edd82e40e911be51bcc228cdea34b3454c229b345e3c4d214058d2d5144b5f6c

Analysis

max time kernel
151s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19-02-2024 22:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Virus/Virus/Form1.vbs
Size

2KB
MD5

ca6f3f7213631f8d63f8049ab7f816b8
SHA1

f92deceab79ae2f84e1fe31c2cd51599f32c6827
SHA256

bee0ace0cac8035b1d053a021c8e6e3c830b985e0b98e7fbb08ced14c815b456
SHA512

7a8bf5ce2b965a75bdf4a4aacd4766f6d4ccf749d25a9c5795fc87ab4761c2e902e3bbe658460c9a344e8702a114ca3763282067dacd777d71695966de00f0e6

Score

8^/10

evasion

Malware Config

Signatures

Disables Task Manager via registry modification
evasion

Executes dropped EXE 3 IoCs

pid	Process
5540	Virus.exe
5940	Virus.vshost.exe
3788	Virus.vshost.exe

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	dw20.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	dw20.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	dw20.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	dw20.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	dw20.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	dw20.exe

Enumerates system info in registry 2 TTPs 7 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	dw20.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dw20.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	dw20.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dw20.exe

Kills process with taskkill 2 IoCs

evasion

pid	Process
5636	taskkill.exe
5644	taskkill.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-635608581-3370340891-292606865-1000\{EF04D4DE-3CB3-458B-87B9-CB517D5FD988}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 21 IoCs

pid	Process
1580	msedge.exe
1580	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
3216	identity_helper.exe
3216	identity_helper.exe
4680	msedge.exe
4680	msedge.exe
1868	msedge.exe
1868	msedge.exe
4312	msedge.exe
4312	msedge.exe
5204	7zFM.exe
5204	7zFM.exe
5204	7zFM.exe
5204	7zFM.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe
1248	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5204	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 29 IoCs

pid	Process
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe

Suspicious use of AdjustPrivilegeToken 13 IoCs

description	pid	Process
Token: SeRestorePrivilege	5204	7zFM.exe
Token: 35	5204	7zFM.exe
Token: SeSecurityPrivilege	5204	7zFM.exe
Token: SeDebugPrivilege	5644	taskkill.exe
Token: SeDebugPrivilege	5636	taskkill.exe
Token: 33	5760	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5760	AUDIODG.EXE
Token: SeSecurityPrivilege	5204	7zFM.exe
Token: SeBackupPrivilege	6008	dw20.exe
Token: SeBackupPrivilege	6008	dw20.exe
Token: SeSecurityPrivilege	5204	7zFM.exe
Token: SeBackupPrivilege	4596	dw20.exe
Token: SeBackupPrivilege	4596	dw20.exe

Suspicious use of FindShellTrayWindow 62 IoCs

pid	Process
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5204	7zFM.exe
5204	7zFM.exe
5204	7zFM.exe
5204	7zFM.exe
5204	7zFM.exe
5204	7zFM.exe
5204	7zFM.exe
5204	7zFM.exe
5204	7zFM.exe
5204	7zFM.exe
5204	7zFM.exe
5204	7zFM.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5116 wrote to memory of 1356	5116	msedge.exe	90
PID 5116 wrote to memory of 1356	5116	msedge.exe	90
PID 5116 wrote to memory of 4504	5116	msedge.exe	92
PID 5116 wrote to memory of 4504	5116	msedge.exe	92
PID 5116 wrote to memory of 4504	5116	msedge.exe	92
PID 5116 wrote to memory of 4504	5116	msedge.exe	92
PID 5116 wrote to memory of 4504	5116	msedge.exe	92
PID 5116 wrote to memory of 4504	5116	msedge.exe	92
PID 5116 wrote to memory of 4504	5116	msedge.exe	92
PID 5116 wrote to memory of 4504	5116	msedge.exe	92
PID 5116 wrote to memory of 4504	5116	msedge.exe	92
PID 5116 wrote to memory of 4504	5116	msedge.exe	92
PID 5116 wrote to memory of 4504	5116	msedge.exe	92
PID 5116 wrote to memory of 4504	5116	msedge.exe	92
PID 5116 wrote to memory of 4504	5116	msedge.exe	92
PID 5116 wrote to memory of 4504	5116	msedge.exe	92
PID 5116 wrote to memory of 4504	5116	msedge.exe	92
PID 5116 wrote to memory of 4504	5116	msedge.exe	92
PID 5116 wrote to memory of 4504	5116	msedge.exe	92
PID 5116 wrote to memory of 4504	5116	msedge.exe	92
PID 5116 wrote to memory of 4504	5116	msedge.exe	92
PID 5116 wrote to memory of 4504	5116	msedge.exe	92
PID 5116 wrote to memory of 4504	5116	msedge.exe	92
PID 5116 wrote to memory of 4504	5116	msedge.exe	92
PID 5116 wrote to memory of 4504	5116	msedge.exe	92
PID 5116 wrote to memory of 4504	5116	msedge.exe	92
PID 5116 wrote to memory of 4504	5116	msedge.exe	92
PID 5116 wrote to memory of 4504	5116	msedge.exe	92
PID 5116 wrote to memory of 4504	5116	msedge.exe	92
PID 5116 wrote to memory of 4504	5116	msedge.exe	92
PID 5116 wrote to memory of 4504	5116	msedge.exe	92
PID 5116 wrote to memory of 4504	5116	msedge.exe	92
PID 5116 wrote to memory of 4504	5116	msedge.exe	92
PID 5116 wrote to memory of 4504	5116	msedge.exe	92
PID 5116 wrote to memory of 4504	5116	msedge.exe	92
PID 5116 wrote to memory of 4504	5116	msedge.exe	92
PID 5116 wrote to memory of 4504	5116	msedge.exe	92
PID 5116 wrote to memory of 4504	5116	msedge.exe	92
PID 5116 wrote to memory of 4504	5116	msedge.exe	92
PID 5116 wrote to memory of 4504	5116	msedge.exe	92
PID 5116 wrote to memory of 4504	5116	msedge.exe	92
PID 5116 wrote to memory of 4504	5116	msedge.exe	92
PID 5116 wrote to memory of 1580	5116	msedge.exe	91
PID 5116 wrote to memory of 1580	5116	msedge.exe	91
PID 5116 wrote to memory of 3372	5116	msedge.exe	93
PID 5116 wrote to memory of 3372	5116	msedge.exe	93
PID 5116 wrote to memory of 3372	5116	msedge.exe	93
PID 5116 wrote to memory of 3372	5116	msedge.exe	93
PID 5116 wrote to memory of 3372	5116	msedge.exe	93
PID 5116 wrote to memory of 3372	5116	msedge.exe	93
PID 5116 wrote to memory of 3372	5116	msedge.exe	93
PID 5116 wrote to memory of 3372	5116	msedge.exe	93
PID 5116 wrote to memory of 3372	5116	msedge.exe	93
PID 5116 wrote to memory of 3372	5116	msedge.exe	93
PID 5116 wrote to memory of 3372	5116	msedge.exe	93
PID 5116 wrote to memory of 3372	5116	msedge.exe	93
PID 5116 wrote to memory of 3372	5116	msedge.exe	93
PID 5116 wrote to memory of 3372	5116	msedge.exe	93
PID 5116 wrote to memory of 3372	5116	msedge.exe	93
PID 5116 wrote to memory of 3372	5116	msedge.exe	93
PID 5116 wrote to memory of 3372	5116	msedge.exe	93
PID 5116 wrote to memory of 3372	5116	msedge.exe	93
PID 5116 wrote to memory of 3372	5116	msedge.exe	93
PID 5116 wrote to memory of 3372	5116	msedge.exe	93

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Virus\Virus\Form1.vbs"
1⤵
PID:2248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7ffc0a8746f8,0x7ffc0a874708,0x7ffc0a874718
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,14441688424581545754,9715546107503383985,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,14441688424581545754,9715546107503383985,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,14441688424581545754,9715546107503383985,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
  2⤵
  PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14441688424581545754,9715546107503383985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:2600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14441688424581545754,9715546107503383985,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14441688424581545754,9715546107503383985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:2548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14441688424581545754,9715546107503383985,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,14441688424581545754,9715546107503383985,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4028 /prefetch:8
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,14441688424581545754,9715546107503383985,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4028 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14441688424581545754,9715546107503383985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14441688424581545754,9715546107503383985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:1
  2⤵
  PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14441688424581545754,9715546107503383985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14441688424581545754,9715546107503383985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14441688424581545754,9715546107503383985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14441688424581545754,9715546107503383985,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14441688424581545754,9715546107503383985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
  2⤵
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2116,14441688424581545754,9715546107503383985,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5324 /prefetch:8
  2⤵
  PID:2636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2116,14441688424581545754,9715546107503383985,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5464 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14441688424581545754,9715546107503383985,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1
  2⤵
  PID:2460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14441688424581545754,9715546107503383985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14441688424581545754,9715546107503383985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
  2⤵
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14441688424581545754,9715546107503383985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14441688424581545754,9715546107503383985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14441688424581545754,9715546107503383985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:1104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14441688424581545754,9715546107503383985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14441688424581545754,9715546107503383985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14441688424581545754,9715546107503383985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14441688424581545754,9715546107503383985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:1976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14441688424581545754,9715546107503383985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6916 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,14441688424581545754,9715546107503383985,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6952 /prefetch:8
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14441688424581545754,9715546107503383985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1
  2⤵
  PID:796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14441688424581545754,9715546107503383985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,14441688424581545754,9715546107503383985,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5968 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,14441688424581545754,9715546107503383985,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7216 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4312
- C:\Program Files\7-Zip\7zFM.exe
  "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Virus.rar"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:5204
- - C:\Users\Admin\AppData\Local\Temp\7zO454614A8\Virus.exe
    "C:\Users\Admin\AppData\Local\Temp\7zO454614A8\Virus.exe"
    3⤵
    - Executes dropped EXE
    PID:5540
  - - C:\Windows\SYSTEM32\taskkill.exe
      taskkill.exe /f /im explorer.exe
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:5636
  - - C:\Windows\SYSTEM32\taskkill.exe
      taskkill.exe /f /im taskmgr.exe
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:5644
- - C:\Users\Admin\AppData\Local\Temp\7zO45485E59\Virus.vshost.exe
    "C:\Users\Admin\AppData\Local\Temp\7zO45485E59\Virus.vshost.exe"
    3⤵
    - Executes dropped EXE
    PID:5940
  - - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
      dw20.exe -x -s 1400
      4⤵
      Checks processor information in registry
      Enumerates system info in registry
      Suspicious use of AdjustPrivilegeToken
      PID:6008
- - C:\Users\Admin\AppData\Local\Temp\7zO4541CC49\Virus.vshost.exe
    "C:\Users\Admin\AppData\Local\Temp\7zO4541CC49\Virus.vshost.exe"
    3⤵
    - Executes dropped EXE
    PID:3788
  - - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
      dw20.exe -x -s 1404
      4⤵
      Checks processor information in registry
      Enumerates system info in registry
      Suspicious use of AdjustPrivilegeToken
      PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14441688424581545754,9715546107503383985,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7056 /prefetch:1
  2⤵
  PID:5340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14441688424581545754,9715546107503383985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14441688424581545754,9715546107503383985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6756 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14441688424581545754,9715546107503383985,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:1
  2⤵
  PID:5692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,14441688424581545754,9715546107503383985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6676 /prefetch:1
  2⤵
  PID:5688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,14441688424581545754,9715546107503383985,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6628 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1248

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2972

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4580

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x450 0x338
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fa070c9c9ab8d902ee4f3342d217275f

SHA1
ac69818312a7eba53586295c5b04eefeb5c73903

SHA256
245b396ed1accfae337f770d3757c932bc30a8fc8dd133b5cefe82242760c2c7

SHA512
df92ca6d405d603ef5f07dbf9516d9e11e1fdc13610bb59e6d4712e55dd661f756c8515fc2c359c1db6b8b126e7f5a15886e643d93c012ef34a11041e02cc0dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
69KB

MD5
a127a49f49671771565e01d883a5e4fa

SHA1
09ec098e238b34c09406628c6bee1b81472fc003

SHA256
3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6

SHA512
61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
29KB

MD5
df217f862f4073ce4585999df73a53fd

SHA1
8f39eb965e90eee20c2e94f547acf0db9aec24ae

SHA256
dfc2a82c870fd4c1a5b67929c316aebf1bfe0e8fdb90d64158a111feeae9c0e3

SHA512
f52da493abb8eeae24642e958cfa6ecf50101cdb0038ca7b952a19f0df0531e44828e4d2b9e365fd08a73a3f78009fd76af37a1ae58b8ec526720356c2767738

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
21KB

MD5
288c301c2c251faf612d8c42fa43195a

SHA1
9486cfc6f690563becc7cef1bdee8376e16c63d6

SHA256
676013f80a4b9513c2076a798e0c81c043130a53215564518c628aec166b0473

SHA512
d098e8f262eacba38184365a4ff56787f57ea59a2c0be10edfcf6c16edf63ac80477009d585a504152898f750b216bc6ac97f30d046c78d62b77f35a4c469c06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
1.1MB

MD5
eeb2da3dfe4dbfa17c25b4eb9319f982

SHA1
30a738a3f477b3655645873a98838424fabc8e21

SHA256
fbfee0384218b2d1ec02a67a3406c0f02194d5ce42471945fbaed8d03eaf13f3

SHA512
d014c72b432231b5253947d78b280c50eac93ab89a616db2e25ead807cab79d4cb88ffe49a2337efb9624f98e0d63b4834ab96f0d940654fc000868a845084fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
32KB

MD5
bbc7e5859c0d0757b3b1b15e1b11929d

SHA1
59df2c56b3c79ac1de9b400ddf3c5a693fa76c2d

SHA256
851c67fbabfda5b3151a6f73f283f7f0634cd1163719135a8de25c0518234fc2

SHA512
f1fecb77f4cdfe7165cc1f2da042048fd94033ca4e648e50ebc4171c806c3c174666bb321c6dda53f2f175dc310ad2459e8f01778acaee6e7c7606497c0a1dea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
75KB

MD5
cf989be758e8dab43e0a5bc0798c71e0

SHA1
97537516ffd3621ffdd0219ede2a0771a9d1e01d

SHA256
beeca69af7bea038faf8f688bf2f10fda22dee6d9d9429306d379a7a4be0c615

SHA512
f8a88edb6bcd029ad02cba25cae57fdf9bbc7fa17c26e7d03f09040eb0559bc27bd4db11025706190ae548363a1d3b3f95519b9740e562bb9531c4d51e3ca2b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
62KB

MD5
91ce41fccb77d96dce2d738e6b9cb167

SHA1
4beae19a90b16916792c88d651f123b627a25fce

SHA256
5189d731040fb20bd486c8a67cceb62b49a329eef42abeacf1828d26cd73d23a

SHA512
4267dfdc5dcc859c8432c79c16351decf348e8d92b4b3608be944e93c1afa1d822dc23bd202f1318179ae5877764a70b97793571d980adcea8ec8dc714cb2619

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
31KB

MD5
41c2e7b0e6aa227ccbccf9ff65ce30b5

SHA1
afae04787131d8bf53f45f97fa84a31f03f86907

SHA256
60e1c433b16d34ce86ad5ab9faedd15de3ccdbc31d3e640f02433f8a66358a42

SHA512
dbc01951f9bdd804c734becf0fa56464097631e9f9893a1f71627e97116928afb7fe056db75ea1ddf9cacd25b832aa646807391970dbf8734a4f09b6166eacb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
569KB

MD5
654169ea8d556c5e2b5d751fbaaf0f66

SHA1
e37ebec021fc63c825e46d23af469865e4fbb39c

SHA256
e005d7937b98abd470c293b0988e79fbee5116befb3b062b1872d0ba1cbcc1ab

SHA512
61fe22ec64a1bc5469e5440f7e39e45c8186bac811939182104488b5dd958a77836c14d6504a54aaf06d4013929eae6fa4d0cd99f1590abaa7e44b3c32aa59f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
5370451129889ff47dcbda078df0c8fd

SHA1
384d9ec84c950d9c879ae55f471b0d9d385a3caf

SHA256
771b6f3a80d3648bf0ac4b0bd3a5ee790d20176ab826165414035d9e3b9f7d2d

SHA512
5713f0a00b05e25b2b574d385f3c094e2fc6b763f7bc1203a7229a477199d74d3b7786705e14671d12515b918499b6aa8f2b1c817492836b418fae6bbd7a0cab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
47af993cb6974d753714235866e73851

SHA1
96296a8c1c12cc9c8aaffff4e280832c0369817b

SHA256
cc718632fb80aab120fe008ab8a20c0b7c0874cd9218ea4aecf2639d21c4e498

SHA512
94fa6b8077e1fd8787bd2b8cb80a07d18e5d9f0b9ab1101ea6d9222c9cd9cee33bb58d769990b484e73b8a5d316b8179a84c83705f81f81083d2a551dc055e77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
dc97c5987686f5d19f11407939e3bb14

SHA1
7666dcf230fdf24ea9667773c59412fb73d44efb

SHA256
1699a50a886cc69062a087aa9a538c7c1a8511835ac6f1b07dc670c6416712d7

SHA512
f83823892b3142968cf05fd8d3cc23f2161536885373b347462dc741655f9cd90bd46d9dafe02a39dd1827d0aa08432a48a8f4f268c31031ec834d17964c2880

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
30cb4d22224dddec457ba1e2e5f9d81b

SHA1
baa0afaa1cfe3b29653cb27d748634b758329cd7

SHA256
0287669bc014ebb887dc445d0a3efd3d87f5bca6e484abae9e3ba3360e356b98

SHA512
d701fef30e63ce89ce04f61c464680db702fcef8eec0adc12060811971f9a7d030d803937474a75437b946216d1503d46c1cdbe70f067ed00d8152403f456f2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
272d56c6c6f50e4d03e1ec079617151c

SHA1
4e6cfd18ef31565cc690db5f054688991bb31e7b

SHA256
1de8f2d47a62a1cd77e2f7f652ab3c7589db8af497db4d5681daeee19850dd01

SHA512
52edd43b64a3aeb7c3b17ed2a3af1296d8bec1dbb95d94e2216b1875130e8d73db035bebf7e026611439ac56ffcc120f5db8274fb215cf46e720c889622ef6c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
3fe14d9b5cd8122c0e9d58a3aa6e6c8c

SHA1
f5710842f98f2b927d2aa916eb65b6c47cce905a

SHA256
c95dfbecfb6bce6cb28b3666da88611ed310c7f9bd3edf9a06eb6d7b203a2379

SHA512
c0b15c17c2b9a1427d9aca84caf8e404939f81c896ddfff2415f1e43cb6ecdb650b0a5cd9408e358f17bde9eff1d5cf7ce6708c5342bb00fa1e03b839f5baf65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
0f285ec6577e569eccb7eebc172a43bb

SHA1
9826ccba4e2112f9e89b8b71886128a1f4120290

SHA256
8c4f829a318c1d1a0695efb1e9ef401b902428e958d7437b981a2f77b833bafc

SHA512
376a40b78cdc49b636f9e0a1dd52fa082fe776e1b9b465155d0c65bc53252dc021d5d0b78852b88da00e22f1341bef26c437acac5f37078fe9d1a80c26982267

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4d039baa5511d581265ebd4d7774e32f

SHA1
0a1ded3099a39510b1e50f1374d14ab620acf0cb

SHA256
a212e39ae235b1c1382090710ccbc4b81cdb4a11d2872f704f4b68d543eb2d42

SHA512
2ccc3d8e2dec48ea01f935669d42e5b16f937c6ad8919b33e03d716378b448ee9511a91cf6b9388493dccbba07d2b3110c1cb2017f30ab06effd9807b96c3112

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3a6ba61ff12ef5175a5caffea7cfeeaf

SHA1
e23da6fdf9b2cff6660ae2b7e6d829962f3808ed

SHA256
6424169d632ebfc6ab8c1937a382ec39986ac7d36624bc7e88624644fe4d7c85

SHA512
184bdc134ad487e8adb6d61e0bfe0cff17dd99417d00ebfc79a2722421980464a9e0f8a89bfd7ecbed6cbf79dd051daa683129e118d6f746b12f3b0224e66ac5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
0a3fc8de6df2b0caf1fc909666667676

SHA1
f3bd7d45258486726028172458f4a7266e51058b

SHA256
bb94cbabd15f8fecd54697ba302196235713612a9d40d8da3e5769677c1a05f4

SHA512
4e5db0b0133329dc96eee88880b4cb4e0d2e7c51ff92a358cfb9915bfe98610b976e071bee6d62f4fc9f7ed37662fe88833b838ba169428ebb2f360ff7eeb5d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
28e20eb6db8aa41bde763c7d6dabd859

SHA1
f316f5274b7b8f844a1be4095e44bf32951297b9

SHA256
a388ee9328a2500faa54b38d561218578e9de95eab881425464f8c7717dfe9af

SHA512
02178ef7c05d42fd1193652791f5e9d5a9fe48cde5e4d1297386b9296e82b449af9a8868cacd2fa9ca5a88187ca79396d4a4fac1bdb9905f17443a99d12d2243

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
917dedf44ae3675e549e7b7ffc2c8ccd

SHA1
b7604eb16f0366e698943afbcf0c070d197271c0

SHA256
9692162e8a88be0977395cc0704fe882b9a39b78bdfc9d579a8c961e15347a37

SHA512
9628f7857eb88f8dceac00ffdcba2ed822fb9ebdada95e54224a0afc50bccd3e3d20c5abadbd20f61eba51dbf71c5c745b29309122d88b5cc6752a1dfc3be053

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c70e02d47136fa61368b330942393a9d

SHA1
c5777e6ab19027d5ba6b5f29083326d06ca95a6d

SHA256
07a24cca574e5c5805ace21b155cc7cd143df7069d20c3da7d4080d8065f299d

SHA512
2ec77e95a4b595ed674fe9066e77768f15f53346a70ac5127c6dc700deda5155670ea7b056be22c9c6796783e88f37d995ad175e8b9eadb8991bddf278ee657c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6db56729ec1fda9932de0ee37106d8e9

SHA1
c4c09b4d1bd46cd96029a8433358e3d4d4e0897d

SHA256
ce16d7abf292e4dd44e0edfc33640241bfae21dd962699c2d3fcc5c1e92af0d9

SHA512
7594e1587c7ebdb79f22b86ba232999bb00ee5f5a7978e9ef239a3a2a974fc29c872400c2b6f52848e63c34118c7b9cc73f05a6fa37c79d5612f1d0b4b67c3b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
83eb95a10200871f5a20aa4ac72a41b9

SHA1
74124f31a51ca851e8c07d508cfade6ce0620b14

SHA256
22e35ccf8b411cad9f7f896d95c92d1e4f2930bd7ec3acaa8fc3ed7a788e6625

SHA512
68fa5c1f7d1be8db78411644bab02cea9cc3be8ee7bdd523de28f6fb3da4ffbd674131cf55df5d53bfdd403238f23c04a3b3d725878fd554f08cd14498f9d818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
04b007849a9306baff337446323699b6

SHA1
929a9af84ee52afb2cbfa7d9193c45ddb442250b

SHA256
61f0e8a89bd2437d9547c5d1fad619ad6a073399e0cba6e78d0a464864ac61f9

SHA512
3bf9af6edff5156a0a4b85c2602bd84583cf6bb786b12ad3800e57b32ec253ecd035826a591e1c22a23f64a83a18ba17ba15bd4b8832d7bb7f6fa4cb968dac31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586a6d.TMP

Filesize
704B

MD5
0b92bf2115e455b202092a566f72bac5

SHA1
f73c2b0aee015db9a3d1d14922cc777e29976773

SHA256
cfe7783a53b3efdba10bea94cf4afb6e1c54b0954ef5a073918260794a06916c

SHA512
f7e14504c7a2ac4af252143d8feaba65fc06d1dddb5c055ac6604502b8ae3ffa1aa200da2d1682dcfcbf8e5e8403edbc222e21ebfe7ab466b07d0bb5fe3fbe0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c4840bd6083200d1f1e0a73473b66cd6

SHA1
9f9a0a8fbe1cd91de1e00c209fd99c7ccd168db8

SHA256
6820ed790040975b500fa42d8943a16d9608e013a80a6bb45935debfb718ba61

SHA512
db001c5b1b73c380e982b1f8042ea39cca1df601946e321e3507f844f48f7ef3d6d62f73a919de90663b94e146750b5d917a1e7768c9700149ba862c4e38d12b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
078b85ad031a1f87c2df93e668c8bb39

SHA1
733110eb93c27727af6f6c4c16e8ef20679fc467

SHA256
24968d9bbdc72b8a12d3ce822b562472e348cfe1349b94031d6f7e2be1f05975

SHA512
98360346010fe4a09f1fb7a02bcee807abd9b278150017a1737fb843057eb65bb9b6fae591ccf89e044e810e959b76c2fdf8745bcb2d5a55985b582cc353262e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7f6ad70e5b06791f03b3db8028c618bf

SHA1
5ebab62955f6b004e6ffb7412bc029e28b59d5ba

SHA256
b52aa54cc217c30412620b01a801bd8078ecb9028da151ccf4c6b1b3ffbdf518

SHA512
10ee099f692f346a49a976af420d9a6ee0b25e5b940239e45ffedfb9d13a5ecbe56895ccc553852ef60447a6e26ad928b5dadfc302566427d8156fab9a121ce1

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO454614A8\Virus.exe

Filesize
3.0MB

MD5
ceb728f44e9db8c057e307b39c67e8fe

SHA1
dfab0b4f0c716f5af0bcaf579a250ccdfc09ec66

SHA256
ed03452448f19339e1488748ad15caa629c1005cd45f2d42df3cb68b61ca70f6

SHA512
df4b23aaa71402e8a5d11ad0ee793b47c5562741c0c2aaa6e65c9b691d4ef30fbac7aa51b7dc1a2233430d59bf415b03293f24f75395c67834585adc2ee00245

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO45485E59\Virus.vshost.exe

Filesize
13KB

MD5
f2f77b99cad96e1b6ca06169f3553f40

SHA1
d8dc079a82b4942f36e8d11a0ff88b97c098a64a

SHA256
9149c19a31ff9ca73bf60893e2dfaa8fbefec42de2a288b1b32c15ff730955ca

SHA512
b12b8461d9ebc96e9e2cca5da66cf342e7eacfcbe00ab50180433ded7ca2426837ec2d280171eb8e95f092097ab5dc64b895973be2e31103b8f27e9062bdd915

Download Submit
C:\Users\Admin\Downloads\Virus.rar

Filesize
9.1MB

MD5
569e8773d25e1f60d469e9b480ee6b62

SHA1
5ca2d69092f3f5f42174d2e1d512460868f3b07e

SHA256
edd82e40e911be51bcc228cdea34b3454c229b345e3c4d214058d2d5144b5f6c

SHA512
957fe39725a16d824bde61c648ec33468fbe73b50b424480cf188cf8bb60c7c0fbd5129865f52a3c6a432e1239d4cbb32412fe9f6fa7d441228e01864f37f012

Download Submit
memory/3788-626-0x00007FFC071D0000-0x00007FFC07B71000-memory.dmp

Filesize
9.6MB

Download
memory/3788-627-0x0000000001600000-0x0000000001610000-memory.dmp

Filesize
64KB

Download
memory/3788-630-0x00007FFC071D0000-0x00007FFC07B71000-memory.dmp

Filesize
9.6MB

Download
memory/3788-635-0x00007FFC071D0000-0x00007FFC07B71000-memory.dmp

Filesize
9.6MB

Download
memory/5540-579-0x000000001C440000-0x000000001C48C000-memory.dmp

Filesize
304KB

Download
memory/5540-575-0x00007FFC071D0000-0x00007FFC07B71000-memory.dmp

Filesize
9.6MB

Download
memory/5540-655-0x0000000000FF0000-0x0000000001000000-memory.dmp

Filesize
64KB

Download
memory/5540-637-0x0000000000FF0000-0x0000000001000000-memory.dmp

Filesize
64KB

Download
memory/5540-636-0x00007FFC071D0000-0x00007FFC07B71000-memory.dmp

Filesize
9.6MB

Download
memory/5540-572-0x000000001B6C0000-0x000000001B766000-memory.dmp

Filesize
664KB

Download
memory/5540-573-0x00007FFC071D0000-0x00007FFC07B71000-memory.dmp

Filesize
9.6MB

Download
memory/5540-574-0x0000000000FF0000-0x0000000001000000-memory.dmp

Filesize
64KB

Download
memory/5540-642-0x00007FFC071D0000-0x00007FFC07B71000-memory.dmp

Filesize
9.6MB

Download
memory/5540-580-0x0000000000FF0000-0x0000000001000000-memory.dmp

Filesize
64KB

Download
memory/5540-578-0x0000000000F90000-0x0000000000F98000-memory.dmp

Filesize
32KB

Download
memory/5540-577-0x000000001C220000-0x000000001C2BC000-memory.dmp

Filesize
624KB

Download
memory/5540-576-0x000000001BCB0000-0x000000001C17E000-memory.dmp

Filesize
4.8MB

Download
memory/5940-594-0x00000000013D0000-0x00000000013E0000-memory.dmp

Filesize
64KB

Download
memory/5940-593-0x00007FFC071D0000-0x00007FFC07B71000-memory.dmp

Filesize
9.6MB

Download
memory/5940-595-0x00007FFC071D0000-0x00007FFC07B71000-memory.dmp

Filesize
9.6MB

Download
memory/5940-602-0x00007FFC071D0000-0x00007FFC07B71000-memory.dmp

Filesize
9.6MB

Download