eb7147453906f4daa5fd74a38a.pngFilesize
8KB
MD5eb5de2dcf42e99bd0df8ea3fa8a7eacb
SHA191961a6b017c8686911dc5690cce83fe49e2c231
SHA256b8263de1d8f562262fbf47cffce52edb3898189c4ba5e8d7923cc935c0f7f1ee
SHA5126a145f96b5f0a999f926d2f9bf31cb3d1ac0a642fe29465607df518d3cda5a887df498cc0611e07a336dc05cc8bfd0a81b15492c30108643563483f028cf07a7
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\YCIVFG~1.DEF\cert9.dbFilesize
224KB
MD51aa06c2457ecf5d78e57ae389c9f0253
SHA12d3963dbf15e29be514ae3f1e849498fe8a90e0c
SHA256df205ddce61a2506787700499a85ee055fbebc82ed2ef73a8fe72f2d10a0c9e2
SHA512a122ab4702a49512ddb0f8212c7fdace4220a6953a2c4abb2c64f8470ca64dae62c9a244b53dc38c12c0b35e9292031eff32ac2c8aa2e163ba2bc83973471d85
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ycivfgho.default-release\SiteSecurityServiceState.txtFilesize
940B
MD531a7de7818dcd14653dc96d2505da447
SHA1053b283d06fbfc64cab52d57f092b7f87e683157
SHA25607d58bc313d79ed165f4a6ef279c76270a37274d06f972eb49b6bfc58560437a
SHA51284d17706c4ac085a68e8eb5e90f3f4c3375d26c75298220726c83f3fd412d30b157fc801d049edb1df64bd22d96ba71c2c2623a9d09ec820e0aba78abe7c3762
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ycivfgho.default-release\addonStartup.json.lz4Filesize
1KB
MD5bc4bd0071af0574fe57b6756f0b26071
SHA1dfc6af6b87b58391f67679a24c28495503f9e75d
SHA2562f0cb964330decccb1375985d126d6cd2fec171e344cdd6e21026fa9459d8ad3
SHA5129cd3f9140a3beca18114253556281c48e0a2401d8e7bb01b518a0615caf6a1f4a8cece627c00caaf9cb3f7cf3a57a224ec5233682b5b3f8e933619b85488551d
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ycivfgho.default-release\cert_override.txtFilesize
371B
MD5bdee834cc7031d149ff7ab3e52809842
SHA1b60bdbd282d303a58a422826eed68976fc9941df
SHA256e3a53c281ef69ee4a9d37ce26789802461e32b005ad5a28548768a39a4326a41
SHA51222a01b66baaa3289f285d6caedb3c9986650d7b40a2fd1ef4971162d6d9237b3c7f1cb733d6ea5b18745974b796da8c495d5cccbf09199c016aa74c4b8a3e53c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ycivfgho.default-release\cookies.sqliteFilesize
512KB
MD553a2eef821c281a5cc37033fb7d42e18
SHA16bf8f28aa6667ec774fd7973efb47e49dd31e6ad
SHA256327922d24679ac2778ee0901e3ff71a019fbd25e2a884b1be40fc746db0465aa
SHA5123c9ad5a80703e5cf61dd4343c927eaa01517bd9e70f181e5f77c0956681b5ad091a6ac86a492f04ee79ada63bb94fb90dac9a0f7fb10990fdd732c74e22c4d0a
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ycivfgho.default-release\favicons.sqliteFilesize
5.0MB
MD5d5e29cc89c6179c5d3140b7239a1524e
SHA13868ac687155ab861cfbc7c666fd3cf1ad6945d6
SHA256235d372625f124ea9c8de800756dbae50c55424228fb5e512d320060a61e64bc
SHA51291fc201f58f71f74f9bbf29d7193b162148b919faeae395016e32fe1d3f37821c0646aee57f3a76d7313041c85f92b477a98833ecd84562404427f477c0fb1b0
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ycivfgho.default-release\permissions.sqliteFilesize
96KB
MD5b7639635d99a20c0bb24ce18d0b57fe2
SHA19d110e9ec4be4c02e7f575d4576b3698f1107eb8
SHA25655f3fd05f28dd329ad1c557aae2a69904841cf09c46f915ad9bded8104f87269
SHA512dafc3eebd35f38481200485b056ef23675bf8b80e85a568216b01f2015783f3b4d80a0418f498f1c5e13bd4548d29cdf1dd399f9918403955e4d1380c02a7060
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ycivfgho.default-release\places.sqliteFilesize
5.0MB
MD5e5a8b81b6c0fd4855730023768d882c0
SHA1706038c4ac2b90f49823147d1fcbb97cdf75beff
SHA256c5c3c500c749740cdfc740c59a5612ae235c1a28643da3e8392f8ceab6a69038
SHA512c8ae902f5f9bcf96583242858579d1ff13ca05ceb2cb2fb58a09a9d58b23d616419bedbde5c6da2aff42b5301f306ae6d175ff1ec6281a4fd0a9fc1dd76d138f
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ycivfgho.default-release\prefs.jsFilesize
6KB
MD595715b9037d9b062c22230dfe625ee3f
SHA11c866e2c4eda9a5856b41af0ac2bba68fab48f38
SHA256e54776fe55ab3a827102ae97b3f520bf877bad63057a0da5c7e1cde0ab506185
SHA5122aab25cc3bbf7c3c3f0f06cc37920fd256c2042beeab984ae94c15a0c6f3ca1f3b970a2311bf1591e786b232566138b63647964e31c03c70072d01847fae03c2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ycivfgho.default-release\protections.sqliteFilesize
64KB
MD56c050eb6d13675bfeab8bc7f09fd274a
SHA14d14b0ef1884a6b5c0b6860da3ebb8a83b398df7
SHA256b6e55a1dfda381c4356952acb8aebc56c09191e4013ecc4980a847feb511f76e
SHA512b52f418e3247d42cd7274163d1968630657d66380bd243ba8ca5077853949c75aed7a5af8a9425765aa0da501f42d713420f8434a42a3c391cac999144df5e0f
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ycivfgho.default-release\search.json.mozlz4Filesize
2KB
MD5398a0e18bf3bbe1e4946f35eec99b3bf
SHA12df6b285ff5a6466d288e4e89cb3061ccf0a1867
SHA256378620fee6b8131075efaabd4646f9be98d91780618a4e242fd58098a3c611d3
SHA512ab5017083b7d44d726989eb4b6a4b460986321b91497b8e56a091257d2b8ada4b7e412d9b26a51aafe6c213fee2bdbb1a8950b8d0d4d3dfcd769ca866a678f5c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ycivfgho.default-release\sessionCheckpoints.jsonFilesize
288B
MD5948a7403e323297c6bb8a5c791b42866
SHA188a555717e8a4a33eccfb7d47a2a4aa31038f9c0
SHA2562fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e
SHA51217e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ycivfgho.default-release\sessionstore.jsonlz4Filesize
9KB
MD58817d797a05614ba3f4dd600be4b0442
SHA12857f9b7663953a61b8d52377cb4258cdb215f2f
SHA2562e62aa8f4eed23d8c3d5897bee57f27d877c66be5d6938a54ef47e375b186eab
SHA512ab86a6bd79e2feae35839bbe9d67cf7950b186ac239bd64caf6069613c00a1b6f5956aa602fb0f82c78ff57c2cc33e6cc34832bf4bab1a9c38aabea783b1ad01
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ycivfgho.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqliteFilesize
72KB
MD54a5c35fe49ee3721f07961f9e3692cd4
SHA1d1ceaf92d45f7af01b5f110a920acfeee22b1ae7
SHA256a7ad921836eab414b542984b028d63169e0da50416f6065de65ec3cb2275ae0e
SHA51284487270c24ea09aa204e25d4482ce3ff208624d6f688b91a6e42564385d0f8d3eb07f77846b35c7d76906ad564afaee112deebd9e52432a924c76d34aeb938e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ycivfgho.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqliteFilesize
3.2MB
MD52119897e726f2de606db84b0c5b853d8
SHA1476897b8da241c3b25ee1a891a026b29fa248fd5
SHA25680d6c0b27a1dfe1b51164b5d3c93664ab76c1276ef1b19edfe8d4aab018c2e95
SHA512a85e5c7dfe45825cc03ff2e1ce1046d3e4f2d544bbbe2af3a274e82427acef938ac464bac2cecf810b6d8421d62bfdc9dcc95e74cd136282817809993fd8bfa3
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ycivfgho.default-release\webappsstore.sqliteFilesize
96KB
MD5b7a933a0045c8aca1a71149cf173d599
SHA16c618532d3d1eef74dafef4a20b826dd0e0d4f68
SHA256124f9d7259fad7cbf714572a3e3ab64f93911f1fb4c6dd6a3cf65edc754225d0
SHA5128010242a0598a69306fc2d18a9ea1d0dbd603a611c725de53c715f89108f1a6c989b61334c5487659443df40f45e3216ec1ced4b0469bac506f801ec725a13bc
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ycivfgho.default-release\xulstore.jsonFilesize
266B
MD539b350b652d4738d38be9e96dc68b232
SHA138243856a6d634edb17ce6bc7476e024d268deb7
SHA256511a1fdc3546bdd3554ecafafe0c756a7c6eaa9a91c94188b04a08edc9be32dc
SHA51274d541757a4bda0ff4ce9fd0bda58f9a03d3010a667ef713f3b94ebe344854bad23152550df981116f71256ad9cbbfada90c3252025ac8de469a7e9fdcbdf9cf
-
\??\pipe\crashpad_3368_KLNSTPXDSMPSJGFOMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/1120-187-0x0000000000000000-mapping.dmp
-
memory/1180-251-0x0000000000000000-mapping.dmp
-
memory/1428-246-0x0000000000000000-mapping.dmp
-
memory/1516-185-0x0000000000000000-mapping.dmp
-
memory/1536-234-0x0000000000000000-mapping.dmp
-
memory/1684-164-0x0000000000000000-mapping.dmp
-
memory/1756-193-0x0000000000000000-mapping.dmp
-
memory/1948-165-0x0000000000000000-mapping.dmp
-
memory/2076-167-0x0000000000000000-mapping.dmp
-
memory/2228-168-0x0000000000000000-mapping.dmp
-
memory/2284-189-0x0000000000000000-mapping.dmp
-
memory/2324-249-0x0000000000000000-mapping.dmp
-
memory/2344-222-0x0000000000000000-mapping.dmp
-
memory/2388-258-0x0000000000000000-mapping.dmp
-
memory/2656-181-0x0000000000000000-mapping.dmp
-
memory/2856-213-0x0000000000000000-mapping.dmp
-
memory/2932-134-0x0000000000000000-mapping.dmp
-
memory/3160-166-0x0000000000000000-mapping.dmp
-
memory/3424-171-0x0000000000000000-mapping.dmp
-
memory/3512-227-0x0000000000000000-mapping.dmp
-
memory/3596-252-0x0000000000000000-mapping.dmp
-
memory/3668-177-0x0000000000000000-mapping.dmp
-
memory/3740-137-0x0000027EB7240000-0x0000027EB7250000-memory.dmpFilesize
64KB
-
memory/3740-136-0x0000027EB7140000-0x0000027EB7150000-memory.dmpFilesize
64KB
-
memory/3784-191-0x0000000000000000-mapping.dmp
-
memory/3948-192-0x0000000000000000-mapping.dmp
-
memory/4020-256-0x0000000000000000-mapping.dmp
-
memory/4072-232-0x0000000000000000-mapping.dmp
-
memory/4092-179-0x0000000000000000-mapping.dmp
-
memory/4172-169-0x0000000000000000-mapping.dmp
-
memory/4240-183-0x0000000000000000-mapping.dmp
-
memory/4548-260-0x0000000000000000-mapping.dmp
-
memory/4656-240-0x0000000000000000-mapping.dmp
-
memory/4712-220-0x0000000000000000-mapping.dmp
-
memory/4824-175-0x0000000000000000-mapping.dmp
-
memory/4936-255-0x0000000000000000-mapping.dmp
-
memory/4936-172-0x0000000000000000-mapping.dmp
-
memory/5068-170-0x0000000000000000-mapping.dmp
-
memory/5104-209-0x0000000000000000-mapping.dmp
-
memory/5112-174-0x0000000000000000-mapping.dmp
-
memory/5172-194-0x0000000000000000-mapping.dmp
-
memory/5180-236-0x0000000000000000-mapping.dmp
-
memory/5264-223-0x0000000000000000-mapping.dmp
-
memory/5308-245-0x0000000000000000-mapping.dmp
-
memory/5312-243-0x0000000000000000-mapping.dmp
-
memory/5340-230-0x0000000000000000-mapping.dmp
-
memory/5352-211-0x0000000000000000-mapping.dmp
-
memory/5356-195-0x0000000000000000-mapping.dmp
-
memory/5360-241-0x0000000000000000-mapping.dmp
-
memory/5372-196-0x0000000000000000-mapping.dmp
-
memory/5404-228-0x0000000000000000-mapping.dmp
-
memory/5420-198-0x0000000000000000-mapping.dmp
-
memory/5444-200-0x0000000000000000-mapping.dmp
-
memory/5464-218-0x0000000000000000-mapping.dmp
-
memory/5532-238-0x0000000000000000-mapping.dmp
-
memory/5628-215-0x0000000000000000-mapping.dmp
-
memory/5712-217-0x0000000000000000-mapping.dmp
-
memory/5792-247-0x0000000000000000-mapping.dmp
-
memory/5796-224-0x0000000000000000-mapping.dmp
-
memory/5812-225-0x0000000000000000-mapping.dmp
-
memory/5816-253-0x0000000000000000-mapping.dmp
-
memory/5880-201-0x0000000000000000-mapping.dmp
-
memory/5896-202-0x0000000000000000-mapping.dmp
-
memory/6072-204-0x0000000000000000-mapping.dmp
-
memory/6104-205-0x0000000000000000-mapping.dmp
-
memory/6120-207-0x0000000000000000-mapping.dmp