Overview
overview
10Static
static
3eeeeeeeeee...00.exe
windows7-x64
eeeeeeeeee...00.exe
windows10-2004-x64
eeeeeeeeee...um.exe
windows7-x64
10eeeeeeeeee...um.exe
windows10-2004-x64
10eeeeeeeeee...ug.exe
windows7-x64
6eeeeeeeeee...ug.exe
windows10-2004-x64
6eeeeeeeeee...le.exe
windows7-x64
1eeeeeeeeee...le.exe
windows10-2004-x64
1eeeeeeeeee...er.exe
windows7-x64
7eeeeeeeeee...er.exe
windows10-2004-x64
7eeeeeeeeee...us.exe
windows7-x64
1eeeeeeeeee...us.exe
windows10-2004-x64
1MEMZ 3.0/MEMZ.bat
windows7-x64
7MEMZ 3.0/MEMZ.bat
windows10-2004-x64
7MEMZ 3.0/MEMZ.exe
windows7-x64
6MEMZ 3.0/MEMZ.exe
windows10-2004-x64
7eeeeeeeeee...MZ.bat
windows7-x64
7eeeeeeeeee...MZ.bat
windows10-2004-x64
7eeeeeeeeee...MZ.exe
windows7-x64
6eeeeeeeeee...MZ.exe
windows10-2004-x64
7eeeeeeeeee...ld.exe
windows7-x64
3eeeeeeeeee...ld.exe
windows10-2004-x64
3eeeeeeeeee....A.exe
windows7-x64
6eeeeeeeeee....A.exe
windows10-2004-x64
6eeeeeeeeee...al.exe
windows7-x64
7eeeeeeeeee...al.exe
windows10-2004-x64
7eeeeeeeeee...15.exe
windows7-x64
3eeeeeeeeee...15.exe
windows10-2004-x64
3eeeeeeeeee...al.exe
windows7-x64
7eeeeeeeeee...al.exe
windows10-2004-x64
8eeeeeeeeee...0r.exe
windows7-x64
10eeeeeeeeee...0r.exe
windows10-2004-x64
10Resubmissions
15-09-2024 23:12
240915-27aqvsxhjq 815-09-2024 23:02
240915-21efgaxake 815-09-2024 22:58
240915-2xypyaxdkj 315-09-2024 22:56
240915-2wn44sxcpk 315-09-2024 22:43
240915-2np2fawhpr 315-09-2024 22:42
240915-2m3k5swhmk 1015-09-2024 22:33
240915-2gqdmawbja 815-09-2024 22:27
240915-2de4gswekk 715-09-2024 22:15
240915-16esravenh 10Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
10-03-2024 19:27
Static task
static1
Behavioral task
behavioral1
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/000/[email protected]
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/000/[email protected]
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Antivirus Platinum/[email protected]
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Antivirus Platinum/[email protected]
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/ColorBug/[email protected]
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/ColorBug/[email protected]
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/DesktopPuzzle/[email protected]
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/DesktopPuzzle/[email protected]
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/FakeActivation/[email protected]
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/FakeActivation/[email protected]
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Happy Antivirus/[email protected]
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Happy Antivirus/[email protected]
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
MEMZ 3.0/MEMZ.bat
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
MEMZ 3.0/MEMZ.bat
Resource
win10v2004-20240226-en
Behavioral task
behavioral15
Sample
MEMZ 3.0/MEMZ.exe
Resource
win7-20240220-en
Behavioral task
behavioral16
Sample
MEMZ 3.0/MEMZ.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral17
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/MEMZ 3.0 (1)/MEMZ 3.0/MEMZ.bat
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/MEMZ 3.0 (1)/MEMZ 3.0/MEMZ.bat
Resource
win10v2004-20240226-en
Behavioral task
behavioral19
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/MEMZ 3.0 (1)/MEMZ 3.0/MEMZ.exe
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/MEMZ 3.0 (1)/MEMZ 3.0/MEMZ.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral21
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/NavaShield/[email protected]
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/NavaShield/[email protected]
Resource
win10v2004-20240226-en
Behavioral task
behavioral23
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Petya.A/[email protected]
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Petya.A/[email protected]
Resource
win10v2004-20240226-en
Behavioral task
behavioral25
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Security Central/[email protected]
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Security Central/[email protected]
Resource
win10v2004-20240226-en
Behavioral task
behavioral27
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Security Defender 2015/[email protected]
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Security Defender 2015/[email protected]
Resource
win10v2004-20240226-en
Behavioral task
behavioral29
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/VineMEMZ-Original.exe
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/VineMEMZ-Original.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral31
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/WannaCrypt0r/[email protected]
Resource
win7-20240215-en
Behavioral task
behavioral32
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/WannaCrypt0r/[email protected]
Resource
win10v2004-20240226-en
General
-
Target
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/VineMEMZ-Original.exe
-
Size
39.6MB
-
MD5
b949ba30eb82cc79eeb7c2d64f483bcb
-
SHA1
8361089264726bb6cff752b3c137fde6d01f4d80
-
SHA256
5f6a8f0e85704eb30340a872eec136623e57ab014b4dd165c68dd8cd76143923
-
SHA512
e2acd4fe7627e55be3e019540269033f65d4954831a732d7a4bd50607260cd2a238832f604fa344f04be9f70e8757a9f2d797de37b440159a16bf3a6359a759b
-
SSDEEP
786432:1fhwEXgLYTou24XbHzjkgV5bQAH/AbkP1hn0qPQPrhBPC7wYqljbdPIa:dqgb84DPn5vhbIPdZaWljbdPIa
Malware Config
Signatures
-
Sets file execution options in registry 2 TTPs 14 IoCs
Processes:
MEMZ.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\logonui.exe\Debugger = "rekt.exe" MEMZ.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskkill.exe\Debugger = "rekt.exe" MEMZ.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmc.exe MEMZ.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\Debugger = "rekt.exe" MEMZ.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmc.exe\Debugger = "rekt.exe" MEMZ.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe MEMZ.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe\Debugger = "rekt.exe" MEMZ.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe\Debugger = "rekt.exe" MEMZ.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shutdown.exe MEMZ.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskkill.exe MEMZ.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\logonui.exe MEMZ.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe MEMZ.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe MEMZ.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shutdown.exe\Debugger = "rekt.exe" MEMZ.exe -
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
MEMZ.exeVineMEMZ-Original.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation MEMZ.exe Key value queried \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation VineMEMZ-Original.exe -
Executes dropped EXE 5 IoCs
Processes:
MEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exepid process 3456 MEMZ.exe 1892 MEMZ.exe 4328 MEMZ.exe 4484 MEMZ.exe 3276 MEMZ.exe -
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
Processes:
MEMZ.exedescription ioc process File opened for modification \??\PhysicalDrive0 MEMZ.exe -
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
Processes:
MEMZ.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Roaming\\Data\\Pussy.png" MEMZ.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
MEMZ.exeMEMZ.exeMEMZ.exepid process 4328 MEMZ.exe 4484 MEMZ.exe 4328 MEMZ.exe 4484 MEMZ.exe 1892 MEMZ.exe 1892 MEMZ.exe 1892 MEMZ.exe 4328 MEMZ.exe 4328 MEMZ.exe 1892 MEMZ.exe 4484 MEMZ.exe 4484 MEMZ.exe 4484 MEMZ.exe 4328 MEMZ.exe 4484 MEMZ.exe 4328 MEMZ.exe 1892 MEMZ.exe 1892 MEMZ.exe 1892 MEMZ.exe 4328 MEMZ.exe 1892 MEMZ.exe 4328 MEMZ.exe 4484 MEMZ.exe 4484 MEMZ.exe 4484 MEMZ.exe 4328 MEMZ.exe 4484 MEMZ.exe 4328 MEMZ.exe 1892 MEMZ.exe 1892 MEMZ.exe 1892 MEMZ.exe 4484 MEMZ.exe 4484 MEMZ.exe 1892 MEMZ.exe 4328 MEMZ.exe 4328 MEMZ.exe 4328 MEMZ.exe 4484 MEMZ.exe 4328 MEMZ.exe 4484 MEMZ.exe 1892 MEMZ.exe 1892 MEMZ.exe 4484 MEMZ.exe 1892 MEMZ.exe 1892 MEMZ.exe 4484 MEMZ.exe 4328 MEMZ.exe 4328 MEMZ.exe 4328 MEMZ.exe 4484 MEMZ.exe 4328 MEMZ.exe 4484 MEMZ.exe 1892 MEMZ.exe 1892 MEMZ.exe 1892 MEMZ.exe 4484 MEMZ.exe 1892 MEMZ.exe 4484 MEMZ.exe 4328 MEMZ.exe 4328 MEMZ.exe 4328 MEMZ.exe 4328 MEMZ.exe 4484 MEMZ.exe 4484 MEMZ.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
MEMZ.exepid process 3276 MEMZ.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs
Processes:
msedge.exepid process 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
AUDIODG.EXEdescription pid process Token: 33 3076 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 3076 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
MEMZ.exemsedge.exepid process 3276 MEMZ.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe -
Suspicious use of SendNotifyMessage 25 IoCs
Processes:
MEMZ.exemsedge.exepid process 3276 MEMZ.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe 5060 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
VineMEMZ-Original.exeMEMZ.exeMEMZ.exemsedge.exedescription pid process target process PID 4804 wrote to memory of 3456 4804 VineMEMZ-Original.exe MEMZ.exe PID 4804 wrote to memory of 3456 4804 VineMEMZ-Original.exe MEMZ.exe PID 4804 wrote to memory of 3456 4804 VineMEMZ-Original.exe MEMZ.exe PID 3456 wrote to memory of 4484 3456 MEMZ.exe MEMZ.exe PID 3456 wrote to memory of 4484 3456 MEMZ.exe MEMZ.exe PID 3456 wrote to memory of 4484 3456 MEMZ.exe MEMZ.exe PID 3456 wrote to memory of 4328 3456 MEMZ.exe MEMZ.exe PID 3456 wrote to memory of 4328 3456 MEMZ.exe MEMZ.exe PID 3456 wrote to memory of 4328 3456 MEMZ.exe MEMZ.exe PID 3456 wrote to memory of 1892 3456 MEMZ.exe MEMZ.exe PID 3456 wrote to memory of 1892 3456 MEMZ.exe MEMZ.exe PID 3456 wrote to memory of 1892 3456 MEMZ.exe MEMZ.exe PID 3456 wrote to memory of 3276 3456 MEMZ.exe MEMZ.exe PID 3456 wrote to memory of 3276 3456 MEMZ.exe MEMZ.exe PID 3456 wrote to memory of 3276 3456 MEMZ.exe MEMZ.exe PID 3276 wrote to memory of 1392 3276 MEMZ.exe notepad.exe PID 3276 wrote to memory of 1392 3276 MEMZ.exe notepad.exe PID 3276 wrote to memory of 1392 3276 MEMZ.exe notepad.exe PID 3276 wrote to memory of 5060 3276 MEMZ.exe msedge.exe PID 3276 wrote to memory of 5060 3276 MEMZ.exe msedge.exe PID 5060 wrote to memory of 3720 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 3720 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 3148 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 3148 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 3148 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 3148 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 3148 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 3148 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 3148 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 3148 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 3148 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 3148 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 3148 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 3148 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 3148 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 3148 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 3148 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 3148 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 3148 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 3148 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 3148 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 3148 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 3148 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 3148 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 3148 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 3148 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 3148 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 3148 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 3148 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 3148 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 3148 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 3148 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 3148 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 3148 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 3148 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 3148 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 3148 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 3148 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 3148 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 3148 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 3148 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 3148 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 5072 5060 msedge.exe msedge.exe PID 5060 wrote to memory of 5072 5060 msedge.exe msedge.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\VineMEMZ-Original.exe"C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\VineMEMZ-Original.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:4804 -
C:\Users\Admin\AppData\Roaming\MEMZ.exe"C:\Users\Admin\AppData\Roaming\MEMZ.exe"2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3456 -
C:\Users\Admin\AppData\Roaming\MEMZ.exe/watchdog3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:4484 -
C:\Users\Admin\AppData\Roaming\MEMZ.exe/watchdog3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:4328 -
C:\Users\Admin\AppData\Roaming\MEMZ.exe/watchdog3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:1892 -
C:\Users\Admin\AppData\Roaming\MEMZ.exe/main3⤵
- Sets file execution options in registry
- Checks computer location settings
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- Sets desktop wallpaper using registry
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3276 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\System32\notepad.exe" \note.txt4⤵PID:1392
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://ask.com/web?q=cool+toolbars4⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5060 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffaa7e46f8,0x7fffaa7e4708,0x7fffaa7e47185⤵PID:3720
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,5204464437599162635,6723016890416730739,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:25⤵PID:3148
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2228,5204464437599162635,6723016890416730739,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:35⤵PID:5072
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2228,5204464437599162635,6723016890416730739,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:85⤵PID:4616
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5204464437599162635,6723016890416730739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:15⤵PID:1936
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5204464437599162635,6723016890416730739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:15⤵PID:3576
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5204464437599162635,6723016890416730739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:15⤵PID:1012
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5204464437599162635,6723016890416730739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:15⤵PID:884
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5204464437599162635,6723016890416730739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:15⤵PID:4800
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5204464437599162635,6723016890416730739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:15⤵PID:532
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,5204464437599162635,6723016890416730739,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6252 /prefetch:85⤵PID:2608
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,5204464437599162635,6723016890416730739,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6252 /prefetch:85⤵PID:3880
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5204464437599162635,6723016890416730739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:15⤵PID:3456
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5204464437599162635,6723016890416730739,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:15⤵PID:5128
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5204464437599162635,6723016890416730739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:15⤵PID:5388
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5204464437599162635,6723016890416730739,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:15⤵PID:5396
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5204464437599162635,6723016890416730739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:15⤵PID:5676
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5204464437599162635,6723016890416730739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:15⤵PID:5760
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5204464437599162635,6723016890416730739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:15⤵PID:5280
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5204464437599162635,6723016890416730739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:15⤵PID:5344
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5204464437599162635,6723016890416730739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:15⤵PID:5388
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5204464437599162635,6723016890416730739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:15⤵PID:4620
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5204464437599162635,6723016890416730739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6844 /prefetch:15⤵PID:3188
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5204464437599162635,6723016890416730739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6756 /prefetch:15⤵PID:988
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5204464437599162635,6723016890416730739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7048 /prefetch:15⤵PID:3292
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5204464437599162635,6723016890416730739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6892 /prefetch:15⤵PID:2604
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2228,5204464437599162635,6723016890416730739,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6012 /prefetch:85⤵PID:5952
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5204464437599162635,6723016890416730739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7008 /prefetch:15⤵PID:3544
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5204464437599162635,6723016890416730739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7500 /prefetch:15⤵PID:2768
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,5204464437599162635,6723016890416730739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:15⤵PID:5504
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=expand+dong4⤵PID:5604
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7fffaa7e46f8,0x7fffaa7e4708,0x7fffaa7e47185⤵PID:5620
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=stanky+danky+maymays4⤵PID:1172
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffaa7e46f8,0x7fffaa7e4708,0x7fffaa7e47185⤵PID:4584
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://ask.com/web?q=bonzi+buddy+download+free4⤵PID:5484
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffaa7e46f8,0x7fffaa7e4708,0x7fffaa7e47185⤵PID:5492
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=pussy+destroyer4⤵PID:4260
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffaa7e46f8,0x7fffaa7e4708,0x7fffaa7e47185⤵PID:1304
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/results?search_query=tootorals4⤵PID:6028
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffaa7e46f8,0x7fffaa7e4708,0x7fffaa7e47185⤵PID:2292
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi4⤵PID:5216
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffaa7e46f8,0x7fffaa7e4708,0x7fffaa7e47185⤵PID:5788
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=preventon+antivirus+download4⤵PID:4592
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffaa7e46f8,0x7fffaa7e4708,0x7fffaa7e47185⤵PID:2664
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x33c 0x3c01⤵
- Suspicious use of AdjustPrivilegeToken
PID:3076
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4380
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1828
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5600
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54d6e17218d9a99976d1a14c6f6944c96
SHA19e54a19d6c61d99ac8759c5f07b2f0d5faab447f
SHA25632e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93
SHA5123fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\078aa93d-74e2-4022-ae25-be3b535d719c.tmp
Filesize24KB
MD5c2ef1d773c3f6f230cedf469f7e34059
SHA1e410764405adcfead3338c8d0b29371fd1a3f292
SHA256185450d538a894e4dcf55b428f506f3d7baa86664fbbc67afd6c255b65178521
SHA5122ef93803da4d630916bed75d678382fd1c72bff1700a1a72e2612431c6d5e11410ced4eaf522b388028aeadb08e8a77513e16594e6ab081f6d6203e4caa7d549
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\90ee2941-4779-430c-830b-9163d36df29d.tmp
Filesize5KB
MD53d1d95145955e9e550127fd94641badb
SHA107d9c76dbcb13948efcba03125c4ad6d16af1908
SHA2563e459b7b48df9836586d7c14299ac3c62396ace4bfd9e84d00ba5029a7bba731
SHA512388039dd3bd5a89a46838a274d8b5aac0d9177465727de5709c745cbaf81328f60d29ec613899e8e82a0bab579f2a9237cac031dd77b0ec00e47f2a735f6bca8
-
Filesize
194KB
MD5f5b4137b040ec6bd884feee514f7c176
SHA17897677377a9ced759be35a66fdee34b391ab0ff
SHA256845aa24ba38524f33f097b0d9bae7d9112b01fa35c443be5ec1f7b0da23513e6
SHA512813b764a5650e4e3d1574172dd5d6a26f72c0ba5c8af7b0d676c62bc1b245e4563952bf33663bffc02089127b76a67f9977b0a8f18eaef22d9b4aa3abaaa7c40
-
Filesize
24KB
MD5b82ca47ee5d42100e589bdd94e57936e
SHA10dad0cd7d0472248b9b409b02122d13bab513b4c
SHA256d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d
SHA51258840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.ask.com_0.indexeddb.leveldb\CURRENT
Filesize16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001
Filesize23B
MD53fd11ff447c1ee23538dc4d9724427a3
SHA11335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA51210a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
3KB
MD580133ea7eae2e308ce64ac3d4a4b4470
SHA1fa8f8980609fc0ff3e67cdca34e283219684742d
SHA2565fc5e01248d1fd04f96e9b81b43709b4dcf690712c3c7b261f98b38bea4f358a
SHA512066bb0fbdd6a337e4026ba2b86fbc1d39e2bbb7a1b873706b00fe46db15e96db661b91e694859bd2360a859db734cc7faa8457eba8007919867bdaee783e82a0
-
Filesize
7KB
MD5b44f2cab6b8126df245b0251dd8364ff
SHA1f7debb06350a00799f72cad96a71cdca741e39c8
SHA256b4baa60d2d997e555ab1c9b342b1dcb09b5b4ac360b7eca06a090b96051841d7
SHA51274f3d15bb775576aa8ccd5fbc496a64a43342b9f29398fdddc66fbc5ea43af247b69ea7053a78f2381a48bdaee01f46ad2557e7dbee58cb47fe73880fa5dbf2e
-
Filesize
7KB
MD5d7d328dbd53159167918bf38e2a2dbae
SHA1362e4547a6bb78b09b79bf222d7d58a850952c28
SHA2563f50e9360a89caa291175ca806ab54426e7d353022ae2d51989f293f35d2ad31
SHA512af4814a73a5a16c99abe6a03ff6438d6be0210ba7557e45cdf1679101456c0ac92f11db5a6184970322b4a1aee0fe05de012cd605d3cc63a98c5137aada7d4e3
-
Filesize
8KB
MD504a52848510f83698850b550ea2d96ff
SHA1f53c2fcb1a3ba5c0feeb884222a3d91ad488df8e
SHA2564e2644aa3d04089739d50acb3fcbd89e968459d9e4f65a3879c970222de2186a
SHA512a5470e6ac66ecba9d0ad4d8a34cb2b68d78383b75bf14a90ac5ef80cc0d117f740a12d82c32834beec83caf237b14afa4312949b2acf39c085a7cbce65b02d39
-
Filesize
8KB
MD5aabecc4a93ebb386f59fabe2fd3b80c9
SHA1292d5e0139f44ed5eec22bfe1a36e246308f7105
SHA2561de15b91b333a5331c423d0b373663eb4e4311f627a4029b938b6d5373f97301
SHA512308cf4793afeb4d814694ba6539a88174c580abfd66f2a429fc809f97d3e0e72a49ef5ffff145c308ff9df623caadd3bf378709f0970c29592e6a2d4699d4150
-
Filesize
8KB
MD5d197e84338449b511dafea2c096f53a4
SHA144f5b01d6032fc66da90764d5adc88f77db4cc13
SHA256bd12a04b154964227db34c4c9f3cb9d0b696da224d446ea123dd4b4c37e83173
SHA5123e643e504d0e018f5567438b6af38da9404f574d5c168433814a3431452a548eafb92e7324061ecc4a1230187743bab22048b2e0bf88ee7280462f17c30aa82a
-
Filesize
8KB
MD547216e2b3600d461866d39a94a15580b
SHA10227f900723c708dd7c05d862d9079363511dc43
SHA256a8955112eb0ca151ec4168678ac8215361ba2851b2ff2418c446283beafd1f46
SHA51266a7e68424cf76e0574857e3b7914623198d16b5fd82b6d6ffcb51bede65e30ddc0ae5106f956dd946dc4969723a56f2b0c8f0af95b083ddcc444899c15bb8d3
-
Filesize
7KB
MD53dc17a37e10dee4bdcf7272ac06db153
SHA1b4c0e15805cb114b244dcd787942c32c418a8c72
SHA25669bbecbd316a0082db75a35b2a47129200765a6ecf5e69ceb9a39692fea9974a
SHA512a0cff248285e59605167f3a4ce8591300ad33147f18e39e67ff2542f5f44a66661b0a090994aa6e5e482604e851bc02ef1d45eae973a2dd21e236948d1d8175f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8787170d-0db3-4334-89ff-7507a5f080da\index-dir\the-real-index
Filesize2KB
MD5e8abb47cd43e1f6540a64e521c0d4683
SHA1d6525df7021817b18e8381c5b4910d47aadf8e28
SHA2565b0512306b70e66d89d63c17a131822b645cd63c6d19471830c4a901e23cf383
SHA512f017ec6e3d6ea8cc3aa3715ebdef8cd356aa224f28cd0a1ecc0dff4d1e69f6b84dbd6fcc2fe1c81ab24d7c8a7938014b890afa6580a293cb2c9212dc618da9ad
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8787170d-0db3-4334-89ff-7507a5f080da\index-dir\the-real-index~RFe599c65.TMP
Filesize48B
MD54790ad7c5963da91c2eb5fcc08877de0
SHA12081f88770c81db15d71fa62899d99674e7085ef
SHA256486f14dc00a6b2e4980817fb9d9624d2c31981157b05bd3659caf41389758d8e
SHA512594c05a9e820d09b8d04e4e813a01118823d029ad09442811b77a68684a91539c298143940d9db0d98fcaea8ec80cd3e697458b2c54e43777b63aa203807f0b1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize82B
MD579870b441792a299d2775448be71ebb7
SHA1fbd3a5936ea3d9cd03db157e4cb4a0778101394e
SHA25653c48a20331fd9ba605269b4f44f9e1166fe5d185c0808c2b59719827b455257
SHA5120815807f6599db976d33c26ec7eec96c3650fe9585bb9e08027a92fa89178b8664f1eff09a6139c0283bb85d292c4e8360235264bda5fd259c410966a205a77a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize84B
MD515bfbb9608326e7e0b18e198925d1712
SHA1336243ac033bf06b801dd63416bff47efd434e66
SHA256b41da8d4e001a54bfba40425922d690aaad3db5d431e161b5de5a0ce7ea4d7bd
SHA512fa92b0b891288ec0fc614d3aa0c34bd1655c2bb8633a4fe10ca1b6c27ac476c183503401140083c7115d92ee545d277fc7919ca41d595c3b551e7e00b0b1a824
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize146B
MD5b20c365ed30de247a67363b8be7d5882
SHA1548e7ce4dc19a6a2a8ac4b799e176776eb013826
SHA2564ee564464c6cdd73cfe954d2671995ed1639038534301c230d5381121cc55d5b
SHA5126dd73660a70d66a3a652853613aa6af0f1fae7d707bf4c3de0b1d8e6124df8adfcc2e3c00e261480d0c9220a0f131f27a3ac9191ab9334811ac54c9ebbd43194
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe593510.TMP
Filesize89B
MD53f9b50f37dfcda4c79ee71c1d0ff192d
SHA1fa76cfb0d380547347bee262b0dfb5873e7efe67
SHA25638463b35d5f0d2359bea32022eca32b62a63cc6678f72e9cd2274d78b2fd55ec
SHA51219bc3ba5932d9e316804029ad7cbc6c56cab5e7ddf438a4c48f12b0819cd5fbd164d6c39ebd46b81e2545067524457442f7891a0fed5e082b6e235765c01e3d4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize96B
MD5a5da51cedd0eecda4538e78bf4a0e2c9
SHA1328fe82e64421343a1a8b8d1b4d9d86af16777ac
SHA2561d5f7e2899f5309713a2aaa03526a32fb930c5f721f7f5d30ee77a3f3c70b789
SHA512cb81676f981024652728e2e691c92227fc9b0e01dc34eeed06c2ecb183c02382ddf827b814c4002582ebb93f6dcde1b3e02575118c00dce1c8174613cbf43d30
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize120B
MD589181a58d763d107b8669f196bf1557d
SHA1c7573c6ddf1d8876d88f3e656b810bf5bf65afdf
SHA256bd6e4c79c22a185b95b3d7ce3ea9ccee0da942e670c1a7ffec2f15ced000a066
SHA51292de69f6df49f7f8d5894dbb01b990b02be42b8a84cebecf91e29421beb3f97031384f7da566deccb74b955b9fdcaf6bcc6dbdf50565589c4b479f1687a7c374
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58847d.TMP
Filesize48B
MD502612792b4ffba5de68a5a045b7bee51
SHA12d6b9001419edc61ee4e5c1ae57624019236cafe
SHA256fb8e197b52300ad3ec3b551f3f17851fefffa0590d783cd5c171b346c11010dd
SHA512600325391403cbe76aab2f303ad8b6a1032f0ae4f920859bfb763dfebb904d49f2dbf9a3dac7aece65e2617764ad867f6eb044851270b49918a457b4a5450379
-
Filesize
1KB
MD557a04f4822b7bc03723ad9abbf693383
SHA1a1ed4c684066ad54d6d898f3680933962595ef00
SHA256e01ceec96f63e793b232494275e0694a98eb4bd28a3bf6881038ad85b580dbf8
SHA512350d1df28a03ee9897cc041997c5d4a90d548d4c58d2e17bc3cc4352d0f8c01f3e34011ac2f521bde0bd4e611bbf2e2be620aaf79d2198c80f56148421a15583
-
Filesize
1KB
MD5289d6e4aef8ef2dc578a215d9f3c9572
SHA1a2f33af6963c289e99d26f4fbcf1c058485b69f0
SHA2567124e56923a6c23ca67d721f96f0209c4f3a4df19a9c99ac640aeda327539c77
SHA5122940e012f5cacdf24454a878034489cca2f7f2612a692e5b0a847a4ca24dac4ffce38652d20831adaa5fa243a222e85115cc832f071b48ac6426c619843f4c58
-
Filesize
1KB
MD5ff46a89dea3053d61aa968dc4910c39e
SHA152c4ca2cd29a971d46937fa4260d345168f57fdf
SHA2564b1734f96c37ebee2d230bc23e693c0fe379a31b3b92a992c064d383803a6816
SHA512d9919731426d9f6b810e616493dfc9823863721a4685ed319c74417a5c4801c09fe52a9b33d5fdbff19aa004a2e3f88075f8ac9385cd2fffa385229b5bd6a957
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5a3f8af43afe98440060ca3e164ea597d
SHA164c79ff1562e728ceddd1f064db755f43e5ca116
SHA2564fedaffd5b4fc0b2c080c28fea8c6a558ea1dd19731ecaea895bde901578bf1d
SHA5123a730e1efa188e185a1f455634d8aa0156a4e18ada4a8d73572155aa010bf3b9a69660ded3a3fa0ffafd86253640569d3b5670b8618792141f2bc02f115993f3
-
Filesize
10KB
MD5a885e272786e031baf9a033309c32bfb
SHA1b8023930e0c957f6d4056a437180bdce885640d6
SHA256aba3ce155d615a797f67f54d8c55af6dc751471033f92fe933b8a399c9e10f7e
SHA5128d756e827e9c867f05f2a527be42d0bf5ba535ee3c06c133f8333c75b171104ad9349e80012d312f929e88e4c973b49632ae6275ac355eb26a0cc9abfab839c0
-
Filesize
452KB
MD5a2f47c218e2507db3b22eb7e6d780001
SHA1218a59915bfede4b5cbf2427200566709aa05bd5
SHA2565b60fc854544978a715bcbca8f5a3abd28bcd0bd8b50fb953318640f7a266d37
SHA512ae7152c080773d3910eeb05a47cfb551875e65dc5d88734114d03a6526348164caf179f2fc3b743850ed90b4fb80542e8b36ca31b3ef8168302500fbc0a701ff
-
Filesize
353KB
MD58766dce04feb646bf62206d64d6eb0ba
SHA191c5d588028c6c949e9cbcec950bcfaa35a791e4
SHA256f87e1ab69bef059744ee9244f37b0f21ef7d7b06fc5245094cfa22637ef6ae9d
SHA5120bc8fc880bb94ad55a732f2be207d88a6bb0ae8d97f91819e889d04420a71ae5d91af21861bad351c5fd7f4e944c1899b17df326bf19d310cc31a95fd38ee6a3
-
Filesize
408KB
MD55ada580c290b53327fc8db29d5cd66c5
SHA1a504aff6a9fa93bf4ccb69df17b5238804c659f9
SHA2565dcf1f4b285a6dd70ec7acd77eeb5752a3d381a8a697eafd394fcde615f3ba63
SHA51236da1958e7b4fad5367b257d9343c4eab59d50b01c610514d48eae2d0eeabf7efd06dd8fc63551a0a7e11df91aa3ceb063003cdd9c30c6755431ba218524fd49
-
Filesize
13KB
MD5f0e3d4ad2f1d09acf314a9e7a92777ff
SHA1958224c3c98945c38f4e12ad6d1c64c4b91e189f
SHA256b897644e314b31e0dd5159d061b9e77a512178f29a9f36076ec105e286212bb4
SHA51228ccc056d2f5bde039cc3502a584cce3baa5cf9700fda8775344935438a6951989b3a24903693ac5e5292ff250cc27f338b783b29191948bed7ff4cc8038c8ac
-
Filesize
21KB
MD55761ae6b5665092c45fc8e9292627f88
SHA1a7f18d7cf5438ee7dcb4e644163f495d3fa9c0ef
SHA2567acabca3631db2a73a5e20abd050097e44390ead1d74717aed936601904b73c2
SHA5121d743b407663e00a296c2ae45cb5a05a0866657afafbc9e8220e4c1839cbab2c09bf2a3510ec8016f902ccb7254edddf2a3412e7f5a4cafcabbeb5724a67b46e
-
Filesize
4.8MB
MD589d0a71f2cddcd6ec0be6ab9a8b8f703
SHA1373ceca02e5a58dfdd1e335387060cb7dea06c17
SHA2560b032d7ec4549cdec1345d92c2e59d53438348628d50ec28274eccc8c159cc26
SHA5122991a3e11dba87c4a9956a3ccdc9d41f6e94e7e1c533a68425c6a89c4bf8f7dbbeb88c8e49a9201e8090726fbc4c51db9dcba8d3e179795da666493c18aeea84
-
Filesize
133B
MD5910efec550edf98bf4f4e7ab50ca8f98
SHA14571d44dc60e892fb22ccd0bc2c79c3553560742
SHA2567349f657a8d247fc778b7dd68e88bc8aba73bf2c399dc17deb2c9114c038430b
SHA512320de5e34c129dd4a742ff352cfe0be2fac5874b593631529e53d5fe513709ac01f5d1d3dfae659f36a2a33aae51534ec838f5d3748cd6d1230a0f3d29341442
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e