3cc951ba5d33757ea90766b47a7174ed5b1c7600f5f47d418e3b1fcfabe54f7e

max time kernel
303s
max time network
366s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
23-02-2024 16:38

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

MalwareDatabase
Size

285KB
MD5

8adbc73e595f87a63b1efe9dc51ce993
SHA1

942d0f1b51055b5f0ae1f319c4509da66f8295d8
SHA256

3cc951ba5d33757ea90766b47a7174ed5b1c7600f5f47d418e3b1fcfabe54f7e
SHA512

c70bd77e192dc1c5da185d37b021c0cc23649512e8c9b9b46959fe488438ba3e8c4538bddd076ad232fc02e87727175bd15387c098b695c2f1556445bb0ec8ed
SSDEEP

6144:iDuqJ5fBrVSgE29xxspm0n1vuz3U9ovZJT3CqbMrhryfQNRPaCieMjAkvCJv1Vi/:afBrVSgE29xxspm0n1vuz3U9ovZJT3CU

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
95	raw.githubusercontent.com
96	raw.githubusercontent.com
103	camo.githubusercontent.com

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2828415587-3732861812-1919322417-1000\{4264EEDE-220C-4019-B36F-1A65E2BE0075}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2828415587-3732861812-1919322417-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 27 IoCs

pid	Process
1540	msedge.exe
1540	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4368	msedge.exe
4368	msedge.exe
2180	identity_helper.exe
2180	identity_helper.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
1796	msedge.exe
3316	msedge.exe
3316	msedge.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2588	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeRestorePrivilege	4676	7zG.exe
Token: 35	4676	7zG.exe
Token: SeSecurityPrivilege	4676	7zG.exe
Token: SeSecurityPrivilege	4676	7zG.exe
Token: SeDebugPrivilege	852	taskmgr.exe
Token: SeSystemProfilePrivilege	852	taskmgr.exe
Token: SeCreateGlobalPrivilege	852	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe
852	taskmgr.exe

Suspicious use of SetWindowsHookEx 21 IoCs

pid	Process
2588	OpenWith.exe
2588	OpenWith.exe
2588	OpenWith.exe
2588	OpenWith.exe
2588	OpenWith.exe
2588	OpenWith.exe
2588	OpenWith.exe
2588	OpenWith.exe
2588	OpenWith.exe
2588	OpenWith.exe
2588	OpenWith.exe
2588	OpenWith.exe
2588	OpenWith.exe
2588	OpenWith.exe
2588	OpenWith.exe
2588	OpenWith.exe
2588	OpenWith.exe
2588	OpenWith.exe
2588	OpenWith.exe
2588	OpenWith.exe
2588	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4628 wrote to memory of 3680	4628	msedge.exe	94
PID 4628 wrote to memory of 3680	4628	msedge.exe	94
PID 4628 wrote to memory of 1056	4628	msedge.exe	95
PID 4628 wrote to memory of 1056	4628	msedge.exe	95
PID 4628 wrote to memory of 1056	4628	msedge.exe	95
PID 4628 wrote to memory of 1056	4628	msedge.exe	95
PID 4628 wrote to memory of 1056	4628	msedge.exe	95
PID 4628 wrote to memory of 1056	4628	msedge.exe	95
PID 4628 wrote to memory of 1056	4628	msedge.exe	95
PID 4628 wrote to memory of 1056	4628	msedge.exe	95
PID 4628 wrote to memory of 1056	4628	msedge.exe	95
PID 4628 wrote to memory of 1056	4628	msedge.exe	95
PID 4628 wrote to memory of 1056	4628	msedge.exe	95
PID 4628 wrote to memory of 1056	4628	msedge.exe	95
PID 4628 wrote to memory of 1056	4628	msedge.exe	95
PID 4628 wrote to memory of 1056	4628	msedge.exe	95
PID 4628 wrote to memory of 1056	4628	msedge.exe	95
PID 4628 wrote to memory of 1056	4628	msedge.exe	95
PID 4628 wrote to memory of 1056	4628	msedge.exe	95
PID 4628 wrote to memory of 1056	4628	msedge.exe	95
PID 4628 wrote to memory of 1056	4628	msedge.exe	95
PID 4628 wrote to memory of 1056	4628	msedge.exe	95
PID 4628 wrote to memory of 1056	4628	msedge.exe	95
PID 4628 wrote to memory of 1056	4628	msedge.exe	95
PID 4628 wrote to memory of 1056	4628	msedge.exe	95
PID 4628 wrote to memory of 1056	4628	msedge.exe	95
PID 4628 wrote to memory of 1056	4628	msedge.exe	95
PID 4628 wrote to memory of 1056	4628	msedge.exe	95
PID 4628 wrote to memory of 1056	4628	msedge.exe	95
PID 4628 wrote to memory of 1056	4628	msedge.exe	95
PID 4628 wrote to memory of 1056	4628	msedge.exe	95
PID 4628 wrote to memory of 1056	4628	msedge.exe	95
PID 4628 wrote to memory of 1056	4628	msedge.exe	95
PID 4628 wrote to memory of 1056	4628	msedge.exe	95
PID 4628 wrote to memory of 1056	4628	msedge.exe	95
PID 4628 wrote to memory of 1056	4628	msedge.exe	95
PID 4628 wrote to memory of 1056	4628	msedge.exe	95
PID 4628 wrote to memory of 1056	4628	msedge.exe	95
PID 4628 wrote to memory of 1056	4628	msedge.exe	95
PID 4628 wrote to memory of 1056	4628	msedge.exe	95
PID 4628 wrote to memory of 1056	4628	msedge.exe	95
PID 4628 wrote to memory of 1056	4628	msedge.exe	95
PID 4628 wrote to memory of 1540	4628	msedge.exe	96
PID 4628 wrote to memory of 1540	4628	msedge.exe	96
PID 4628 wrote to memory of 3124	4628	msedge.exe	97
PID 4628 wrote to memory of 3124	4628	msedge.exe	97
PID 4628 wrote to memory of 3124	4628	msedge.exe	97
PID 4628 wrote to memory of 3124	4628	msedge.exe	97
PID 4628 wrote to memory of 3124	4628	msedge.exe	97
PID 4628 wrote to memory of 3124	4628	msedge.exe	97
PID 4628 wrote to memory of 3124	4628	msedge.exe	97
PID 4628 wrote to memory of 3124	4628	msedge.exe	97
PID 4628 wrote to memory of 3124	4628	msedge.exe	97
PID 4628 wrote to memory of 3124	4628	msedge.exe	97
PID 4628 wrote to memory of 3124	4628	msedge.exe	97
PID 4628 wrote to memory of 3124	4628	msedge.exe	97
PID 4628 wrote to memory of 3124	4628	msedge.exe	97
PID 4628 wrote to memory of 3124	4628	msedge.exe	97
PID 4628 wrote to memory of 3124	4628	msedge.exe	97
PID 4628 wrote to memory of 3124	4628	msedge.exe	97
PID 4628 wrote to memory of 3124	4628	msedge.exe	97
PID 4628 wrote to memory of 3124	4628	msedge.exe	97
PID 4628 wrote to memory of 3124	4628	msedge.exe	97
PID 4628 wrote to memory of 3124	4628	msedge.exe	97

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\MalwareDatabase
1⤵
PID:1420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffaf31a46f8,0x7ffaf31a4708,0x7ffaf31a4718
  2⤵
  PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,2221615043076211159,6128167535183332472,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,2221615043076211159,6128167535183332472,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,2221615043076211159,6128167535183332472,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
  2⤵
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2221615043076211159,6128167535183332472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2221615043076211159,6128167535183332472,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2221615043076211159,6128167535183332472,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2221615043076211159,6128167535183332472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:1
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2221615043076211159,6128167535183332472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4044 /prefetch:1
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2221615043076211159,6128167535183332472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3716 /prefetch:1
  2⤵
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2072,2221615043076211159,6128167535183332472,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5580 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2072,2221615043076211159,6128167535183332472,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5564 /prefetch:8
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2221615043076211159,6128167535183332472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,2221615043076211159,6128167535183332472,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6012 /prefetch:8
  2⤵
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,2221615043076211159,6128167535183332472,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6012 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2221615043076211159,6128167535183332472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:3328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2221615043076211159,6128167535183332472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:2624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2221615043076211159,6128167535183332472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2221615043076211159,6128167535183332472,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2221615043076211159,6128167535183332472,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2221615043076211159,6128167535183332472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2072,2221615043076211159,6128167535183332472,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5984 /prefetch:8
  2⤵
  PID:720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,2221615043076211159,6128167535183332472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2072,2221615043076211159,6128167535183332472,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6172 /prefetch:8
  2⤵
  PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,2221615043076211159,6128167535183332472,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6364 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2072,2221615043076211159,6128167535183332472,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3700 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3316

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3664

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4012

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1440

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap16164:106:7zEvent17900
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4676

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2588
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\MalwareDatabase-master\README.md
  2⤵
  PID:4212

C:\Users\Admin\AppData\Local\Temp\Temp1_Deskbottom.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_Deskbottom.zip\[email protected]"
1⤵
PID:1560

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:852

C:\Users\Admin\AppData\Local\Temp\Temp1_PowerPoint.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_PowerPoint.zip\[email protected]"
1⤵
PID:516
- C:\Users\Admin\AppData\Local\Temp\sys3.exe
  C:\Users\Admin\AppData\Local\Temp\\sys3.exe
  2⤵
  PID:5080

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3939855 /state1:0x41c64e6d
1⤵
PID:4424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
65a51c92c2d26dd2285bfd6ed6d4d196

SHA1
8b795f63db5306246cc7ae3441c7058a86e4d211

SHA256
bb69ea4c761c6299b0abbc78f3728f19b37454a0b4eb607680ed202f29b4bb01

SHA512
6156dd7cec9fee04971c9a4c2a5826ba1bb3ef8b6511f1cdf17968c8e5a18bc0135510c2bd05cc26f3e7ae71f6e50400cf7bec536b78d9fa37ede6547cfa17e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce1273b7d5888e76f37ce0c65671804c

SHA1
e11b606e9109b3ec15b42cf5ac1a6b9345973818

SHA256
eb1ba494db2fa795a4c59a63441bd4306bdb362998f555cadfe6abec5fd18b8c

SHA512
899d6735ff5e29a3a9ee7af471a9167967174e022b8b76745ce39d2235f1b59f3aa277cc52af446c16144cce1f6c24f86b039e2ca678a9adac224e4232e23086

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
ebb47ecb9f8ad00911799b55949abbb9

SHA1
50e2a04195d5a63d4ab548390eb21e4c3720770e

SHA256
05f9957c6a9503946d9e38a0ede99ad445bcfe56065e2a7b0a76fc5615c3dac1

SHA512
d45f2a70bb45ae80a5efcc33b13cb76f7d4cddd74d1cc9c2e7c4265d2774b988560d3d4d17b734dcc4ecb25d127202efd548b918339afadd589b6eafa00e743f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
f65fe24b64c2dd15f263fb5e7ccb0dc2

SHA1
f6c27d5b104ce3c59bfa80554b67143e558895d4

SHA256
aa32c104af2d5a4d3cd4ac791a501061900fffdbb126d05dfbd67aec84a1c543

SHA512
f6911b43f18f8abb9d77c6d32645d2d6a5825ddc03cd22635df329841571d41e2658d29f90f555a5b8dc8e2a48020b0eee1dead6a8b5465dc0889a543c5853f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1019B

MD5
97745b0f87973532efbf2e12a65a88e9

SHA1
d468cabedbdcc903dc689007938866c2bbb1d039

SHA256
6695993f68bd40b3ad6db06343d261f19354236da7d9b9462ebaddc453516d8a

SHA512
b5054f119a0db0c74d348463aff73287172ff53ddc528f35f731c8cd269b586d371c217adc7e76eb52cc969da264e0a0fa684ba0196c387b12dfd991f2f758f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e335140bb01f94302f7d2db0974afef1

SHA1
108ead8c58e85028fb6e227e7c35a1c7660219f4

SHA256
fee96fe26ee3d87b0f63e8a5e9eb97170a84eb0d9e639456f7a9e44431c99fe6

SHA512
f5b160276398b040f7c94c9061498e9db833768babbcd4353d95a35d78d1aeba592167cbde3500dc0b85d6f3045935c50fa2ecc37f1419f603f7b420dc7a3f16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8a3c4f892434a044f7e534ea46387ec8

SHA1
655016e39e83c2cabda47bdb73d27d9bbe25afb0

SHA256
e842d545925a919862796ea7b16fe29898b384f3ff5da0bef36b81deb47932c4

SHA512
ff73848e40c82892adc92560ae7e866e683097a4cfe996448e77fda62f758a4e69b936bf0b3929e7e5cf5dd639dd29fcecefa645a71c54772a2e5771b0b9e665

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d402586c0b4fc0e076f588182248d44f

SHA1
a46e20738004d8bba6b5a7f3221a44e606842eda

SHA256
30ef10f4cd6042cb520aa9d1952b7b1f6659a6514979eb589baa1005226ff3f6

SHA512
27caea119873d0ff1fc7eb08a325971a1044fa8b0c332701556893cbaf854da1a444e8f72fb8e1dbfa22e9a9d744a0c65ce57506e7db0837253c060e7ab3372d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
898fd2cd6b60846e0bbf3ab29fee0bc9

SHA1
6b3a20187ac527a43206f025f9aecf91bf95b442

SHA256
919454c2d06de0ef5bb11a0cb23e155251298be6c888f9c080fee4dd69b99a63

SHA512
b9d8ca04672e6801cbee2a763a12925407f37681e32f3c5d4201c84fa94f1617588e19f6663548320bc114868a8f3aa73b4fa62d19e7edd3f4b9e57a494bf5a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
86f4a27f36d50b73e471b7fc371ee23e

SHA1
b6e631234c4d99a9583330dac6b5504c60f30f1e

SHA256
d8b3277d92c21dfb32bc96bc31e076bf4cb24aad39e37fea604cf688d398d44e

SHA512
8a2b365f6e0b405ca2daafe831ac00b295c56fdf83ab92965cf96aae77e9805affd2af3a25ed5dac4a29108d1a384028b703cc1818cfb50ccb825a5c2a0eab0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
94d6a851adba63ef582e8d571b09a62c

SHA1
3f002abfc2965dce24041269eea5b33924e2037f

SHA256
4646688988c5a2e3ad6285c5489b5fcd28a7b85990cc7a7716835a11e1658f02

SHA512
3f82d7a2b19ce9076b3fcf1069d625be91861a2eb73e8a9d0793329e48622915600e96fc657fb576739fbbfcc07182bfa73f76155d497f629084020345b8ba47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a20c033201a80a10e1c24f427249fdbf

SHA1
f4ff8876535f61534298904634fbad3cfffc7f32

SHA256
8e09b98fbb102fd486aca4e8cce225476e7e7e7480d85ab78ccfe2b921a181f1

SHA512
91dc5b4a135f2d6e2ab36c21436ff2ea96136bb7d478b071c4e7bde75e58db90092a34e0f071c4eb5e29c8b6105f492dfb424fef9cf77ca3c3d8c24ac5836afd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
129f9cf5ce10046154f883bf81fb507c

SHA1
908945142d2776f538421faeb3f3c5c348be7111

SHA256
1a11ed32e23856b9584f0f0252435c52cb93617feef6864f30a061c1e37fc7b7

SHA512
a156bedb3643cc737fefa4372036af24e61b2e02a7948c5e4cf00401b7599d4475aba8be84a8798e62e5e843ce9d4eae86863ec8207db76ce0efcb095a733d75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ecdbe98ca241242dec45e9a52c1c1e01

SHA1
ac54bab5a2b62ff0f0256b9652be9dd17a421b26

SHA256
96096acc774bf9b544aa0b707a1d918a5d8f1ee44a16a43e71e9fd34543c6201

SHA512
b4af4446e178fee40f1033ace28d424fe4b87ec965fe5ced4a64be93f032c9fdd0efd6965d966232fcb2d696b59f930f7b374e3a838a8ec78064122572a29ad0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b8d95e98ad4703ee8ff4eb13708fd743

SHA1
64af3d98474e9430680cfff56b184b2726a97377

SHA256
17f9ed7eca721a4e46aad1b6c5abc2f7f9e6eda39f0e649d1556b5298ddf88db

SHA512
ef94ae2844da5412baa798c33ecc5eb907998066d9dbb8443bd146be67db266c5e00064435bc350d08d3e4c9722a11fb00a53e579fced825c4d59e43c71f1c0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
54b5e033d30e58825eb0a8dfc7f3c41b

SHA1
f49b6c80a0b19adff04bc5fd91965c692d292c45

SHA256
a3c5065908e8ffc5614a78da941347d922ff9878f930507567bfa26f5070ee7e

SHA512
28eeda74b2b77b1389d3e218fa58932fe675299e37cdc7c7a73cbfda446df99f2bb2d96652304cf6392238e6adcb17f8fb8549dacfc50d8a16b0ab92974c008e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e866549eabe0facf5b22d2eccfb972dd

SHA1
6ea0484b9ff23e49cac8597f2258e5a5498f3e6b

SHA256
ef50e35d49346a7dddf039fcd0a598fe0f5ffac5a4d208322c9ffdf30fd90fda

SHA512
de04d8728301c222092de12054f70bcd002ed532f26b3a7119f7bdd9e726e16fb5cfca166a3f9232f3db78eb796aadad74ad8095166500145c6af5eb02be6c88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581076.TMP

Filesize
873B

MD5
d393951d8903afda4fd79fa3bf40ed30

SHA1
e9c52ef97a0956fac4e3cfc22245902f60c3e4c3

SHA256
d7e9dcb5ff8a15d8c38251e9cffcb3fdeed6d23475371a6351b815e610b34cf7

SHA512
b9a5812fd5d651c5f561e25c4e0512dbacfc78c3ffe7d333a9a073aa306747a0e616ef783ba956857a0def167db4accc1f144fcb4abc59240911eb330de75a4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ea8d0ace-74c6-4c98-a6e3-a78c8a906093.tmp

Filesize
6KB

MD5
d6c13bf04b74ba21877a31e954701eb5

SHA1
676caa42cb1641cd97f5eb454cbc29f28560cc86

SHA256
0383980f2c9728130a120d16b4337de786dda636a95be08a1d5f87b82ba5049d

SHA512
56edccdc83cb605578668686542421495d604fc47b477af3532c83e4b066f99d4be55efb445dd2fd2b0379a8b75f66c292b9ed5a2718e50e600f9cb1766e8f2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9f7abf6d5c4a4561ff14b2e3934f23f4

SHA1
c8bed080af97d042eeb8c9fdf4e2affe154cd1c2

SHA256
da51032c302db506da1092a69093f919e76e37b878d7679d1a9482deaac44b9b

SHA512
71a6cc7e277ec278175ea9f286b7a129e8899c6d0f9635d3b6f7a680944b5a11920f3ea4f6378870ebe9508d4669fb71c02f109cf9a7b4e2bd429ec820d5fc4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
d720bb9eb8e2903327dad04987bff757

SHA1
2907e602dd87a69d48404e1559058d27083c08f9

SHA256
447df46bc98ae2edbdfb4fd4282413ae5fe9d48634a1d0928f327ac156743c3d

SHA512
0b115549bfee196260fc48cfe219aac165665603c6691d2128295787e407ccd3e17767acce789e2d14229d4c28464471d10aba9b949a23d04d6eab402b4c9bfd

Download Submit
C:\Users\Admin\AppData\Local\Temp\sys3.exe

Filesize
136KB

MD5
70108103a53123201ceb2e921fcfe83c

SHA1
c71799a6a6d09ee758b04cdf90a4ab76fbd2a7e3

SHA256
9c3f8df80193c085912c9950c58051ae77c321975784cc069ceacd4f57d5861d

SHA512
996701c65eee7f781c2d22dce63f4a95900f36b97a99dcf833045bce239a08b3c2f6326b3a808431cdab92d59161dd80763e44126578e160d79b7095175d276b

Download Submit
C:\Users\Admin\AppData\Local\Temp\systm.txt

Filesize
80B

MD5
34e19002be90417747f58e44cc1700ea

SHA1
6833d1e76b4e78f5a25cc9e74df2505b8c2956d2

SHA256
18cba779ba620fc897cc5adf01a88582f240765119e1e459da76709454355b06

SHA512
1ed2cec9f6c56d5d6cdd16a89b23fcabe0f3906a8924ad7f005f3fa1904b26d412fe76b12eb846ff8eb1ce092c22dad173741d43daa54160ef3620acb9df8133

Download Submit
C:\Users\Admin\Downloads\MalwareDatabase-master.zip

Filesize
7.9MB

MD5
b1ba5495ebccc982909d62e0c81908ca

SHA1
c852aa8f2b57e5c5a217848d25ee2e321417b56a

SHA256
be84aca5b58a93f79f59bd3d0f7379721e5622b3baf2720265a8e1e958b01136

SHA512
c34e6ce7fc08b82dfebcb057160cfc6e8cc856958e5886da8aa7f0ab787d67ff425a3329b1fce7362589673c8c2baca3abd96b94054c13aa43fedfc72bcbc7f9

Download Submit
C:\Users\Admin\Downloads\MalwareDatabase-master.zip

Filesize
2.9MB

MD5
ec03180ad03e7871d2174bccd516492b

SHA1
f5f73e5b28e45e4431bdf6faf445f2dd536888fa

SHA256
b8e043f9216116eff4d2bbe70a288420679b948094b99442d9143dc2c4573b92

SHA512
5c2c45f5065ff4c9e7399fd2d0b437ca9eb027965886294ce52c645eab8d97932fb24bdedf72349f2f2d49cff42f7b5f6a6d046d060e3132ef597447e49ef4c3

Download Submit
C:\Users\Admin\Downloads\MalwareDatabase-master\README.md

Filesize
3KB

MD5
2f0c9dd2a112bf13385a1f57bd284d39

SHA1
83de7791dd6d930cd698edfd7c04f799148c4241

SHA256
cfcb7cd126178d5a18862d3a29640b4d903d58aa74b2892fe3eaec452442dcd0

SHA512
c980ceb58c593484c172f10fc3b9da6ed45e2a4b7d928f47c3c7e4b8965959d9f459d15bc71575ab9f822ea03dbc779d0dde4f4806080cc804600c60fe011f97

Download Submit
memory/516-973-0x000000002AA00000-0x000000002AA24000-memory.dmp

Filesize
144KB

Download
memory/852-965-0x000001B205100000-0x000001B205101000-memory.dmp

Filesize
4KB

Download
memory/852-955-0x000001B205100000-0x000001B205101000-memory.dmp

Filesize
4KB

Download
memory/852-961-0x000001B205100000-0x000001B205101000-memory.dmp

Filesize
4KB

Download
memory/852-962-0x000001B205100000-0x000001B205101000-memory.dmp

Filesize
4KB

Download
memory/852-963-0x000001B205100000-0x000001B205101000-memory.dmp

Filesize
4KB

Download
memory/852-956-0x000001B205100000-0x000001B205101000-memory.dmp

Filesize
4KB

Download
memory/852-967-0x000001B205100000-0x000001B205101000-memory.dmp

Filesize
4KB

Download
memory/852-966-0x000001B205100000-0x000001B205101000-memory.dmp

Filesize
4KB

Download
memory/852-969-0x000001B205100000-0x000001B205101000-memory.dmp

Filesize
4KB

Download
memory/852-957-0x000001B205100000-0x000001B205101000-memory.dmp

Filesize
4KB

Download
memory/1560-935-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1560-934-0x0000000000780000-0x0000000000781000-memory.dmp

Filesize
4KB

Download
memory/5080-980-0x000000002AA00000-0x000000002AA24000-memory.dmp

Filesize
144KB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads