734403a96fad68cb2ef2b340adddd9cadd5894007aac703dcdb4a4cb8326c538

max time kernel
533s
max time network
605s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
10-03-2024 21:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/MEMZ 3.0 (1)/MEMZ 3.0/MEMZ.bat
Size

12KB
MD5

13a43c26bb98449fd82d2a552877013a
SHA1

71eb7dc393ac1f204488e11f5c1eef56f1e746af
SHA256

5f52365accb76d679b2b3946870439a62eb8936b9a0595f0fb0198138106b513
SHA512

602518b238d80010fa88c2c88699f70645513963ef4f148a0345675738cf9b0c23b9aeb899d9f7830cc1e5c7e9c7147b2dc4a9222770b4a052ee0c879062cd5a
SSDEEP

384:nnLhRNiqt0kCH2LR0GPXxGiZgCz+KG/yKhLdW79HOli+lz3:nLhRN9t0SR4iZtzlREBWhuF

Score

7^/10

bootkit persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

MEMZ.exeMEMZ.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation	MEMZ.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation	MEMZ.exe

Executes dropped EXE 7 IoCs

Processes:

MEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid process

4384 MEMZ.exe
1820 MEMZ.exe
3124 MEMZ.exe
1488 MEMZ.exe
4528 MEMZ.exe
3084 MEMZ.exe
1644 MEMZ.exe
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1542.003

Processes:

MEMZ.exe

description ioc process

File opened for modification \??\PhysicalDrive0 MEMZ.exe

pid	process
4384	MEMZ.exe
1820	MEMZ.exe
3124	MEMZ.exe
1488	MEMZ.exe
4528	MEMZ.exe
3084	MEMZ.exe
1644	MEMZ.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Drops file in Windows directory 2 IoCs

Processes:

mspaint.exemspaint.exe

description	ioc	process
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

Taskmgr.exeTaskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	Taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 4 IoCs

Processes:

explorer.execalc.execalc.execalc.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings	calc.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings	calc.exe
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings	calc.exe

Runs regedit.exe 2 IoCs

Processes:

regedit.exeregedit.exe

pid process

1580 regedit.exe
5688 regedit.exe

pid	process
1580	regedit.exe
5688	regedit.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

MEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid	process
1820	MEMZ.exe
1820	MEMZ.exe
1820	MEMZ.exe
1820	MEMZ.exe
3124	MEMZ.exe
3124	MEMZ.exe
3124	MEMZ.exe
4528	MEMZ.exe
3124	MEMZ.exe
4528	MEMZ.exe
1820	MEMZ.exe
1820	MEMZ.exe
1488	MEMZ.exe
1488	MEMZ.exe
1820	MEMZ.exe
1820	MEMZ.exe
4528	MEMZ.exe
3124	MEMZ.exe
4528	MEMZ.exe
3124	MEMZ.exe
3084	MEMZ.exe
3084	MEMZ.exe
3084	MEMZ.exe
4528	MEMZ.exe
4528	MEMZ.exe
3084	MEMZ.exe
3124	MEMZ.exe
3124	MEMZ.exe
1820	MEMZ.exe
1820	MEMZ.exe
1488	MEMZ.exe
1488	MEMZ.exe
1488	MEMZ.exe
1488	MEMZ.exe
1820	MEMZ.exe
1820	MEMZ.exe
3124	MEMZ.exe
3124	MEMZ.exe
4528	MEMZ.exe
4528	MEMZ.exe
3084	MEMZ.exe
3084	MEMZ.exe
1488	MEMZ.exe
1488	MEMZ.exe
1820	MEMZ.exe
1820	MEMZ.exe
1820	MEMZ.exe
1820	MEMZ.exe
1488	MEMZ.exe
1488	MEMZ.exe
3084	MEMZ.exe
3084	MEMZ.exe
4528	MEMZ.exe
4528	MEMZ.exe
3124	MEMZ.exe
3124	MEMZ.exe
3084	MEMZ.exe
3084	MEMZ.exe
1488	MEMZ.exe
1488	MEMZ.exe
1820	MEMZ.exe
1820	MEMZ.exe
1820	MEMZ.exe
1820	MEMZ.exe

Suspicious behavior: GetForegroundWindowSpam 4 IoCs

Processes:

mmc.exemmc.exemmc.exeMEMZ.exe

pid process

5080 mmc.exe
5104 mmc.exe
4328 mmc.exe
1644 MEMZ.exe

pid	process
5080	mmc.exe
5104	mmc.exe
4328	mmc.exe
1644	MEMZ.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 31 IoCs

Processes:

msedge.exe

pid	process
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe

Suspicious behavior: SetClipboardViewer 2 IoCs

Processes:

mmc.exemmc.exe

pid process

5104 mmc.exe
4328 mmc.exe

pid	process
5104	mmc.exe
4328	mmc.exe

Suspicious use of AdjustPrivilegeToken 26 IoCs

Processes:

AUDIODG.EXEmmc.exemmc.exemmc.exeTaskmgr.exeTaskmgr.exe

description	pid	process
Token: 33	3320	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3320	AUDIODG.EXE
Token: 33	5080	mmc.exe
Token: SeIncBasePriorityPrivilege	5080	mmc.exe
Token: 33	5080	mmc.exe
Token: SeIncBasePriorityPrivilege	5080	mmc.exe
Token: 33	5080	mmc.exe
Token: SeIncBasePriorityPrivilege	5080	mmc.exe
Token: 33	5104	mmc.exe
Token: SeIncBasePriorityPrivilege	5104	mmc.exe
Token: 33	5104	mmc.exe
Token: SeIncBasePriorityPrivilege	5104	mmc.exe
Token: 33	5104	mmc.exe
Token: SeIncBasePriorityPrivilege	5104	mmc.exe
Token: 33	4328	mmc.exe
Token: SeIncBasePriorityPrivilege	4328	mmc.exe
Token: 33	4328	mmc.exe
Token: SeIncBasePriorityPrivilege	4328	mmc.exe
Token: 33	4328	mmc.exe
Token: SeIncBasePriorityPrivilege	4328	mmc.exe
Token: SeDebugPrivilege	6080	Taskmgr.exe
Token: SeSystemProfilePrivilege	6080	Taskmgr.exe
Token: SeCreateGlobalPrivilege	6080	Taskmgr.exe
Token: SeDebugPrivilege	6916	Taskmgr.exe
Token: SeSystemProfilePrivilege	6916	Taskmgr.exe
Token: SeCreateGlobalPrivilege	6916	Taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

cscript.exemsedge.exeTaskmgr.exe

pid	process
4068	cscript.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

msedge.exeTaskmgr.exe

pid	process
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
4536	msedge.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe
6080	Taskmgr.exe

Suspicious use of SetWindowsHookEx 42 IoCs

Processes:

MEMZ.exemmc.exemmc.exeOpenWith.exemmc.exemmc.exemspaint.exemmc.exemmc.exeOpenWith.exemspaint.exeOpenWith.exe

pid	process
1644	MEMZ.exe
4024	mmc.exe
5080	mmc.exe
5080	mmc.exe
428	OpenWith.exe
1644	MEMZ.exe
1644	MEMZ.exe
4480	mmc.exe
5104	mmc.exe
5104	mmc.exe
1036	mspaint.exe
1036	mspaint.exe
1036	mspaint.exe
1036	mspaint.exe
1644	MEMZ.exe
1644	MEMZ.exe
1596	mmc.exe
4328	mmc.exe
4328	mmc.exe
1644	MEMZ.exe
4764	OpenWith.exe
1644	MEMZ.exe
1644	MEMZ.exe
1644	MEMZ.exe
1644	MEMZ.exe
1644	MEMZ.exe
1644	MEMZ.exe
1644	MEMZ.exe
1644	MEMZ.exe
1644	MEMZ.exe
1644	MEMZ.exe
6000	mspaint.exe
6000	mspaint.exe
6000	mspaint.exe
6000	mspaint.exe
1644	MEMZ.exe
5320	OpenWith.exe
1644	MEMZ.exe
1644	MEMZ.exe
1644	MEMZ.exe
1644	MEMZ.exe
1644	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

cmd.exeMEMZ.exeMEMZ.exemsedge.exe

description	pid	process	target process
PID 3160 wrote to memory of 4068	3160	cmd.exe	cscript.exe
PID 3160 wrote to memory of 4068	3160	cmd.exe	cscript.exe
PID 3160 wrote to memory of 4384	3160	cmd.exe	MEMZ.exe
PID 3160 wrote to memory of 4384	3160	cmd.exe	MEMZ.exe
PID 3160 wrote to memory of 4384	3160	cmd.exe	MEMZ.exe
PID 4384 wrote to memory of 1820	4384	MEMZ.exe	MEMZ.exe
PID 4384 wrote to memory of 1820	4384	MEMZ.exe	MEMZ.exe
PID 4384 wrote to memory of 1820	4384	MEMZ.exe	MEMZ.exe
PID 4384 wrote to memory of 3124	4384	MEMZ.exe	MEMZ.exe
PID 4384 wrote to memory of 3124	4384	MEMZ.exe	MEMZ.exe
PID 4384 wrote to memory of 3124	4384	MEMZ.exe	MEMZ.exe
PID 4384 wrote to memory of 1488	4384	MEMZ.exe	MEMZ.exe
PID 4384 wrote to memory of 1488	4384	MEMZ.exe	MEMZ.exe
PID 4384 wrote to memory of 1488	4384	MEMZ.exe	MEMZ.exe
PID 4384 wrote to memory of 4528	4384	MEMZ.exe	MEMZ.exe
PID 4384 wrote to memory of 4528	4384	MEMZ.exe	MEMZ.exe
PID 4384 wrote to memory of 4528	4384	MEMZ.exe	MEMZ.exe
PID 4384 wrote to memory of 3084	4384	MEMZ.exe	MEMZ.exe
PID 4384 wrote to memory of 3084	4384	MEMZ.exe	MEMZ.exe
PID 4384 wrote to memory of 3084	4384	MEMZ.exe	MEMZ.exe
PID 4384 wrote to memory of 1644	4384	MEMZ.exe	MEMZ.exe
PID 4384 wrote to memory of 1644	4384	MEMZ.exe	MEMZ.exe
PID 4384 wrote to memory of 1644	4384	MEMZ.exe	MEMZ.exe
PID 1644 wrote to memory of 2360	1644	MEMZ.exe	notepad.exe
PID 1644 wrote to memory of 2360	1644	MEMZ.exe	notepad.exe
PID 1644 wrote to memory of 2360	1644	MEMZ.exe	notepad.exe
PID 1644 wrote to memory of 4536	1644	MEMZ.exe	msedge.exe
PID 1644 wrote to memory of 4536	1644	MEMZ.exe	msedge.exe
PID 4536 wrote to memory of 3796	4536	msedge.exe	msedge.exe
PID 4536 wrote to memory of 3796	4536	msedge.exe	msedge.exe
PID 4536 wrote to memory of 2580	4536	msedge.exe	msedge.exe
PID 4536 wrote to memory of 2580	4536	msedge.exe	msedge.exe
PID 4536 wrote to memory of 2580	4536	msedge.exe	msedge.exe
PID 4536 wrote to memory of 2580	4536	msedge.exe	msedge.exe
PID 4536 wrote to memory of 2580	4536	msedge.exe	msedge.exe
PID 4536 wrote to memory of 2580	4536	msedge.exe	msedge.exe
PID 4536 wrote to memory of 2580	4536	msedge.exe	msedge.exe
PID 4536 wrote to memory of 2580	4536	msedge.exe	msedge.exe
PID 4536 wrote to memory of 2580	4536	msedge.exe	msedge.exe
PID 4536 wrote to memory of 2580	4536	msedge.exe	msedge.exe
PID 4536 wrote to memory of 2580	4536	msedge.exe	msedge.exe
PID 4536 wrote to memory of 2580	4536	msedge.exe	msedge.exe
PID 4536 wrote to memory of 2580	4536	msedge.exe	msedge.exe
PID 4536 wrote to memory of 2580	4536	msedge.exe	msedge.exe
PID 4536 wrote to memory of 2580	4536	msedge.exe	msedge.exe
PID 4536 wrote to memory of 2580	4536	msedge.exe	msedge.exe
PID 4536 wrote to memory of 2580	4536	msedge.exe	msedge.exe
PID 4536 wrote to memory of 2580	4536	msedge.exe	msedge.exe
PID 4536 wrote to memory of 2580	4536	msedge.exe	msedge.exe
PID 4536 wrote to memory of 2580	4536	msedge.exe	msedge.exe
PID 4536 wrote to memory of 2580	4536	msedge.exe	msedge.exe
PID 4536 wrote to memory of 2580	4536	msedge.exe	msedge.exe
PID 4536 wrote to memory of 2580	4536	msedge.exe	msedge.exe
PID 4536 wrote to memory of 2580	4536	msedge.exe	msedge.exe
PID 4536 wrote to memory of 2580	4536	msedge.exe	msedge.exe
PID 4536 wrote to memory of 2580	4536	msedge.exe	msedge.exe
PID 4536 wrote to memory of 2580	4536	msedge.exe	msedge.exe
PID 4536 wrote to memory of 2580	4536	msedge.exe	msedge.exe
PID 4536 wrote to memory of 2580	4536	msedge.exe	msedge.exe
PID 4536 wrote to memory of 2580	4536	msedge.exe	msedge.exe
PID 4536 wrote to memory of 2580	4536	msedge.exe	msedge.exe
PID 4536 wrote to memory of 2580	4536	msedge.exe	msedge.exe
PID 4536 wrote to memory of 2580	4536	msedge.exe	msedge.exe
PID 4536 wrote to memory of 2580	4536	msedge.exe	msedge.exe

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:3160

C:\Windows\system32\cscript.exe
cscript x.js
2⤵
- Suspicious use of FindShellTrayWindow
PID:4068

C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4384

C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:1820

C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:3124

C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:1488

C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:4528

C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:3084

C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /main
3⤵
- Checks computer location settings
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1644

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
4⤵
PID:2360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=virus+builder+legit+free+download
4⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9cc9746f8,0x7ff9cc974708,0x7ff9cc974718
5⤵
PID:3796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,7188050663243425100,16660127582663461447,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
5⤵
PID:2580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,7188050663243425100,16660127582663461447,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
5⤵
PID:1376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,7188050663243425100,16660127582663461447,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
5⤵
PID:548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7188050663243425100,16660127582663461447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
5⤵
PID:4424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7188050663243425100,16660127582663461447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
5⤵
PID:1176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7188050663243425100,16660127582663461447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
5⤵
PID:3140

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,7188050663243425100,16660127582663461447,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 /prefetch:8
5⤵
PID:4344

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,7188050663243425100,16660127582663461447,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 /prefetch:8
5⤵
PID:1780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7188050663243425100,16660127582663461447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
5⤵
PID:2160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7188050663243425100,16660127582663461447,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
5⤵
PID:976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7188050663243425100,16660127582663461447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
5⤵
PID:4656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7188050663243425100,16660127582663461447,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3648 /prefetch:1
5⤵
PID:1152

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,7188050663243425100,16660127582663461447,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3196 /prefetch:2
5⤵
PID:4396

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7188050663243425100,16660127582663461447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
5⤵
PID:4876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7188050663243425100,16660127582663461447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
5⤵
PID:4492

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7188050663243425100,16660127582663461447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2676 /prefetch:1
5⤵
PID:3276

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7188050663243425100,16660127582663461447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
5⤵
PID:4456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7188050663243425100,16660127582663461447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3044 /prefetch:1
5⤵
PID:3304

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7188050663243425100,16660127582663461447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
5⤵
PID:4016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7188050663243425100,16660127582663461447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
5⤵
PID:4836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7188050663243425100,16660127582663461447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1
5⤵
PID:4800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7188050663243425100,16660127582663461447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
5⤵
PID:4616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7188050663243425100,16660127582663461447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6696 /prefetch:1
5⤵
PID:3736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7188050663243425100,16660127582663461447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
5⤵
PID:464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7188050663243425100,16660127582663461447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
5⤵
PID:1384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7188050663243425100,16660127582663461447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1
5⤵
PID:4608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7188050663243425100,16660127582663461447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7020 /prefetch:1
5⤵
PID:2488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7188050663243425100,16660127582663461447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:1
5⤵
PID:3736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7188050663243425100,16660127582663461447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6960 /prefetch:1
5⤵
PID:2576

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7188050663243425100,16660127582663461447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
5⤵
PID:5916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7188050663243425100,16660127582663461447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7004 /prefetch:1
5⤵
PID:3120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7188050663243425100,16660127582663461447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7224 /prefetch:1
5⤵
PID:5924

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7188050663243425100,16660127582663461447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7768 /prefetch:1
5⤵
PID:5156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7188050663243425100,16660127582663461447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
5⤵
PID:6588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7188050663243425100,16660127582663461447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7992 /prefetch:1
5⤵
PID:6680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7188050663243425100,16660127582663461447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7936 /prefetch:1
5⤵
PID:7100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7188050663243425100,16660127582663461447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7420 /prefetch:1
5⤵
PID:7128

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7188050663243425100,16660127582663461447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1880 /prefetch:1
5⤵
PID:6688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7188050663243425100,16660127582663461447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:1
5⤵
PID:3772

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7188050663243425100,16660127582663461447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7408 /prefetch:1
5⤵
PID:6248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7188050663243425100,16660127582663461447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7112 /prefetch:1
5⤵
PID:5040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7188050663243425100,16660127582663461447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
5⤵
PID:3904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7188050663243425100,16660127582663461447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8212 /prefetch:1
5⤵
PID:5336

C:\Windows\SysWOW64\explorer.exe
"C:\Windows\System32\explorer.exe"
4⤵
- Modifies registry class
PID:2724

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe"
4⤵
PID:772

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
4⤵
PID:4176

C:\Windows\SysWOW64\mmc.exe
"C:\Windows\System32\mmc.exe"
4⤵
- Suspicious use of SetWindowsHookEx
PID:4024

C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe"
5⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:5080

C:\Windows\SysWOW64\calc.exe
"C:\Windows\System32\calc.exe"
4⤵
- Modifies registry class
PID:1388

C:\Windows\SysWOW64\regedit.exe
"C:\Windows\System32\regedit.exe"
4⤵
- Runs regedit.exe
PID:1580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp
4⤵
PID:3224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff9cc9746f8,0x7ff9cc974708,0x7ff9cc974718
5⤵
PID:720

C:\Windows\SysWOW64\mmc.exe
"C:\Windows\System32\mmc.exe"
4⤵
- Suspicious use of SetWindowsHookEx
PID:4480

C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe"
5⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: SetClipboardViewer
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:5104

C:\Windows\SysWOW64\mspaint.exe
"C:\Windows\System32\mspaint.exe"
4⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:1036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic
4⤵
PID:4264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff9cc9746f8,0x7ff9cc974708,0x7ff9cc974718
5⤵
PID:4228

C:\Windows\SysWOW64\mmc.exe
"C:\Windows\System32\mmc.exe"
4⤵
- Suspicious use of SetWindowsHookEx
PID:1596

C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe"
5⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: SetClipboardViewer
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4328

C:\Windows\SysWOW64\calc.exe
"C:\Windows\System32\calc.exe"
4⤵
- Modifies registry class
PID:3724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+2+remove+a+virus
4⤵
PID:3812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff9cc9746f8,0x7ff9cc974708,0x7ff9cc974718
5⤵
PID:2888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
4⤵
PID:1956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff9cc9746f8,0x7ff9cc974708,0x7ff9cc974718
5⤵
PID:2516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=virus+builder+legit+free+download
4⤵
PID:1792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9cc9746f8,0x7ff9cc974708,0x7ff9cc974718
5⤵
PID:3480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=best+way+to+kill+yourself
4⤵
PID:428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff9cc9746f8,0x7ff9cc974708,0x7ff9cc974718
5⤵
PID:4164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=virus+builder+legit+free+download
4⤵
PID:4344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff9cc9746f8,0x7ff9cc974708,0x7ff9cc974718
5⤵
PID:896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=best+way+to+kill+yourself
4⤵
PID:3056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xfc,0x124,0x7ff9cc9746f8,0x7ff9cc974708,0x7ff9cc974718
5⤵
PID:1044

C:\Windows\SysWOW64\regedit.exe
"C:\Windows\System32\regedit.exe"
4⤵
- Runs regedit.exe
PID:5688

C:\Windows\SysWOW64\Taskmgr.exe
"C:\Windows\System32\Taskmgr.exe"
4⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:6080

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=virus.exe
4⤵
PID:5888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf4,0x11c,0x120,0xf8,0x124,0x7ff9cc9746f8,0x7ff9cc974708,0x7ff9cc974718
5⤵
PID:5860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
4⤵
PID:5804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff9cc9746f8,0x7ff9cc974708,0x7ff9cc974718
5⤵
PID:5828

C:\Windows\SysWOW64\mspaint.exe
"C:\Windows\System32\mspaint.exe"
4⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:6000

C:\Windows\SysWOW64\calc.exe
"C:\Windows\System32\calc.exe"
4⤵
- Modifies registry class
PID:5992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=internet+explorer+is+the+best+browser
4⤵
PID:6508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff9cc9746f8,0x7ff9cc974708,0x7ff9cc974718
5⤵
PID:6524

C:\Windows\SysWOW64\Taskmgr.exe
"C:\Windows\System32\Taskmgr.exe"
4⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:6916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=virus.exe
4⤵
PID:6988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff9cc9746f8,0x7ff9cc974708,0x7ff9cc974718
5⤵
PID:7084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+2+remove+a+virus
4⤵
PID:6364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x100,0x120,0xf4,0x124,0x7ff9cc9746f8,0x7ff9cc974708,0x7ff9cc974718
5⤵
PID:6048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
4⤵
PID:7136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff9cc9746f8,0x7ff9cc974708,0x7ff9cc974718
5⤵
PID:4452

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
4⤵
PID:2760

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
4⤵
PID:6216

C:\Windows\SysWOW64\calc.exe
"C:\Windows\System32\calc.exe"
4⤵
PID:6452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=what+happens+if+you+delete+system32
4⤵
PID:5376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff9cc9746f8,0x7ff9cc974708,0x7ff9cc974718
5⤵
PID:4872

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1780

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:772

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4c8 0x49c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3320

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:428

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:4340

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:4764

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:5320

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6924

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\3e2651cb230b5698\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
956714757f0c01587d52367ff646889d

SHA1
5532e1a7fb97abd8c267812f34892414b74ce24f

SHA256
e70c02a9df8d4a65b124fcd6a4070b18f04577f237be158af9ccfb6853059394

SHA512
d7d3a1030d4030e9c1b98b22ade13163a654e814ffaff364569893cb0d2dfda86808df262809f4fe5c41b78874f609febb0ef9a5d19e1b8c87c12203c1a20573

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\3e2651cb230b5698\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\3e2651cb230b5698\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
944B

MD5
399468c9f1ba0079d0363c8d29104113

SHA1
eccbdbf52ebceafe91e255668c7f31609f7af914

SHA256
fdaa3062dfd314b5834a803ba0ddcffd5afedaab39300415db27ebe0c3289d25

SHA512
7b4efc9378f9edf6268da46e9dd41fcee87d9af43c53916bb17713b9270f10bd76073b4b76e3e17a7b02bb6a46caa95d412ddb51263df78ee8e698ea4ce1e8a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4d6e17218d9a99976d1a14c6f6944c96

SHA1
9e54a19d6c61d99ac8759c5f07b2f0d5faab447f

SHA256
32e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93

SHA512
3fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
194KB

MD5
f5b4137b040ec6bd884feee514f7c176

SHA1
7897677377a9ced759be35a66fdee34b391ab0ff

SHA256
845aa24ba38524f33f097b0d9bae7d9112b01fa35c443be5ec1f7b0da23513e6

SHA512
813b764a5650e4e3d1574172dd5d6a26f72c0ba5c8af7b0d676c62bc1b245e4563952bf33663bffc02089127b76a67f9977b0a8f18eaef22d9b4aa3abaaa7c40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2ecd7fc3c1ef295b_0

Filesize
397KB

MD5
2d5ebfcdbde70ecf71388ccbed8d81cf

SHA1
6635c04fc9f86ff09f3e52aca8c1ba1d6dcf11ec

SHA256
a4f4fdb45e149b74ead3cf9694e0497be02426645ab394a20c346a4b0c9ec996

SHA512
183f17e6c3ad3d94cb1a0a150bdaf949df6497404c869585b16cff1140d6cecdf474693fd4c0e4ad0762d565190398cd83447d3b59c4bedd84d204c13fcaea15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\57c5bce7e97afc2e_0

Filesize
18KB

MD5
b9b04f804066c01e86dba3899358c35f

SHA1
201cb87d51d9fb400c3a4165c50df9f17c93956a

SHA256
57bdefc7618a55247d42a2dc3a78c98643d004e8fc1d490730aaba323e5f0659

SHA512
fc587159947088f3c11536831e84b693db40acb4590380eb4e57cc335f28e36ab30ffba8e0c41631ef34966dd29c84e2ad461ad4f12a20423642edbf4104b6de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a21145a4f0b9fd0_0

Filesize
289B

MD5
888d4e12afdcbbe331eac2dcc0559c5e

SHA1
704c030317767ff0898b26895723a99a3adcec1c

SHA256
d900ac0428f8c19ac2927981be9a9bc95ebfaba3d2239d4913e01ef62fa32eaf

SHA512
96c00c993469adc9f2be0a86b6bbf31de48041121a0d3c9b34846b049655a1f8410eb0705e6fb5e57842595a08f21bfa41313220b665ad322cb3c3fdd9c503cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a21145a4f0b9fd0_0

Filesize
289B

MD5
87c2c6c5a8d08ecc24d6ce908a84ee7c

SHA1
1fb41b3129a3c63d42eb67cb63bd04d687fe4dbb

SHA256
0241934280533475cdf94289748c39182b6ffc4120ebc8717efdc4b0d9eef4c8

SHA512
fd87bcdd7cb991bb076afe14cac645dab12aaf26004cc5b17bf5497fd93250f16ad6b1d3ed6ddb059a1dd910d831bd73bb81bf1eda010380bb77b941c471c68e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a024c087f216680d_0

Filesize
128KB

MD5
93918931b7297ec31e740935c22a4e1b

SHA1
eea5029c48193bc4d7c0e5e7ce2e82260de150ee

SHA256
51ba92266f9664a41bdf933c2733701dc447c6813a507529260acf87a008857b

SHA512
2d342af1b27f1113b3798abc3f4f7bc1fd9ca68de8b33899ea0f9ee0a74b029014287312be6dc1c50012efa973a7e6af1f2722f415f54e8a1c23952cedd22d70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
03069a63ca0978518da35f8071be3b31

SHA1
7c0f6291cd036319a6fddc6fb29c5942ccd0a5f5

SHA256
c266d7064f8e256918057c3f6eb3d2955a50fded851ca60d34eb6045951d814e

SHA512
e414c783e6d8fe0094a8ccd4ecdbd95a8a265a7133a98acce39e63263c8a36270d6e14d75515c2a4fb2dd73fcf11dcbc7aeca2e37e9ce28694c1063aa1b86527

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
42b6cf2effd3e6bcaf0d7df6e2099ee0

SHA1
6f7d4325a652fcb69410e74bdcf7e8cbea03001b

SHA256
bf00834f3e44d4503a51576f869ed5ebba442fb51136d243385bc35f38a52fd6

SHA512
a91cab6d606d9190e01395f68986c542f57f94652d17f0e73419f4194e0fc36d274cf7e82ddaa67d059aabdcca96973694579e514d66187f9ad047a609448246

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
801d2d868dad7820e81923230fa6116f

SHA1
f2b040bf46fc435c3b68c1bb7059d644c276cff2

SHA256
5b8dc59794d79806fb562c2f8db8fcee9fff7389359ccacfb737a9e98eb2f128

SHA512
6733f5ace086e0fba307db0c8b80ef471c217187d52d79d383ec6133a9e2090d91ab5753ba5bd9a8b115d920abf92e63de89aa7095095893de2dc01eaa3dfc24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
810dcd26f402b5b4446caee59266cdcc

SHA1
bd16c4b03608b8101993dbbd57b40f7098ccba0c

SHA256
54569853b21f5e1ede97f216bb7ed1824b418b58881bcf6fc0afe6cf59f08c89

SHA512
2d6ed8c69f99e733db000a99ce3642e711faaf1f2fd25de0e40b33ed4a83b54fbfd3ac7795bc16dd7b688dac5cc2ba8d8c97de4b3fa8e1e9fda729a89f09f24a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
1a1ccadfa99094123addabdf7a25de58

SHA1
0c70d82459b0643eff24d802dc4b6e0c163fd4d2

SHA256
350a802090c21faf98f7be08eed00292ea97288491eea6ef312bb44562674bac

SHA512
244b0f4fc815ba68c9631d30b388dd94e1b026189941539319323afd31b22ab50237680ace904545424016cc5b3a3eb9cdaa9f6c24a56f7149e4fe3b723a2774

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
74f63b607535bbf089d96d5eed61c890

SHA1
fe9d4cc96121d1b61dd515300eb8bc701ec84892

SHA256
d231ff90f91c55511c8f05f337810e0101fdf8c524d3b644090623b43bf0bf3f

SHA512
a8fb65049a4428215cb02fd70e7d24385616779ce5b4b42d994d1966673bcc23686edb76a613fa776d5ec71db6a9896415a9fdf4c0754931d28dbfb1753efccf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
b008064c7735eb3a9ab55e2711442d34

SHA1
8d66928ef499bfa1798d5e9da1ccd870dc4dc3a3

SHA256
40d9719d99e67e107346fac163145d853c42225f9e0c7ce3e2e81404aeafc5a0

SHA512
cc663aebd9785108ae2d0ad5858f47bb034bf9a55a003b628c5ed8e8e2d0d4de2f5b8cc93b1c645c378a6eb0b7d85ea5d8ec367b3c9db58e75dafba0bb6a591b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
a4675cfd1f0793a6345553ab926fcbcd

SHA1
9071ac00b725296642c1d568800e45f198c601ef

SHA256
4a3845f7940de542407030e3c71fc44cc06d858a1d1e91fbfa4abb8de1d0c7c5

SHA512
a50567f6bf6d8d3b76ad6dd053f6d6be13c7b3a79c7fa7612fbb5a223086c481d509092cd81a4506d0c368c436d1a35a2d1f063bb4c9c4a930beb716fde0e238

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
910aa8a94a493a92853e993a15f0478f

SHA1
ae6d8ac5c15135f97168ee263033eb970c59445b

SHA256
228a6b83dbf07ff259325c6fb2c2659e1dde31d0e1eafd4993bbb3df91bad85e

SHA512
b8a7ecdd758f703dff267209ff20b87c86b6e4e14f5ad193fd65e3363123f271c47a5b1ebc8337486356105572ddc4fb14b2d89bacc079e85fa37cb06428b933

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1005B

MD5
ab15a90a4e6350c06c8ec10893d66c02

SHA1
dec71eedb1ecb178b3c91535f84c4ea9794fd247

SHA256
21fa609303d8b6ecdc8593ed50fe7bde34237b302bfb1128ac2d57cdc31a54cd

SHA512
853b52f6a8a7ca6de9832849446a38f2f8c1ed73d9a5b531fe0b8a1a5586c53c7a8235945fe979d66e4ffbffb9ed202099a9651f2351084af4bf6ac63b0e3058

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
309d53fef6d94b5a84cd68ccca02d9a9

SHA1
82fb80cd1f1d4b5db14135efcbf5afeb0392447e

SHA256
fa7a3c3c63a2f334ac1159efcf03463028b943a2b59bd5dff8ff63f0625e5d53

SHA512
a0096116fd16b0dc54c0d3b603600c4e1f8a3cb4eadc73087597f6161b660d7a972510ae15d0cc2db2bb857469e1f8e412c00e1477f3827bb6f82b4a5f79889f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
45609cac6c9184c2c3d96f1063051d39

SHA1
e69cd64d385b3acafba63b234b0eabbd62b83c05

SHA256
aae968b5c551259a8811380693595557a4724f92598ebfec18d13dfa7dc7cce5

SHA512
d9cbd22f41940853033a778899ddd2b134b6eeb1b3383c70ddfffb8759a543b488686e0786e9317df9ade4692067d30f04b5567b82c35d36ccc3ee59a3291489

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c57bc9604718659a2ed6176be2d8ceff

SHA1
5018d80b40e391b0d584cdaecb31e8cf8dacb689

SHA256
f3b1c6ffb02776051e9746fd1143020dedb3ae032095dbba65489c7d67ed074c

SHA512
620186bbc379fb27ae34c541537aa416d8b655bf3c08a3ee650fad58c17a5163bd5914d2cbb82bf2ae1387ffb7b5abcb7293f50ee4f557e8d179e8f66c1135ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
99eb0ebf691154008cd4a307dbf46034

SHA1
3cad4db37a323640df87cc6a92dfb15034b5b68d

SHA256
b6a55dac22215c08217cfe07776c88ffd07a9385cd87085cd537620f87100317

SHA512
ef73c042fd244dba842ba84f688bc9eba300b35d4c9b8e77bc07216e4cb7ff8106d246d97b84391aed1f4578c57ed6dbdb45639d0147c5a14351e8d394baa0f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2ec78bb8e71364c270f0e012e1690ea3

SHA1
9f87a2b411430e6a3980f441b101af47ca5a13b2

SHA256
8e3e625254134a7d414b037b75eb06c9e028dc6409229a29e36a8c99503792c8

SHA512
98ad9fca6c0a5690d2e164bf19cf6c9952caec6fe07aec3ab0f0fdfcdf054366bbf3c172e41ae66dfaff7a52e96b16d9d0e2d1ea25524d41c935f139bc333d93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5b8074f5ca3d39f4fd62293f24712568

SHA1
866664f7e822beb8322db3495e3c8835072fb263

SHA256
721d61309f4434982f666e7f046e5807d7e31a8004e183dc5e5265c0bdee10b5

SHA512
72a65714a32a9ba2ae406e13c0ee98e16c470e1413ab97a405feb62e6074a99226f9f63ecc37086d79bedf2fe03d2db9bb257da3ba21f33cb8842e7a2d8ac79d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
540b52374a7dfcf284efd6956939daea

SHA1
dd5af98a16d1051d48d9a5a22f348bcfe30b05b1

SHA256
c208d199037c2e2e8f57ac37fdea9da084e705406d4775778e204e65e180e4f6

SHA512
b2d24a58f8b5abdf92646c55ee9330f5559f61f79a8649cd6e1c3334fc400d0a16faa4d654f8240a00baf146b644b32236eab05824e88f95d81dd220c2797f70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2714dadda3a68fcfe23ad205789b91f2

SHA1
a8579061a4464ddf126186f99163f8cca8dd87fe

SHA256
4fbf35428417ddc4dc85de5e092557896cbc2929c6f90a58fa01f334189365be

SHA512
bb50c72186bfe1046201e72987e63daa90af97f75abe76b3d42902edb4a40977e3ec9d2e91a0b362c3e2ee16da6ca9ce0be189d663e8dbd322aa88d964365e7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e019a5e480b973456ee1ac7e2864d928

SHA1
dfc8bd5efabd16851d9ff1880fd63978a4ce91e2

SHA256
877efb15d37eba2d6fcf51a4039c2dce665a7ce635c1a3103484d434e883b144

SHA512
732d64f55d3d2e817f625a25b5ce34f9ee6281a201a4329ed3c7bf09c8f4b984f14772420fd7036d43212c9a9fa484df7cbc26fca6d5003edaccf93385d5d0c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d8d9c5569e3eb4293121d8f04cc02279

SHA1
7d0ec053d166a4dd7752ad023829837118033e43

SHA256
a9a5e732ec5609a6596ae2c264ad45df6bb1496bebf7c5dec282268a3f75c7a4

SHA512
288f2093cbc8054a0408583cb81384b812b8311bd59db42c400e3137a81a4358bb12a87d420cafbeaa2b500b5f95c97abf37c858bcb05a108bd6c8610432dced

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ae534a914b03bc68a486737ec3d29d57

SHA1
9e1273d2bb2ec6d697dcea2e509f14998bab1bbb

SHA256
1aa551701c8652c40a88cffe46c4d12ccfc6f67ebb614c141c3ce429e4852a00

SHA512
cc5358cbfd2646da7305165649b5eb86e819321fc3987cd6d6648d255e71d6b98ed1b565a5905649f85babd34f40ecfb29d007136e9569204983281fab2b0b34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
642a2d81eca8c816c99e60dcfe37e9db

SHA1
cc921dcebaad0a035c5461ffcc6cc291ce63ee6a

SHA256
80ea8e2f3688d5b8bcebd5b7ae0ed15c9bc24bfee54e8bd3b4be4195342b5723

SHA512
1529e087d1a9296e44b4e5a254aa2fc629aa088e03b5a678a36ee572f9724af79c0469d91dd6b9a393e89346a91523afd2dd9039df96f2fd44810eb78d029ed1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a2c5f7b38046b22ef98798281e4be806

SHA1
a07948486083cccfbc5ec6c71a75108ed989c704

SHA256
45446e76873fa1bc292287665f782e42f1e1312e522d57e9995b276e47a0227f

SHA512
d9b1fe3ededd7b3d380b92d8d307ee4c31f797a64cef54f65573270613b1c7e87e4f7db251cc4ff5745f5cabdb2560d742e57cfa1d04e8a5f80a33f8ddaa5354

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b38c12521c83a7f1be9f256b051f8340

SHA1
5c335b4e69872c866749bce41e707392b5aa8a2a

SHA256
3df5539f6e8bf359c289e3cc5228acfabedcdd2a4ca7c1baa2fd4c3b84da2e34

SHA512
fca66b93850b6eabd3e57c8900c8669c9e122764e380056142c0c34443ca585fa4eebc5801cb85c4280db8b981bbf3750326fbb7729971cd726ab23ed91b3ba4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7f8349d6357b8ffde85498081e7141e3

SHA1
bac22acb32135bd5da41d2e020f3a7a2d61c0d7d

SHA256
53b59227e9924884d8a58f21187e12bab5afae20af0a8743daae365d5b46a349

SHA512
1939d54dc37ddaa00219f6419baa3163d7c1c3eb74cf1984b5e0bc8af9b8c3f702f45494751ea3848d4fb932035de045ccdd2bab31c4b57582866040737b3873

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1c569d5e95d51788150353e161d48e08

SHA1
dea05e591fd947fd9ea66310a2cab5bbbb7d344b

SHA256
d452b3a50e148b2a68fbd9dbd3cc5feaee37168f795bc75818f5b48af9bbb3dc

SHA512
a6e234405c721e564fe09ebe4f69a6a59f376f5af5dc9779e7786c4cf06ce3bced2992702227a5c09e0efaa5bdf90da4de2e8597db8d16a56f3641b094addc11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a3f1eaed47d2208b96430675a2448c08

SHA1
51bbe9881a5040f1292bd509eb89c1cca18f1048

SHA256
62fc5e9a835c197cab05717c5815cbf037d73123523de8fc66e29ebd02522329

SHA512
c0b9533dcf8c7c6b827a5e67d1da59807c6b8681f237c928b61ba53bc5d0a76e65df7f61a85bdb15394da88d129f463d51a47ffda8e020b79727c78e301303fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7d09eb2d42dbc13d65450b834a1411ca

SHA1
4084f1ace82869397d984c397360983ff04d96dc

SHA256
c82036182868e0374ee52fbdf93e9df1f9a707534476f10313f2dccd491fd6f7

SHA512
fd24dc08b668f223550b7982c4d1cc0c386d773072b88b29420debe4437bf2b86958f1bcfa1081c32ed2abc0b6598b326a216cf42b93d464fb9a0ae4e56ab797

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
c2ef1d773c3f6f230cedf469f7e34059

SHA1
e410764405adcfead3338c8d0b29371fd1a3f292

SHA256
185450d538a894e4dcf55b428f506f3d7baa86664fbbc67afd6c255b65178521

SHA512
2ef93803da4d630916bed75d678382fd1c72bff1700a1a72e2612431c6d5e11410ced4eaf522b388028aeadb08e8a77513e16594e6ab081f6d6203e4caa7d549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
0b8b5ac9d879d0e019ffa5bb6db546ab

SHA1
c2c39b22f44cc6164bbb40aa2aa4fb082494e5d8

SHA256
ba1965e55e32a60a1257627949ded200e9ca5307a78b64b33d84fb0114480ddf

SHA512
17bcf28d8315489af2396b7ea9be697ac04041b649493f1bb8f1f550cd0741396437c989f79f92c45e5b527e32be60fc73ea241fefcfa30b4c13ebfaf000ed16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
40fc044b3844eec1cdc6759cae0d0ffd

SHA1
0eb04bb62c2ce0dbf8b4f223272a8f3f3d31b822

SHA256
fdf2c3d4048b5387465d2ba8e14f433b2509f5049730c054c0631de50bfe82a6

SHA512
d1e5ae292bb168d2eeb73094f13a779476fb8652e7f96a0304034b4202622c4640dbc6aa03289d6beca54b0ac47fe2b662d90dca9a4743c79260c1b1c7b85e33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2d1d9d6625c8a5855fa4de71c8d18346

SHA1
b48878693ff64dacd7b38d60018eb3b030fa976d

SHA256
842242656f81d27dbc096e82a0824f5d40085629b348b1abffbef8151e1205de

SHA512
b7001eb89ef8da61b98838df9688474f481ec5b4592ca5f95ae742c3010bba0e835f6a17b4ad3dad8b3e2f1606a8c11108b921bb0743fcc80fbab47a9c0cece9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
49a3081f1b4f11d6b6356e0fb4614909

SHA1
ebef6c8300a44207cedb2ce0faff9c2bbf6dcb92

SHA256
b607b719abdd4d2e97768c7bc9a12ac2a246ff13f13f073c726dc24eae3a846a

SHA512
5a83d119fe422e7f2352a20aeb36a9d0cca0a3c4e9a616fbdcaa6a432ba3ae0550501207d940c2d6f0567fce2ebfeb66a633d139bb168ad051e208e5eab71830

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
2bc7c753832fc5a9607c280ccb79b512

SHA1
7f67695cae710bc7d5ce16783358a66d145fa66d

SHA256
646298b005ea623ff8959faef95e4a731204924dcdd26313f9b07a1aef01b2db

SHA512
407655bca383514d2768ec67be2d2f4714f67c1108d5624ff95f7aef1fff3226e5c0247f7b787edd8d487dea3dd9fcd52011c2529b51761b20a46c8d0e56430f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
5214cb5d9c78d82e167174d91468ec7d

SHA1
02ebf01540b529048de5a0948beb84e9d10950de

SHA256
19dd637ef4a3f303d4a1fa257ad487fde5881513538c44974df9965c87562326

SHA512
570396333195df02c887b33e7728e1080c8a1e12d946dcf0f7afb374c25727ad084c9e84eb392bd95a87587a8d19f52b6e817170b8c63be2015ddcd40e3b754c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
2d5880fe0fbd8e6282d948d5428cc528

SHA1
7e5e65aee42fcbcf4cc5cc458c9c06b149cd0710

SHA256
f1171920890f68fad4ab19d4c44200b2ae2156e6175c337c04fc27df1ce74727

SHA512
c1e1348f142607f7337941ee642f71f6b4f4a679fd22b093627f9da6aa9ca385e2d99af5663a784c96ef4c03445c9be72ec25253b4f31fc65697a4aff53aa6c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
f631dadf4e5f15663261a39670b79b85

SHA1
e44005b0f08e46faa1d3b140c3d3f872c9aa676a

SHA256
2b610360348f15c68631b4246efb6d038bcad774e366459984189b6dab640fa0

SHA512
3d15bcb2195d1d4338e05a23e8b69cfc1268ce8bc51ade9444910ec5874c85add32434ff64ba1b92f8d5b2715e367763702178d8e4d01b9443e722cb6bab2c58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4ec9ff351ec1dcf692b5bbc7415f0273

SHA1
890f26329f7915579521c60f672241cc619e7a68

SHA256
17d703d883debef7736ce61c0a9e15113c0b30747b0a2d79fc6ff27c0f34684b

SHA512
6f203ed11d5d30e51f092b36312515b3b4c0d02b409711613783c498fb8b91c9c9c320dfe3e144c925b6bb70de4788f84557cb96e5aff5eb6070ee9d2bd1a585

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
3eea2d40b33da35693d39039620ee6c5

SHA1
c293aa31f4123d6ffb3bb558e19d5b423820b8fa

SHA256
67c6f98825dfbf9f5c5d1d5047ddea852edd8d0f8ddb1d2ce51778cc6c6a757e

SHA512
f40ac3ca21350234c82482bd3cdaa6ec5b21fe77367f07a3926c01dad8aad6b4978d7302272ba172c2cf2e662a8590fcab445964bd6b4edede6c4befe2b5acfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
b870516d042799221d63c471f1fccda5

SHA1
4d9fd5027976ed71fe373a2c2271fbc3c63f4194

SHA256
e7e1f4fce3e6eb83e8315b83c093c028ffe0f236452ed4b3bb9fb6cc6890d53b

SHA512
a9677767f0a0fc3b3a64963bc322a03ca5e24a2310d41c11ec9a3bbe87180b9f7c48282330bd277f90d128954add822f344e94816eabfb8c30591515474e7c04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
3d319495f4a9f773ffd4b8218e8378db

SHA1
cdf5e823c5b464edcda7ed23f84982a86c69350b

SHA256
3f1b81e1bc5d479d29adb876efecc2dac75d2e4ad58d2bed3d62befcdd2ed719

SHA512
c6c10d9f13e7f0ac54a912538e0a31b495237084705b4e50c65a4c360f0fa795d5415147b75e7fb1ef804f688023473dbef905c757b54e674d2e1e186afb38ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
a9bce059ce4663983c1e9340ad59a355

SHA1
54a15d2ee9db20a16c257b699b02c4d4addea80c

SHA256
ec6004c7d956540e3ae84e6ebb27cb947a69fcd60116d0dede0daee8290264f8

SHA512
c7006070a5c345613944aef1393efe941bb3cab3a74c8893e002dc30b56b67386f6b6e6240fcae9f704fc354aa76fc362692f6c5282d5213443d22f01c202233

Download Submit
C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\MEMZ 3.0 (1)\MEMZ 3.0\x

Filesize
10KB

MD5
fc59b7d2eb1edbb9c8cb9eb08115a98e

SHA1
90a6479ce14f8548df54c434c0a524e25efd9d17

SHA256
a05b9be9dd87492f265094146e18d628744c6b09c0e7efaabf228a9f1091a279

SHA512
3392cfc0dbddb37932e76da5a49f4e010a49aaa863c882b85cccab676cd458cfc8f880d8a0e0dc7581175f447e6b0a002da1591ecd14756650bb74996eacd2b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\MEMZ 3.0 (1)\MEMZ 3.0\x

Filesize
4KB

MD5
b6873c6cbfc8482c7f0e2dcb77fb7f12

SHA1
844b14037e1f90973a04593785dc88dfca517673

SHA256
0a0cad82d9284ccc3c07de323b76ee2d1c0b328bd2ce59073ed5ac4eb7609bd1

SHA512
f3aa3d46d970db574113f40f489ff8a5f041606e79c4ab02301b283c66ff05732be4c5edc1cf4a851da9fbaaa2f296b97fc1135210966a0e2dfc3763398dfcaf

Download Submit
C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\MEMZ 3.0 (1)\MEMZ 3.0\x.js

Filesize
448B

MD5
8eec8704d2a7bc80b95b7460c06f4854

SHA1
1b34585c1fa7ec0bd0505478ac9dbb8b8d19f326

SHA256
aa01b8864b43e92077a106ed3d4656a511f3ba1910fba40c78a32ee6a621d596

SHA512
e274b92810e9a30627a65f87448d784967a2fcfbf49858cbe6ccb841f09e0f53fde253ecc1ea0c7de491d8cc56a6cf8c79d1b7c657e72928cfb0479d11035210

Download Submit
C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\MEMZ 3.0 (1)\MEMZ 3.0\z.zip

Filesize
7KB

MD5
cf0c19ef6909e5c1f10c8460ba9299d8

SHA1
875b575c124acfc1a4a21c1e05acb9690e50b880

SHA256
abb834ebd4b7d7f8ddf545976818f41b3cb51d2b895038a56457616d3a2c6776

SHA512
d930a022a373c283f35d103e277487c2034a0b0814913b8f6ec695b45e20528667aa830eeab58e4483d523bd6a755a16a5379095cb137db6c91909a545a19a2f

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe

Filesize
12KB

MD5
a7bcf7ea8e9f3f36ebfb85b823e39d91

SHA1
761168201520c199dba68add3a607922d8d4a86e

SHA256
3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42

SHA512
89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523

Download Submit
C:\Windows\Debug\WIA\wiatrace.log

Filesize
1KB

MD5
8021ddb704bac2bb296c0e90e90dcff2

SHA1
9e7d66a39a2b5a83d9763e7feabf9318abbe5838

SHA256
94de7e857ec606c02ef21f5dd65c85bf213cb9001829380c04e6e9f5faeba923

SHA512
b492f4824550c1090e623bfc233201ea74bf4eaed775277cf34a0c382efc19fdcef13b499ffbe4e64087b71037a8769f028370313a0571990c3d6208ede7761e

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
\??\pipe\LOCAL\crashpad_4536_EARKMXGSFIWQGOJJ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/6080-747-0x0000000005830000-0x0000000005831000-memory.dmp

Filesize
4KB

Download
memory/6080-759-0x0000000005830000-0x0000000005831000-memory.dmp

Filesize
4KB

Download
memory/6080-755-0x0000000005830000-0x0000000005831000-memory.dmp

Filesize
4KB

Download
memory/6080-756-0x0000000005830000-0x0000000005831000-memory.dmp

Filesize
4KB

Download
memory/6080-757-0x0000000005830000-0x0000000005831000-memory.dmp

Filesize
4KB

Download
memory/6080-758-0x0000000005830000-0x0000000005831000-memory.dmp

Filesize
4KB

Download
memory/6080-753-0x0000000005830000-0x0000000005831000-memory.dmp

Filesize
4KB

Download
memory/6080-749-0x0000000005830000-0x0000000005831000-memory.dmp

Filesize
4KB

Download
memory/6080-748-0x0000000005830000-0x0000000005831000-memory.dmp

Filesize
4KB

Download
memory/6080-754-0x0000000005830000-0x0000000005831000-memory.dmp

Filesize
4KB

Download
memory/6916-910-0x0000000005920000-0x0000000005921000-memory.dmp

Filesize
4KB

Download
memory/6916-909-0x0000000005920000-0x0000000005921000-memory.dmp

Filesize
4KB

Download
memory/6916-917-0x0000000005920000-0x0000000005921000-memory.dmp

Filesize
4KB

Download
memory/6916-911-0x0000000005920000-0x0000000005921000-memory.dmp

Filesize
4KB

Download
memory/6916-919-0x0000000005920000-0x0000000005921000-memory.dmp

Filesize
4KB

Download
memory/6916-920-0x0000000005920000-0x0000000005921000-memory.dmp

Filesize
4KB

Download
memory/6916-918-0x0000000005920000-0x0000000005921000-memory.dmp

Filesize
4KB

Download
memory/6916-916-0x0000000005920000-0x0000000005921000-memory.dmp

Filesize
4KB

Download