7293b27f7bb799ea2625a13e758e74d53a22899159dc38dabaec71f429e622e7

Analysis

max time kernel
120s
max time network
116s
platform
windows10-1703_x64
resource
win10-20231023-en
resource tags

arch:x64arch:x86image:win10-20231023-enlocale:en-usos:windows10-1703-x64system
submitted
26/11/2023, 15:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

start_http.bat
Size

639B
MD5

ab730a20800d387c720dc389da014da0
SHA1

3cb94f6874b768194c40bea34f00e3f3f46e357d
SHA256

7293b27f7bb799ea2625a13e758e74d53a22899159dc38dabaec71f429e622e7
SHA512

3084299ef0647753fd919a2eeffd035c2c64349b409f536fd4a14effecb94c9cc42c33252715df94f9bc8f101287869d2d09a75547334894e7d4483c11ab5fdc

Score

8^/10

Malware Config

Signatures

Drops file in Drivers directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\drivers\SETD01C.tmp	DrvInst.exe
File created	C:\Windows\system32\drivers\SETD01C.tmp	DrvInst.exe
File opened for modification	C:\Windows\system32\drivers\vbaudio_cable64_win7.sys	DrvInst.exe

Manipulates Digital Signatures 1 TTPs 1 IoCs

Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\00859AAC6A54B8C1B3C139DE67846E64E7B82DB2\Blob = 03000000010000001400000000859aac6a54b8c1b3c139de67846e64e7b82db204000000010000001000000021a8049b1deb3102813b875fbcf3ef00140000000100000014000000ec43ba1a8cc0655ace4b52afc6d3a023e6688990190000000100000010000000b657b971b32d7c441b7722d15aa1ccc30f00000001000000140000000d44620e0a9c6b3ebe2ae9fc1a483595d4d38a8920000000010000008e0500003082058a30820472a003020102021007acf5c5a754daaf4cd6bd1d74791d59300d06092a864886f70d01010505003081b4310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313b3039060355040b13325465726d73206f66207573652061742068747470733a2f2f7777772e766572697369676e2e636f6d2f727061202863293130312e302c06035504031325566572695369676e20436c617373203320436f6465205369676e696e672032303130204341301e170d3133313130323030303030305a170d3135303130313233353935395a3081cd310b30090603550406130246523111300f06035504081308446f72646f676e65310e300c0603550407130545796d657431243022060355040a141b4e6f204f7267616e697a6174696f6e20416666696c696174696f6e313e303c060355040b13354469676974616c20494420436c6173732033202d204d6963726f736f667420536f6674776172652056616c69646174696f6e207632311d301b060355040b1414496e646976696475616c20446576656c6f706572311630140603550403140d56696e63656e7420427572656c30820122300d06092a864886f70d01010105000382010f003082010a0282010100e6226548adb62b60644356757218468aa2d8750aa9825bd8203a8111a427954f76fe6a314972e82f2d2f195ba265ff5771b25944cdf19a23154ed158e0e155b5e40039308767973fa0ac9840f64845c5544e7e1b91dffe3152718630ef09869202101e260f91664b118f3963512d6201c4077ac0fac4fe70600faf75fc409666771304eace525dbda197d2a48ae1a98d047c5c41129875127edd88a523b3f75a1c599227f64d6cf705a9876ab98498cd32d77b20eee6e43ee4d4c6208732a7669646abdacb803c9da676a0f4b76b47efa9631e56a8d91b0aac17784f0f4985bc06f30d9def190f8a155b89d40ba4ba8dc3ef35efc9014cbfacb3664819f521010203010001a382017b3082017730090603551d1304023000300e0603551d0f0101ff04040302078030400603551d1f043930373035a033a031862f687474703a2f2f637363332d323031302d63726c2e766572697369676e2e636f6d2f435343332d323031302e63726c30440603551d20043d303b3039060b6086480186f84501071703302a302806082b06010505070201161c68747470733a2f2f7777772e766572697369676e2e636f6d2f72706130130603551d25040c300a06082b06010505070303307106082b0601050507010104653063302406082b060105050730018618687474703a2f2f6f6373702e766572697369676e2e636f6d303b06082b06010505073002862f687474703a2f2f637363332d323031302d6169612e766572697369676e2e636f6d2f435343332d323031302e636572301f0603551d23041830168014cf99a9ea7b26f44bc98e8fd7f00526efe3d2a79d301106096086480186f84201010404030204103016060a2b06010401823702011b040830060101000101ff300d06092a864886f70d01010505000382010100039480fb57bc9effd89b207713a34f2ef573ffbdbae493bf86b7a9368198d72d912cd90f01bf9dec635c524e6060f074597350ae391d86d9c612543f12e4d3cf631ffa4c4486b87313186d9adf51bc1070cb5204910999a9c9f889002f7c897ac8b83589d731178fc7f4f9c92d10d89ac87da1ad580e971023be067bce9ce0f93dbdd5ff30c17836057551997afa48d78b04d5f942c8f32b76ec3a48c67847eee3b095d825ae005416d58b7d1ee13ae2fea1f7a677ce2a5d75c837bc7a84f35c3b25316bbd4ec3efb88e1337a2f11c5a5132e1aeeade821b41ed41329af5394fb3c98af759e7593cd7e858051d18d49a48b05e9839472b31e0423b9be3627d18	DrvInst.exe

Drops file in System32 directory 17 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\DriverStore\Temp\{53397642-fcf2-6849-9f52-74c65fc8646a}\vbmmecable64_win7.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\vbmmecable64_win7.inf_amd64_ffa78ae84c13ca8c\vbaudio_cable64_win7.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{53397642-fcf2-6849-9f52-74c65fc8646a}\SETAEC9.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\vbmmecable64_win7.inf_amd64_ffa78ae84c13ca8c\vbaudio_cable64_win7.cat	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\vbmmecable64_win7.inf_amd64_ffa78ae84c13ca8c\vbmmecable64_win7.PNF	VBCABLE_Setup_x64.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{53397642-fcf2-6849-9f52-74c65fc8646a}\vbaudio_cable64_win7.sys	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{53397642-fcf2-6849-9f52-74c65fc8646a}\SETAEDA.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{53397642-fcf2-6849-9f52-74c65fc8646a}\SETAEDB.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{53397642-fcf2-6849-9f52-74c65fc8646a}	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\vbmmecable64_win7.inf_amd64_ffa78ae84c13ca8c\vbmmecable64_win7.PNF	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{53397642-fcf2-6849-9f52-74c65fc8646a}\vbaudio_cable64_win7.cat	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{53397642-fcf2-6849-9f52-74c65fc8646a}\SETAEDA.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{53397642-fcf2-6849-9f52-74c65fc8646a}\SETAEDB.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\vbmmecable64_win7.inf_amd64_ffa78ae84c13ca8c\vbmmecable64_win7.inf	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{53397642-fcf2-6849-9f52-74c65fc8646a}\SETAEC9.tmp	DrvInst.exe

Drops file in Program Files directory 10 IoCs

description	ioc	Process
File created	C:\Program Files\VB\CABLE\VBCABLE_Setup_x64.exe	VBCABLE_Setup_x64.exe
File opened for modification	C:\Program Files\VB\CABLE\VBCABLE_Setup_x64.exe	VBCABLE_Setup_x64.exe
File created	C:\Program Files\VB\CABLE\vbMmeCable64_win7.inf	VBCABLE_Setup_x64.exe
File opened for modification	C:\Program Files\VB\CABLE\vbMmeCable64_win7.inf	VBCABLE_Setup_x64.exe
File created	C:\Program Files\VB\CABLE\pin_in.ico	VBCABLE_Setup_x64.exe
File opened for modification	C:\Program Files\VB\CABLE\pin_in.ico	VBCABLE_Setup_x64.exe
File created	C:\Program Files\VB\CABLE\pin_out.ico	VBCABLE_Setup_x64.exe
File opened for modification	C:\Program Files\VB\CABLE\pin_out.ico	VBCABLE_Setup_x64.exe
File created	C:\Program Files\VB\CABLE\VBCABLE_ControlPanel.exe	VBCABLE_Setup_x64.exe
File opened for modification	C:\Program Files\VB\CABLE\VBCABLE_ControlPanel.exe	VBCABLE_Setup_x64.exe

Drops file in Windows directory 16 IoCs

description	ioc	Process
File opened for modification	C:\Windows\INF\setupapi.dev.log	VBCABLE_Setup_x64.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\INF\ks.PNF	DrvInst.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File created	C:\Windows\inf\oem3.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	svchost.exe
File created	C:\Windows\INF\oem3.PNF	DrvInst.exe
File opened for modification	C:\Windows\inf\oem3.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File opened for modification	C:\Windows\setupact.log	DrvInst.exe
File opened for modification	C:\Windows\setuperr.log	DrvInst.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0038	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0054	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0008	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004C	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0064	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0016	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004E	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0051	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0065	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004D	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0054	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\DeviceDesc	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0064	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0016	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	VBCABLE_Setup_x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A\	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Capabilities	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004E	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	VBCABLE_Setup_x64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	VBCABLE_Setup_x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0018	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0055	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	VBCABLE_Setup_x64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0055	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0055	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\UpperFilters	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0052	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0052	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0051	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	VBCABLE_Setup_x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0018	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	VBCABLE_Setup_x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000	DrvInst.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\DisallowDefaultBrowserPrompt = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pagesperso-orange.fr\Total = "116"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\pagesperso-orange.fr\Number = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pagesperso-orange.fr\NumberOfS = "1"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pagesperso-orange.fr\Total = "86"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B72164C = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "45"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pagesperso-orange.fr\Total = "60"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "60"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{703CE4F9-5C2C-4886-9BCF-4D958C37E1C9} = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main\OperationalData = "1"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 7ec5d8697c20da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingDelete	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 14a0d1697c20da01	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.msn.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "86"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.msn.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\pagesperso-orange.fr\Total = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-2184424523-918736138-622003966-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache	MicrosoftEdgeCP.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3584	chrome.exe
3584	chrome.exe

Suspicious behavior: MapViewOfSection 10 IoCs

pid	Process
3456	MicrosoftEdgeCP.exe
3456	MicrosoftEdgeCP.exe
3456	MicrosoftEdgeCP.exe
3456	MicrosoftEdgeCP.exe
3456	MicrosoftEdgeCP.exe
3456	MicrosoftEdgeCP.exe
3456	MicrosoftEdgeCP.exe
3456	MicrosoftEdgeCP.exe
3456	MicrosoftEdgeCP.exe
3456	MicrosoftEdgeCP.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3584	chrome.exe
Token: SeCreatePagefilePrivilege	3584	chrome.exe
Token: SeShutdownPrivilege	3584	chrome.exe
Token: SeCreatePagefilePrivilege	3584	chrome.exe
Token: SeShutdownPrivilege	3584	chrome.exe
Token: SeCreatePagefilePrivilege	3584	chrome.exe
Token: SeShutdownPrivilege	3584	chrome.exe
Token: SeCreatePagefilePrivilege	3584	chrome.exe
Token: SeShutdownPrivilege	3584	chrome.exe
Token: SeCreatePagefilePrivilege	3584	chrome.exe
Token: SeShutdownPrivilege	3584	chrome.exe
Token: SeCreatePagefilePrivilege	3584	chrome.exe
Token: SeShutdownPrivilege	3584	chrome.exe
Token: SeCreatePagefilePrivilege	3584	chrome.exe
Token: SeShutdownPrivilege	3584	chrome.exe
Token: SeCreatePagefilePrivilege	3584	chrome.exe
Token: SeShutdownPrivilege	3584	chrome.exe
Token: SeCreatePagefilePrivilege	3584	chrome.exe
Token: SeShutdownPrivilege	3584	chrome.exe
Token: SeCreatePagefilePrivilege	3584	chrome.exe
Token: SeShutdownPrivilege	3584	chrome.exe
Token: SeCreatePagefilePrivilege	3584	chrome.exe
Token: SeShutdownPrivilege	3584	chrome.exe
Token: SeCreatePagefilePrivilege	3584	chrome.exe
Token: SeShutdownPrivilege	3584	chrome.exe
Token: SeCreatePagefilePrivilege	3584	chrome.exe
Token: SeShutdownPrivilege	3584	chrome.exe
Token: SeCreatePagefilePrivilege	3584	chrome.exe
Token: SeShutdownPrivilege	3584	chrome.exe
Token: SeCreatePagefilePrivilege	3584	chrome.exe
Token: SeShutdownPrivilege	3584	chrome.exe
Token: SeCreatePagefilePrivilege	3584	chrome.exe
Token: SeShutdownPrivilege	3584	chrome.exe
Token: SeCreatePagefilePrivilege	3584	chrome.exe
Token: SeShutdownPrivilege	3584	chrome.exe
Token: SeCreatePagefilePrivilege	3584	chrome.exe
Token: SeShutdownPrivilege	3584	chrome.exe
Token: SeCreatePagefilePrivilege	3584	chrome.exe
Token: SeShutdownPrivilege	3584	chrome.exe
Token: SeCreatePagefilePrivilege	3584	chrome.exe
Token: SeShutdownPrivilege	3584	chrome.exe
Token: SeCreatePagefilePrivilege	3584	chrome.exe
Token: SeShutdownPrivilege	3584	chrome.exe
Token: SeCreatePagefilePrivilege	3584	chrome.exe
Token: SeShutdownPrivilege	3584	chrome.exe
Token: SeCreatePagefilePrivilege	3584	chrome.exe
Token: SeShutdownPrivilege	3584	chrome.exe
Token: SeCreatePagefilePrivilege	3584	chrome.exe
Token: SeShutdownPrivilege	3584	chrome.exe
Token: SeCreatePagefilePrivilege	3584	chrome.exe
Token: SeShutdownPrivilege	3584	chrome.exe
Token: SeCreatePagefilePrivilege	3584	chrome.exe
Token: SeShutdownPrivilege	3584	chrome.exe
Token: SeCreatePagefilePrivilege	3584	chrome.exe
Token: SeShutdownPrivilege	3584	chrome.exe
Token: SeCreatePagefilePrivilege	3584	chrome.exe
Token: SeShutdownPrivilege	3584	chrome.exe
Token: SeCreatePagefilePrivilege	3584	chrome.exe
Token: SeShutdownPrivilege	3584	chrome.exe
Token: SeCreatePagefilePrivilege	3584	chrome.exe
Token: SeShutdownPrivilege	3584	chrome.exe
Token: SeCreatePagefilePrivilege	3584	chrome.exe
Token: SeShutdownPrivilege	3584	chrome.exe
Token: SeCreatePagefilePrivilege	3584	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe
3584	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3548	VBCABLE_Setup.exe
2620	MicrosoftEdge.exe
3456	MicrosoftEdgeCP.exe
404	MicrosoftEdgeCP.exe
3456	MicrosoftEdgeCP.exe
4456	VBCABLE_ControlPanel.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3584 wrote to memory of 3820	3584	chrome.exe	74
PID 3584 wrote to memory of 3820	3584	chrome.exe	74
PID 3584 wrote to memory of 4192	3584	chrome.exe	78
PID 3584 wrote to memory of 4192	3584	chrome.exe	78
PID 3584 wrote to memory of 4192	3584	chrome.exe	78
PID 3584 wrote to memory of 4192	3584	chrome.exe	78
PID 3584 wrote to memory of 4192	3584	chrome.exe	78
PID 3584 wrote to memory of 4192	3584	chrome.exe	78
PID 3584 wrote to memory of 4192	3584	chrome.exe	78
PID 3584 wrote to memory of 4192	3584	chrome.exe	78
PID 3584 wrote to memory of 4192	3584	chrome.exe	78
PID 3584 wrote to memory of 4192	3584	chrome.exe	78
PID 3584 wrote to memory of 4192	3584	chrome.exe	78
PID 3584 wrote to memory of 4192	3584	chrome.exe	78
PID 3584 wrote to memory of 4192	3584	chrome.exe	78
PID 3584 wrote to memory of 4192	3584	chrome.exe	78
PID 3584 wrote to memory of 4192	3584	chrome.exe	78
PID 3584 wrote to memory of 4192	3584	chrome.exe	78
PID 3584 wrote to memory of 4192	3584	chrome.exe	78
PID 3584 wrote to memory of 4192	3584	chrome.exe	78
PID 3584 wrote to memory of 4192	3584	chrome.exe	78
PID 3584 wrote to memory of 4192	3584	chrome.exe	78
PID 3584 wrote to memory of 4192	3584	chrome.exe	78
PID 3584 wrote to memory of 4192	3584	chrome.exe	78
PID 3584 wrote to memory of 4192	3584	chrome.exe	78
PID 3584 wrote to memory of 4192	3584	chrome.exe	78
PID 3584 wrote to memory of 4192	3584	chrome.exe	78
PID 3584 wrote to memory of 4192	3584	chrome.exe	78
PID 3584 wrote to memory of 4192	3584	chrome.exe	78
PID 3584 wrote to memory of 4192	3584	chrome.exe	78
PID 3584 wrote to memory of 4192	3584	chrome.exe	78
PID 3584 wrote to memory of 4192	3584	chrome.exe	78
PID 3584 wrote to memory of 4192	3584	chrome.exe	78
PID 3584 wrote to memory of 4192	3584	chrome.exe	78
PID 3584 wrote to memory of 4192	3584	chrome.exe	78
PID 3584 wrote to memory of 4192	3584	chrome.exe	78
PID 3584 wrote to memory of 4192	3584	chrome.exe	78
PID 3584 wrote to memory of 4192	3584	chrome.exe	78
PID 3584 wrote to memory of 4192	3584	chrome.exe	78
PID 3584 wrote to memory of 4192	3584	chrome.exe	78
PID 3584 wrote to memory of 1440	3584	chrome.exe	76
PID 3584 wrote to memory of 1440	3584	chrome.exe	76
PID 3584 wrote to memory of 4180	3584	chrome.exe	77
PID 3584 wrote to memory of 4180	3584	chrome.exe	77
PID 3584 wrote to memory of 4180	3584	chrome.exe	77
PID 3584 wrote to memory of 4180	3584	chrome.exe	77
PID 3584 wrote to memory of 4180	3584	chrome.exe	77
PID 3584 wrote to memory of 4180	3584	chrome.exe	77
PID 3584 wrote to memory of 4180	3584	chrome.exe	77
PID 3584 wrote to memory of 4180	3584	chrome.exe	77
PID 3584 wrote to memory of 4180	3584	chrome.exe	77
PID 3584 wrote to memory of 4180	3584	chrome.exe	77
PID 3584 wrote to memory of 4180	3584	chrome.exe	77
PID 3584 wrote to memory of 4180	3584	chrome.exe	77
PID 3584 wrote to memory of 4180	3584	chrome.exe	77
PID 3584 wrote to memory of 4180	3584	chrome.exe	77
PID 3584 wrote to memory of 4180	3584	chrome.exe	77
PID 3584 wrote to memory of 4180	3584	chrome.exe	77
PID 3584 wrote to memory of 4180	3584	chrome.exe	77
PID 3584 wrote to memory of 4180	3584	chrome.exe	77
PID 3584 wrote to memory of 4180	3584	chrome.exe	77
PID 3584 wrote to memory of 4180	3584	chrome.exe	77
PID 3584 wrote to memory of 4180	3584	chrome.exe	77
PID 3584 wrote to memory of 4180	3584	chrome.exe	77

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\start_http.bat"
1⤵
PID:616

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff98a359758,0x7ff98a359768,0x7ff98a359778
  2⤵
  PID:3820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2004 --field-trial-handle=1684,i,17329514230476241418,11185100194276912393,131072 /prefetch:8
  2⤵
  PID:1440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2024 --field-trial-handle=1684,i,17329514230476241418,11185100194276912393,131072 /prefetch:8
  2⤵
  PID:4180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=1684,i,17329514230476241418,11185100194276912393,131072 /prefetch:2
  2⤵
  PID:4192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2976 --field-trial-handle=1684,i,17329514230476241418,11185100194276912393,131072 /prefetch:1
  2⤵
  PID:1580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3116 --field-trial-handle=1684,i,17329514230476241418,11185100194276912393,131072 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4532 --field-trial-handle=1684,i,17329514230476241418,11185100194276912393,131072 /prefetch:1
  2⤵
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3880 --field-trial-handle=1684,i,17329514230476241418,11185100194276912393,131072 /prefetch:8
  2⤵
  PID:4428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4668 --field-trial-handle=1684,i,17329514230476241418,11185100194276912393,131072 /prefetch:8
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 --field-trial-handle=1684,i,17329514230476241418,11185100194276912393,131072 /prefetch:8
  2⤵
  PID:1760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4676 --field-trial-handle=1684,i,17329514230476241418,11185100194276912393,131072 /prefetch:8
  2⤵
  PID:4080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3928 --field-trial-handle=1684,i,17329514230476241418,11185100194276912393,131072 /prefetch:1
  2⤵
  PID:3740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5192 --field-trial-handle=1684,i,17329514230476241418,11185100194276912393,131072 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5512 --field-trial-handle=1684,i,17329514230476241418,11185100194276912393,131072 /prefetch:1
  2⤵
  PID:684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3944 --field-trial-handle=1684,i,17329514230476241418,11185100194276912393,131072 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 --field-trial-handle=1684,i,17329514230476241418,11185100194276912393,131072 /prefetch:8
  2⤵
  PID:616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5796 --field-trial-handle=1684,i,17329514230476241418,11185100194276912393,131072 /prefetch:8
  2⤵
  PID:4120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5456 --field-trial-handle=1684,i,17329514230476241418,11185100194276912393,131072 /prefetch:8
  2⤵
  PID:4132

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5108

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2712

C:\Users\Admin\Downloads\VBCABLE_Driver_Pack43\VBCABLE_Setup.exe
"C:\Users\Admin\Downloads\VBCABLE_Driver_Pack43\VBCABLE_Setup.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:3548

C:\Users\Admin\Downloads\VBCABLE_Driver_Pack43\VBCABLE_Setup_x64.exe
"C:\Users\Admin\Downloads\VBCABLE_Driver_Pack43\VBCABLE_Setup_x64.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
PID:2560

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k dcomlaunch -s DeviceInstall
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
PID:4652
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{5c4cdff1-96c8-b244-a25f-54fb00520f9d}\vbmmecable64_win7.inf" "9" "412cfd737" "000000000000016C" "WinSta0\Default" "0000000000000168" "208" "c:\users\admin\downloads\vbcable_driver_pack43"
  2⤵
  - Manipulates Digital Signatures
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:4100
- - C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 20 Global\{da37f548-a94d-dc40-936c-74aff04d614e} Global\{2255ae3b-da16-c34b-a48b-e9abbd2dbf68} C:\Windows\System32\DriverStore\Temp\{53397642-fcf2-6849-9f52-74c65fc8646a}\vbmmecable64_win7.inf C:\Windows\System32\DriverStore\Temp\{53397642-fcf2-6849-9f52-74c65fc8646a}\vbaudio_cable64_win7.cat
    3⤵
    PID:2712
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "2" "211" "ROOT\MEDIA\0000" "C:\Windows\INF\oem3.inf" "vbmmecable64_win7.inf:3beb73af0c48fa1f:VBCableInst:1.0.3.5:vbaudiovacwdm," "412cfd737" "000000000000016C"
  2⤵
  - Drops file in Drivers directory
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:4548

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -s DsmSvc
1⤵
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
PID:1580

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2620

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:2080

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:3456

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:404

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:60

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:5404

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5488

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5252

C:\Users\Admin\Downloads\VBCABLE_Driver_Pack43\VBCABLE_ControlPanel.exe
"C:\Users\Admin\Downloads\VBCABLE_Driver_Pack43\VBCABLE_ControlPanel.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4456

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

Filesize
32KB

MD5
9d2099fd56276d13822aa8db3641f25c

SHA1
389fb7e801fd36c88a11f87c51546ede31754863

SHA256
747e1e85b58d991dbe361e34a677df7720c41f5c9cb1b0ae96bf54aae30d3fc5

SHA512
07f96f0d328db106566c2ca6e9ac984cd6ed506fc8adfc2736e6cf01c63d376c602d6dd336e49ed98302272b1c0a10865270df1a004653abe6ef9827acd95ef5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
91cbb0cc5ec4f52909952a13c235bd13

SHA1
17dc67cd3fea5d9e030856e21bd6f0047d1fa772

SHA256
64be3c5eda584165421d608136effc2beaf07805747e0a3883df59f3039b0f39

SHA512
bf9a40de5ea98554de43ac2b1ced2a5fe22eb58743b8aecee296a5db38b98fe24fcd7536bf452726e391bcf9c57c3f2b94b948c290fe3861154be25234b6c2f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
8b3bdb6ef989c30e1ecdfed39b3b51a9

SHA1
a118443d77d27aaa9a9d7fb2e1a0ac426015abe9

SHA256
d81d5fcd6bfb20a5031fa1efa8a3a671de1c066ad330d22d1f6f825d7a82442e

SHA512
7e1262ebaa14ff061b3a301d47bd7f3c860ee91bcfec57e57334f095e9f56deaa5e64169d3f4fccd225325333ad74e5dcc6212ae370113b38ba5064857df009d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
706B

MD5
91ceed86d98024e2bff6475873d8349b

SHA1
40fa4a1344b607eddb6e3cfabafd1fb7260954b7

SHA256
e6a07d31b75255efef1c1668521334c6d576f4fa3e3ce64a7ce805a96c278277

SHA512
ce91b09ab5c0d904c779692117145547e743a27715638d4d4c744c0185da4e98790ff65053ee092c8c4ad814c7e0394c7f67def716caf8f909b6be222e445141

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
d7cbc4eb105d95e0754d8d9ea216618d

SHA1
59afa62b09fe65fa96d600c16c6f119c8f6f5a83

SHA256
d8feb1408880d8bdf48bcc7cfecca6505da79f2eefad51926d906f56862a3727

SHA512
6398290e49324750ef142937b38bc641fabb58ccda39d5a439b09a32217b9570257bb770515375fae26cfec3ef6cf9d3959a12131ad4156f4b8a9440360a4489

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
62c779472efb8d318eb099ec6d43386e

SHA1
2f6ae1f879badef3112761ab0ffc8a19b0223f32

SHA256
c9b153baf5cd3a288a8e51fd6d50e160ce473671c445b8bf6a1e485daf42afcc

SHA512
bf3d1c4c8ff12ac46e3feeb1778ed9cc379ade674b44968bef4d0d34d19d2f93ad25cac3c695b803f049dca6d3d66444432823c9bdb94f26380aec78a430727d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8bbc4a92437d29fc079a740addb699e2

SHA1
9c7bda8b3fca77e98d9b8bc23ddaf3cfe1424b8e

SHA256
b0051dfe9f062c358708a6571d231293e87e92fa39cad81bec4d744c08f7ec2e

SHA512
bfae8749071237327927a2998db93f41bdc9f486b5be7a0934872809b5eb26d68f05a18d456fe26c135b38adf40376330578b539b7755f641417d8c1f781fbc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
f0d2c11223e5a3e5d610b7b9450ac952

SHA1
2bdd73569fc9ba3dc9f6fb369d2be5597ebf6920

SHA256
a196881d4709c06a8413c1b06021442e32cf68d37c84ea2580d06b49d1193fe2

SHA512
6c247561c5c81354925b7e19453b38391a04921df786eb27dc6046d05c2ef0b81a5afef22ea166c30abb7a7f8b64b2479fbf01dceb09a98e5c1c0b3615db6f7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5833ec.TMP

Filesize
120B

MD5
270f33b49aeb3b5b6983a7ea1f13c4eb

SHA1
68076f441b2001b7fd2a6d97b9dbc7a187565e0d

SHA256
0c3e13f2bd9122ecb21d3bdb192eb25514fcb2f204391d1e37c3982186b19bfe

SHA512
c29496088fe6b0402280afb02e9596b8991226a16cc9db9d9826907e38905ac21d28a9f77f334adca0424077611ffe68f3770146f5193bc105c654285eeecb59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\fd1511dd-cc20-4690-b897-540f2a8de9c6.tmp

Filesize
6KB

MD5
dcf95540685356931ff90c07f58697f2

SHA1
f6eb3b46286effb9c384800b7218c11be0af9c76

SHA256
9a2ad034b791a011d69266e5f2976467f2b31a090f09193881276533d8e63d07

SHA512
50d0ca5fd9b8fca7cde75a4e72a7b0ffa40dc5eaa832ccbb19cb8418fce0b493584171783ecb9ad43a38a215863b66b64be362c590c6c9acde87b2c9449f7a6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
220KB

MD5
868680d276bc85eef3dad0e62121d07f

SHA1
7c378e733f5da2652e10ed2b5f4f52fa1b95208e

SHA256
396e867ac0f3de38f91952acd4159e85ffe83dd1c90f4e77126ba738a0b78000

SHA512
f8e6bb7dc438bee710b61a8f08778736698d075e3ca5035b66d5e5d7d93704630f01399d7791dd3a5baf99d5129c3f08d97d5fc908cebbaf2ff1dc5efdda52a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\SY06FDJN\end.pagesperso-orange[1].xml

Filesize
180B

MD5
5fcf9ce731354ee5778e6088d7d74a61

SHA1
23c87bfc978a95d19e31a124f42784b204c59f80

SHA256
7c2147c829052fa5e2aa9622c3fafe34fa99b996f9d44e7b7cba547a54a961cb

SHA512
b711edebc6f7bb5d9c359d87e287e79742b9a21747218e47e37ed60b6ac0f510027ef50a66ee8af92491b08e8e6c18e72189bb71dea53297b25a75c6b158cb38

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\SY06FDJN\end.pagesperso-orange[1].xml

Filesize
556B

MD5
a674d891b1deb11ae2d4d26c48c2ff1a

SHA1
24e343c224582d88aaeda8a972203f6fec2a35cd

SHA256
ae9172963304328f00b66d845fcc761598e7b59b0fd0ffac8bc065d9d48fee6c

SHA512
1b6826f7900441cc0157c445ed2e3c4678de46608a1b66dc90b8b9ef23ec8f70ce0f36e249305a31976c3a664f2a8c27a6bbd07ce26caae630b24b04389d7a23

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\MISDVDMU\favicon[1].ico

Filesize
758B

MD5
84cc977d0eb148166481b01d8418e375

SHA1
00e2461bcd67d7ba511db230415000aefbd30d2d

SHA256
bbf8da37d92138cc08ffeec8e3379c334988d5ae99f4415579999bfbbb57a66c

SHA512
f47a507077f9173fb07ec200c2677ba5f783d645be100f12efe71f701a74272a98e853c4fab63740d685853935d545730992d0004c9d2fe8e1965445cab509c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\{5C4CD~1\vbaudio_cable64_win7.cat

Filesize
8KB

MD5
ccc4faa1dc627221bd57272444b4e71f

SHA1
43b6375973b67be4b269ca3a978458a0b6e31df5

SHA256
800b541f06bba3925ba058e7cc7ca837cfd4d845e073309eb2a9d36a2626403a

SHA512
754e9c25c330cf314775e93295975c1ea293e1849adc180a2d17f321d7b1f10e4d24a4001f39c962076fdfc022b1f916aa82bc8dcca85f381f4fc714f479f08e

Download Submit
C:\Users\Admin\AppData\Local\Temp\{5C4CD~1\vbaudio_cable64_win7.sys

Filesize
40KB

MD5
e7204d7fd7362f0efaa502a4cb91ca1e

SHA1
6ca8b4db6f9887b96dc1a38db85c688bb6b7ac5f

SHA256
c7f3be383c81ab9aa642479f95872e40e19a4cfd72d4c8d7de80abc11b713e21

SHA512
70f5b6356e42c88cb0e4ce65e6d2f4d634b057609ed1423339194d762e5f9a5125cfb87be919d5692f289f2bca9a87b01805d86840ecd4cd9f43ffc06e22d5e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\{5c4cdff1-96c8-b244-a25f-54fb00520f9d}\vbmmecable64_win7.inf

Filesize
4KB

MD5
498faee2de63c1c428900920203fdf9b

SHA1
221fc3eeff0de46d01e8a4ce0561ecbfd6b6e1a0

SHA256
da35387ccfe813f5c553bb7e0caf4e67adbb4429e742c2bd3c2014f80e6ec516

SHA512
8dec1aae8137aeb1d5fd9633eaca3da6841dcca3aac927a6ee4278f846fefbedd93d0313520c1810bd50dd4ceb6276e2d724ecf4473b3e459fece659dc0bb95d

Download Submit
C:\Users\Admin\Downloads\VBCABLE_Driver_Pack43.zip

Filesize
1.1MB

MD5
3e2f6ddf5a06c66dc4daed708f8bb2a6

SHA1
0fc70fd364b76b3dbdf6c9780369a834ed9efd3e

SHA256
66fd0a4d9f4896ff41632b7e3d53892c085c4561f53e8ae8d0f0bc10eedd1cdd

SHA512
64f004e60f9d47ef6ad5f6d3be2f790f7f369097c8f800a262bc38e6d5e68cc1f4cf96718147e6bcd63741ff1646cf99ed1cb939200445dcd94f6fc85c95e13d

Download Submit
C:\Windows\INF\oem3.PNF

Filesize
13KB

MD5
a009614b8dd4f7df6f946bf34ba934cf

SHA1
14885af7e96c5f8a1b97a3d5e64528ae0e48fd42

SHA256
cc3701e9df95d111600076b9930acc2f665e940241a5465cf070acab18a1afc8

SHA512
9a058fb5e77bb531347134274488105e37f632a9ca4cc813944221ee1de517ab4397dea9a398d7503cd105a92b62d41c497b7b8cd678fa9b8bceb7e219b736da

Download Submit
C:\Windows\INF\oem3.inf

Filesize
4KB

MD5
498faee2de63c1c428900920203fdf9b

SHA1
221fc3eeff0de46d01e8a4ce0561ecbfd6b6e1a0

SHA256
da35387ccfe813f5c553bb7e0caf4e67adbb4429e742c2bd3c2014f80e6ec516

SHA512
8dec1aae8137aeb1d5fd9633eaca3da6841dcca3aac927a6ee4278f846fefbedd93d0313520c1810bd50dd4ceb6276e2d724ecf4473b3e459fece659dc0bb95d

Download Submit
C:\Windows\System32\DRIVER~1\FILERE~1\VBMMEC~1.INF\vbaudio_cable64_win7.sys

Filesize
40KB

MD5
e7204d7fd7362f0efaa502a4cb91ca1e

SHA1
6ca8b4db6f9887b96dc1a38db85c688bb6b7ac5f

SHA256
c7f3be383c81ab9aa642479f95872e40e19a4cfd72d4c8d7de80abc11b713e21

SHA512
70f5b6356e42c88cb0e4ce65e6d2f4d634b057609ed1423339194d762e5f9a5125cfb87be919d5692f289f2bca9a87b01805d86840ecd4cd9f43ffc06e22d5e7

Download Submit
C:\Windows\System32\DriverStore\FileRepository\vbmmecable64_win7.inf_amd64_ffa78ae84c13ca8c\vbmmecable64_win7.PNF

Filesize
13KB

MD5
a3e0a98231ac28033126ade9aa735ff4

SHA1
58ff5c1be83c6eafb08e7695ca45dd4eae8a6675

SHA256
d7337481d68479071a4f94e10909ae25914d2b19eab3fff46c2bf95214879553

SHA512
3ce6990c559f639b1ded2bc0f7d4f4c09acb26e1d289fac9810f161af0508388f4799fe92526982c5fcd58b1031d9c54326b408d3fdd1248b7fbe0fc6b7d2eaa

Download Submit
C:\Windows\System32\DriverStore\Temp\{53397642-fcf2-6849-9f52-74c65fc8646a}\SETAEC9.tmp

Filesize
8KB

MD5
ccc4faa1dc627221bd57272444b4e71f

SHA1
43b6375973b67be4b269ca3a978458a0b6e31df5

SHA256
800b541f06bba3925ba058e7cc7ca837cfd4d845e073309eb2a9d36a2626403a

SHA512
754e9c25c330cf314775e93295975c1ea293e1849adc180a2d17f321d7b1f10e4d24a4001f39c962076fdfc022b1f916aa82bc8dcca85f381f4fc714f479f08e

Download Submit
C:\Windows\System32\DriverStore\Temp\{53397642-fcf2-6849-9f52-74c65fc8646a}\SETAEDA.tmp

Filesize
40KB

MD5
e7204d7fd7362f0efaa502a4cb91ca1e

SHA1
6ca8b4db6f9887b96dc1a38db85c688bb6b7ac5f

SHA256
c7f3be383c81ab9aa642479f95872e40e19a4cfd72d4c8d7de80abc11b713e21

SHA512
70f5b6356e42c88cb0e4ce65e6d2f4d634b057609ed1423339194d762e5f9a5125cfb87be919d5692f289f2bca9a87b01805d86840ecd4cd9f43ffc06e22d5e7

Download Submit
C:\Windows\System32\DriverStore\Temp\{53397642-fcf2-6849-9f52-74c65fc8646a}\SETAEDB.tmp

Filesize
4KB

MD5
498faee2de63c1c428900920203fdf9b

SHA1
221fc3eeff0de46d01e8a4ce0561ecbfd6b6e1a0

SHA256
da35387ccfe813f5c553bb7e0caf4e67adbb4429e742c2bd3c2014f80e6ec516

SHA512
8dec1aae8137aeb1d5fd9633eaca3da6841dcca3aac927a6ee4278f846fefbedd93d0313520c1810bd50dd4ceb6276e2d724ecf4473b3e459fece659dc0bb95d

Download Submit
C:\Windows\System32\DriverStore\Temp\{53397642-fcf2-6849-9f52-74c65fc8646a}\vbaudio_cable64_win7.cat

Filesize
8KB

MD5
ccc4faa1dc627221bd57272444b4e71f

SHA1
43b6375973b67be4b269ca3a978458a0b6e31df5

SHA256
800b541f06bba3925ba058e7cc7ca837cfd4d845e073309eb2a9d36a2626403a

SHA512
754e9c25c330cf314775e93295975c1ea293e1849adc180a2d17f321d7b1f10e4d24a4001f39c962076fdfc022b1f916aa82bc8dcca85f381f4fc714f479f08e

Download Submit
C:\Windows\System32\DriverStore\Temp\{53397642-fcf2-6849-9f52-74c65fc8646a}\vbmmecable64_win7.inf

Filesize
4KB

MD5
498faee2de63c1c428900920203fdf9b

SHA1
221fc3eeff0de46d01e8a4ce0561ecbfd6b6e1a0

SHA256
da35387ccfe813f5c553bb7e0caf4e67adbb4429e742c2bd3c2014f80e6ec516

SHA512
8dec1aae8137aeb1d5fd9633eaca3da6841dcca3aac927a6ee4278f846fefbedd93d0313520c1810bd50dd4ceb6276e2d724ecf4473b3e459fece659dc0bb95d

Download Submit
memory/60-477-0x000001C8DA6F0000-0x000001C8DA6F2000-memory.dmp

Filesize
8KB

Download
memory/60-666-0x000001C8EF900000-0x000001C8EFA00000-memory.dmp

Filesize
1024KB

Download
memory/60-484-0x000001C8EADF0000-0x000001C8EADF2000-memory.dmp

Filesize
8KB

Download
memory/60-501-0x000001C8EAEB0000-0x000001C8EAED0000-memory.dmp

Filesize
128KB

Download
memory/60-479-0x000001C8EAC10000-0x000001C8EAC12000-memory.dmp

Filesize
8KB

Download
memory/60-539-0x000001C8EBB00000-0x000001C8EBC00000-memory.dmp

Filesize
1024KB

Download
memory/60-663-0x000001C8EF900000-0x000001C8EFA00000-memory.dmp

Filesize
1024KB

Download
memory/60-553-0x000001C8EC6C0000-0x000001C8EC6C2000-memory.dmp

Filesize
8KB

Download
memory/60-569-0x000001C8EC8A0000-0x000001C8EC9A0000-memory.dmp

Filesize
1024KB

Download
memory/60-576-0x000001C8EB5D0000-0x000001C8EB5F0000-memory.dmp

Filesize
128KB

Download
memory/60-581-0x000001C8EC8A0000-0x000001C8EC9A0000-memory.dmp

Filesize
1024KB

Download
memory/60-584-0x000001C8EC6F0000-0x000001C8EC6F2000-memory.dmp

Filesize
8KB

Download
memory/60-600-0x000001C8ECD90000-0x000001C8ECDB0000-memory.dmp

Filesize
128KB

Download
memory/60-644-0x000001C8EE0B0000-0x000001C8EE0B2000-memory.dmp

Filesize
8KB

Download
memory/2620-419-0x000002A220140000-0x000002A220150000-memory.dmp

Filesize
64KB

Download
memory/2620-438-0x000002A21FB90000-0x000002A21FB92000-memory.dmp

Filesize
8KB

Download
memory/2620-1043-0x000002A21FBC0000-0x000002A21FBC1000-memory.dmp

Filesize
4KB

Download
memory/2620-1040-0x000002A21FE00000-0x000002A21FE02000-memory.dmp

Filesize
8KB

Download
memory/2620-838-0x000002A226200000-0x000002A226201000-memory.dmp

Filesize
4KB

Download
memory/2620-834-0x000002A225DF0000-0x000002A225DF1000-memory.dmp

Filesize
4KB

Download
memory/2620-403-0x000002A21F600000-0x000002A21F610000-memory.dmp

Filesize
64KB

Download
memory/5488-889-0x00000278D5B80000-0x00000278D5B82000-memory.dmp

Filesize
8KB

Download
memory/5488-886-0x00000278D5990000-0x00000278D5992000-memory.dmp

Filesize
8KB

Download
memory/5488-897-0x00000278D5E00000-0x00000278D5E02000-memory.dmp

Filesize
8KB

Download
memory/5488-900-0x00000278D5E20000-0x00000278D5E22000-memory.dmp

Filesize
8KB

Download
memory/5488-903-0x00000278D5E40000-0x00000278D5E42000-memory.dmp

Filesize
8KB

Download
memory/5488-906-0x00000278D5E60000-0x00000278D5E62000-memory.dmp

Filesize
8KB

Download
memory/5488-913-0x00000278D5AA0000-0x00000278D5AA2000-memory.dmp

Filesize
8KB

Download
memory/5488-837-0x00000278D23E0000-0x00000278D24E0000-memory.dmp

Filesize
1024KB

Download
memory/5488-812-0x00000278D1F90000-0x00000278D1FB0000-memory.dmp

Filesize
128KB

Download