c453c973a751ac4762242244d0dadc2ea4d57739b7d883a7e7d0aa0358108728

Analysis

max time kernel
336s
max time network
340s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
20-04-2024 01:39

Sharing

Reason

Machine shutdown: "{\"level\":\"info\",\"time\":\"2024-04-20T01:45:32Z\",\"message\":\"Dirty snapshot: /var/lib/sandbox/hatchvm/win11-20240412-en/instance_5-dirty.qcow2\"}"

Report Analysis Logs

General

Target

sample
Size

223KB
MD5

ad27eceeae213af0776d2117b34596e9
SHA1

263da3e1bb27308363e9a4a155edbf337aea3db8
SHA256

c453c973a751ac4762242244d0dadc2ea4d57739b7d883a7e7d0aa0358108728
SHA512

f2e38461d71d7120d4cabb5a43e89e8ca13656cda5ef784d93eeeaac136cc3d09dcdc34b0b0a78b77492015d1609f8333e26b000e3b8880c56a1ea039f054206
SSDEEP

6144:2DuqJqjQ+0VSgE29xxskm0nayRo3v9qvZJT3CqbMrhryfQNRPaCieMjAkvCJv1VP:1jQ+0VSgE29xxskm0nayRo3v9qvZJT3s

Score

8^/10

bootkit discovery persistence

Malware Config

Signatures

Downloads MZ/PE file
Executes dropped EXE 5 IoCs

Processes:

extra-ram_softradar-com.exeextra-ram_softradar-com.tmpExtraRAM.exeMentalMentor.exeMentalMentor.tmp

pid process

4348 extra-ram_softradar-com.exe
1912 extra-ram_softradar-com.tmp
2056 ExtraRAM.exe
5612 MentalMentor.exe
6692 MentalMentor.tmp
Loads dropped DLL 2 IoCs

Processes:

MentalMentor.tmp

pid process

6692 MentalMentor.tmp
6692 MentalMentor.tmp

pid	process
4348	extra-ram_softradar-com.exe
1912	extra-ram_softradar-com.tmp
2056	ExtraRAM.exe
5612	MentalMentor.exe
6692	MentalMentor.tmp

pid	process
6692	MentalMentor.tmp
6692	MentalMentor.tmp

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

ExtraRAM.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000\Software\Microsoft\Windows\CurrentVersion\Run\Extraram = "C:\\Program Files (x86)\\Extra RAM\\ExtraRAM.exe"	ExtraRAM.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1542.003

Processes:

MEMZ-Destructive.exe

description ioc process

File opened for modification \??\PhysicalDrive0 MEMZ-Destructive.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	MEMZ-Destructive.exe

Drops file in Program Files directory 4 IoCs

Processes:

extra-ram_softradar-com.tmp

description	ioc	process
File created	C:\Program Files (x86)\Extra RAM\is-Q6M6M.tmp	extra-ram_softradar-com.tmp
File opened for modification	C:\Program Files (x86)\Extra RAM\unins000.dat	extra-ram_softradar-com.tmp
File created	C:\Program Files (x86)\Extra RAM\unins000.dat	extra-ram_softradar-com.tmp
File created	C:\Program Files (x86)\Extra RAM\is-FV8J0.tmp	extra-ram_softradar-com.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 2 IoCs

Processes:

msedge.exeMiniSearchHost.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3263309122-2820180308-3568046652-1000\{8DA9D01B-3C2A-46BA-A64D-FD93AFA076FB}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3263309122-2820180308-3568046652-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

NTFS ADS 5 IoCs

Processes:

msedge.exemsedge.exemsedge.exemsedge.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 53571.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\extra-ram_softradar-com.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 326339.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\memz-master.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\MentalMentor.exe:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exeMentalMentor.tmpMEMZ-Destructive.exe

pid	process
1372	msedge.exe
1372	msedge.exe
1908	msedge.exe
1908	msedge.exe
2092	identity_helper.exe
2092	identity_helper.exe
1984	msedge.exe
1984	msedge.exe
4352	msedge.exe
4352	msedge.exe
380	msedge.exe
380	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
6568	msedge.exe
6568	msedge.exe
1384	msedge.exe
1384	msedge.exe
6692	MentalMentor.tmp
6692	MentalMentor.tmp
6692	MentalMentor.tmp
6692	MentalMentor.tmp
4116	MEMZ-Destructive.exe
4116	MEMZ-Destructive.exe
4116	MEMZ-Destructive.exe
4116	MEMZ-Destructive.exe
4116	MEMZ-Destructive.exe
4116	MEMZ-Destructive.exe
4116	MEMZ-Destructive.exe
4116	MEMZ-Destructive.exe
4116	MEMZ-Destructive.exe
4116	MEMZ-Destructive.exe
4116	MEMZ-Destructive.exe
4116	MEMZ-Destructive.exe
4116	MEMZ-Destructive.exe
4116	MEMZ-Destructive.exe
4116	MEMZ-Destructive.exe
4116	MEMZ-Destructive.exe
4116	MEMZ-Destructive.exe
4116	MEMZ-Destructive.exe
4116	MEMZ-Destructive.exe
4116	MEMZ-Destructive.exe
4116	MEMZ-Destructive.exe
4116	MEMZ-Destructive.exe
4116	MEMZ-Destructive.exe
4116	MEMZ-Destructive.exe
4116	MEMZ-Destructive.exe
4116	MEMZ-Destructive.exe
4116	MEMZ-Destructive.exe
4116	MEMZ-Destructive.exe
4116	MEMZ-Destructive.exe
4116	MEMZ-Destructive.exe
4116	MEMZ-Destructive.exe
4116	MEMZ-Destructive.exe
4116	MEMZ-Destructive.exe
4116	MEMZ-Destructive.exe
4116	MEMZ-Destructive.exe
4116	MEMZ-Destructive.exe
4116	MEMZ-Destructive.exe
4116	MEMZ-Destructive.exe
4116	MEMZ-Destructive.exe
4116	MEMZ-Destructive.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

Processes:

msedge.exe

pid	process
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exeextra-ram_softradar-com.tmpExtraRAM.exe

pid	process
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1912	extra-ram_softradar-com.tmp
2056	ExtraRAM.exe
2056	ExtraRAM.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe

Suspicious use of SendNotifyMessage 16 IoCs

Processes:

msedge.exeExtraRAM.exe

pid	process
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
1372	msedge.exe
2056	ExtraRAM.exe
2056	ExtraRAM.exe
1372	msedge.exe
1372	msedge.exe

Suspicious use of SetWindowsHookEx 14 IoCs

Processes:

MiniSearchHost.exeMEMZ-Clean.exeMEMZ-Destructive.exeMEMZ-Destructive.exeMEMZ-Destructive.exeMEMZ-Destructive.exeMEMZ-Destructive.exeMEMZ-Destructive.exeMEMZ-Destructive.exe

pid	process
4800	MiniSearchHost.exe
5892	MEMZ-Clean.exe
5336	MEMZ-Destructive.exe
4116	MEMZ-Destructive.exe
6136	MEMZ-Destructive.exe
5892	MEMZ-Clean.exe
5760	MEMZ-Destructive.exe
6372	MEMZ-Destructive.exe
3536	MEMZ-Destructive.exe
5224	MEMZ-Destructive.exe
5760	MEMZ-Destructive.exe
4116	MEMZ-Destructive.exe
6372	MEMZ-Destructive.exe
6136	MEMZ-Destructive.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1372 wrote to memory of 1424	1372	msedge.exe	msedge.exe
PID 1372 wrote to memory of 1424	1372	msedge.exe	msedge.exe
PID 1372 wrote to memory of 3684	1372	msedge.exe	msedge.exe
PID 1372 wrote to memory of 3684	1372	msedge.exe	msedge.exe
PID 1372 wrote to memory of 3684	1372	msedge.exe	msedge.exe
PID 1372 wrote to memory of 3684	1372	msedge.exe	msedge.exe
PID 1372 wrote to memory of 3684	1372	msedge.exe	msedge.exe
PID 1372 wrote to memory of 3684	1372	msedge.exe	msedge.exe
PID 1372 wrote to memory of 3684	1372	msedge.exe	msedge.exe
PID 1372 wrote to memory of 3684	1372	msedge.exe	msedge.exe
PID 1372 wrote to memory of 3684	1372	msedge.exe	msedge.exe
PID 1372 wrote to memory of 3684	1372	msedge.exe	msedge.exe
PID 1372 wrote to memory of 3684	1372	msedge.exe	msedge.exe
PID 1372 wrote to memory of 3684	1372	msedge.exe	msedge.exe
PID 1372 wrote to memory of 3684	1372	msedge.exe	msedge.exe
PID 1372 wrote to memory of 3684	1372	msedge.exe	msedge.exe
PID 1372 wrote to memory of 3684	1372	msedge.exe	msedge.exe
PID 1372 wrote to memory of 3684	1372	msedge.exe	msedge.exe
PID 1372 wrote to memory of 3684	1372	msedge.exe	msedge.exe
PID 1372 wrote to memory of 3684	1372	msedge.exe	msedge.exe
PID 1372 wrote to memory of 3684	1372	msedge.exe	msedge.exe
PID 1372 wrote to memory of 3684	1372	msedge.exe	msedge.exe
PID 1372 wrote to memory of 3684	1372	msedge.exe	msedge.exe
PID 1372 wrote to memory of 3684	1372	msedge.exe	msedge.exe
PID 1372 wrote to memory of 3684	1372	msedge.exe	msedge.exe
PID 1372 wrote to memory of 3684	1372	msedge.exe	msedge.exe
PID 1372 wrote to memory of 3684	1372	msedge.exe	msedge.exe
PID 1372 wrote to memory of 3684	1372	msedge.exe	msedge.exe
PID 1372 wrote to memory of 3684	1372	msedge.exe	msedge.exe
PID 1372 wrote to memory of 3684	1372	msedge.exe	msedge.exe
PID 1372 wrote to memory of 3684	1372	msedge.exe	msedge.exe
PID 1372 wrote to memory of 3684	1372	msedge.exe	msedge.exe
PID 1372 wrote to memory of 3684	1372	msedge.exe	msedge.exe
PID 1372 wrote to memory of 3684	1372	msedge.exe	msedge.exe
PID 1372 wrote to memory of 3684	1372	msedge.exe	msedge.exe
PID 1372 wrote to memory of 3684	1372	msedge.exe	msedge.exe
PID 1372 wrote to memory of 3684	1372	msedge.exe	msedge.exe
PID 1372 wrote to memory of 3684	1372	msedge.exe	msedge.exe
PID 1372 wrote to memory of 3684	1372	msedge.exe	msedge.exe
PID 1372 wrote to memory of 3684	1372	msedge.exe	msedge.exe
PID 1372 wrote to memory of 3684	1372	msedge.exe	msedge.exe
PID 1372 wrote to memory of 3684	1372	msedge.exe	msedge.exe
PID 1372 wrote to memory of 1908	1372	msedge.exe	msedge.exe
PID 1372 wrote to memory of 1908	1372	msedge.exe	msedge.exe
PID 1372 wrote to memory of 4888	1372	msedge.exe	msedge.exe
PID 1372 wrote to memory of 4888	1372	msedge.exe	msedge.exe
PID 1372 wrote to memory of 4888	1372	msedge.exe	msedge.exe
PID 1372 wrote to memory of 4888	1372	msedge.exe	msedge.exe
PID 1372 wrote to memory of 4888	1372	msedge.exe	msedge.exe
PID 1372 wrote to memory of 4888	1372	msedge.exe	msedge.exe
PID 1372 wrote to memory of 4888	1372	msedge.exe	msedge.exe
PID 1372 wrote to memory of 4888	1372	msedge.exe	msedge.exe
PID 1372 wrote to memory of 4888	1372	msedge.exe	msedge.exe
PID 1372 wrote to memory of 4888	1372	msedge.exe	msedge.exe
PID 1372 wrote to memory of 4888	1372	msedge.exe	msedge.exe
PID 1372 wrote to memory of 4888	1372	msedge.exe	msedge.exe
PID 1372 wrote to memory of 4888	1372	msedge.exe	msedge.exe
PID 1372 wrote to memory of 4888	1372	msedge.exe	msedge.exe
PID 1372 wrote to memory of 4888	1372	msedge.exe	msedge.exe
PID 1372 wrote to memory of 4888	1372	msedge.exe	msedge.exe
PID 1372 wrote to memory of 4888	1372	msedge.exe	msedge.exe
PID 1372 wrote to memory of 4888	1372	msedge.exe	msedge.exe
PID 1372 wrote to memory of 4888	1372	msedge.exe	msedge.exe
PID 1372 wrote to memory of 4888	1372	msedge.exe	msedge.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\sample
1⤵
PID:4544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffefa2f3cb8,0x7ffefa2f3cc8,0x7ffefa2f3cd8
2⤵
PID:1424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
2⤵
PID:3684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
2⤵
PID:4888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
2⤵
PID:1316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
2⤵
PID:1160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
2⤵
PID:2436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
2⤵
PID:4572

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
2⤵
PID:2164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4624 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
2⤵
PID:940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3988 /prefetch:8
2⤵
PID:1440

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4648 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:4352

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1
2⤵
PID:1844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:1
2⤵
PID:4820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
2⤵
PID:3600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
2⤵
PID:652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
2⤵
PID:2352

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
2⤵
PID:2080

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
2⤵
PID:4668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
2⤵
PID:4352

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
2⤵
PID:904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2492 /prefetch:1
2⤵
PID:3612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1636 /prefetch:1
2⤵
PID:4252

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
2⤵
PID:1748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
2⤵
PID:4032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
2⤵
PID:3704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6484 /prefetch:1
2⤵
PID:1004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1
2⤵
PID:4400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
2⤵
PID:2080

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4544 /prefetch:8
2⤵
PID:3800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7348 /prefetch:8
2⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:380

C:\Users\Admin\Downloads\extra-ram_softradar-com.exe
"C:\Users\Admin\Downloads\extra-ram_softradar-com.exe"
2⤵
- Executes dropped EXE
PID:4348

C:\Users\Admin\AppData\Local\Temp\is-4NHKG.tmp\extra-ram_softradar-com.tmp
"C:\Users\Admin\AppData\Local\Temp\is-4NHKG.tmp\extra-ram_softradar-com.tmp" /SL5="$2030E,260343,54272,C:\Users\Admin\Downloads\extra-ram_softradar-com.exe"
3⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of FindShellTrayWindow
PID:1912

C:\Program Files (x86)\Extra RAM\ExtraRAM.exe
"C:\Program Files (x86)\Extra RAM\ExtraRAM.exe"
4⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6996 /prefetch:1
2⤵
PID:3348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7044 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1
2⤵
PID:4804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
2⤵
PID:3448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
2⤵
PID:4400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7648 /prefetch:1
2⤵
PID:3596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
2⤵
PID:3476

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6868 /prefetch:1
2⤵
PID:1532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7164 /prefetch:1
2⤵
PID:2276

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7412 /prefetch:1
2⤵
PID:3600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7064 /prefetch:1
2⤵
PID:236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:1
2⤵
PID:4792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7420 /prefetch:1
2⤵
PID:2404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8056 /prefetch:1
2⤵
PID:4048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8184 /prefetch:1
2⤵
PID:4812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8636 /prefetch:1
2⤵
PID:3428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8760 /prefetch:1
2⤵
PID:2496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8752 /prefetch:1
2⤵
PID:5196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8940 /prefetch:1
2⤵
PID:5204

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9268 /prefetch:1
2⤵
PID:5332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9420 /prefetch:1
2⤵
PID:5340

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1
2⤵
PID:5488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8468 /prefetch:1
2⤵
PID:5712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9956 /prefetch:1
2⤵
PID:5720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8492 /prefetch:1
2⤵
PID:5912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9968 /prefetch:1
2⤵
PID:6028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9576 /prefetch:1
2⤵
PID:5356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9412 /prefetch:1
2⤵
PID:5700

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9884 /prefetch:1
2⤵
PID:452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8940 /prefetch:1
2⤵
PID:5444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10476 /prefetch:1
2⤵
PID:6024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10560 /prefetch:1
2⤵
PID:2792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10832 /prefetch:1
2⤵
PID:6016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10856 /prefetch:1
2⤵
PID:1048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9364 /prefetch:1
2⤵
PID:6264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11072 /prefetch:1
2⤵
PID:6352

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11100 /prefetch:1
2⤵
PID:6368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2620 /prefetch:1
2⤵
PID:6976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9404 /prefetch:1
2⤵
PID:6188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=9044 /prefetch:8
2⤵
PID:6332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9004 /prefetch:1
2⤵
PID:6344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=8880 /prefetch:8
2⤵
PID:6340

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10244 /prefetch:1
2⤵
PID:6696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5796 /prefetch:8
2⤵
PID:6712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:1
2⤵
PID:7052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10440 /prefetch:1
2⤵
PID:6256

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7636 /prefetch:1
2⤵
PID:5444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11208 /prefetch:1
2⤵
PID:5184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9044 /prefetch:1
2⤵
PID:5260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8172 /prefetch:1
2⤵
PID:1248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9332 /prefetch:8
2⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:6568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10580 /prefetch:1
2⤵
PID:1312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10604 /prefetch:8
2⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:1384

C:\Users\Admin\Downloads\MentalMentor.exe
"C:\Users\Admin\Downloads\MentalMentor.exe"
2⤵
- Executes dropped EXE
PID:5612

C:\Users\Admin\AppData\Local\Temp\is-5FV2U.tmp\MentalMentor.tmp
"C:\Users\Admin\AppData\Local\Temp\is-5FV2U.tmp\MentalMentor.tmp" /SL5="$80300,2483849,845312,C:\Users\Admin\Downloads\MentalMentor.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:6692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
2⤵
PID:6428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8016 /prefetch:1
2⤵
PID:5992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1
2⤵
PID:2404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,10490580260401723428,4230917040977658666,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:1
2⤵
PID:7144

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1860

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4536

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4800

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1540

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004E8
1⤵
PID:1884

C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Clean.exe
"C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Clean.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:5892

C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe
"C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:5336

C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe
"C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4116

C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe
"C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe" /watchdog
2⤵
- Suspicious use of SetWindowsHookEx
PID:6136

C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe
"C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe" /watchdog
2⤵
- Suspicious use of SetWindowsHookEx
PID:5760

C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe
"C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe" /watchdog
2⤵
- Suspicious use of SetWindowsHookEx
PID:6372

C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe
"C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe" /watchdog
2⤵
- Suspicious use of SetWindowsHookEx
PID:3536

C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe
"C:\Users\Admin\Downloads\memz-master\MEMZ-master\MEMZ-Destructive.exe" /main
2⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
PID:5224

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
3⤵
PID:5628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Extra RAM\ExtraRAM.exe
Filesize
541KB

MD5
296bb95222cadfcf5c032d78d3f52736

SHA1
2e38782335d4f349383933cab90fa9656d6e3fb0

SHA256
d9390e7590630c349cb7c0ec4b5ba8b459d646c3c820d9047ab171f6a77272d5

SHA512
ccc393b09f94c1ad01357bcd441b0132602de956bc0a16d646f6bb7b24b0d2c243fa392e6ae5f3483eb546ed07af1c42529623837058ca2eebffa36707fc3754

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
57e5c5a9236321d336e2c8ce1eeff844

SHA1
8fd4288af72ba3f7a0ecc5583a9265723fefc096

SHA256
ae6496cf397848bf3139858deaf567e3df991bab5a7704a0fa7aae95474872d7

SHA512
bc3f24afe6ce0494022d8201a01a60239ac5cfee54e0650a337036817056424b418cb636d58d07e5034dffe2226906202b56509e4cc07562c0b60f618c420080

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
493e7e14aceba0ff1c0720920cccc4a2

SHA1
468f39cefbcf14a04388b72d4f02552649bf3101

SHA256
a0dd32ed60115f661a4ca537472e0d4e230ff844d56a3db766299cf4cd817842

SHA512
e16c748e4513ea10bf7124cef7b50dc5f3a1802205af9228e0c33fdbf3c24286739db08db4b813079ed7cc36be43d7457f4c26f00ae3126a2fafd77d2696107a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\67b15460-58af-4ec2-acaa-4c9397c1c149.tmp
Filesize
7KB

MD5
fc2db7b1acac61c58eeb2033dd0064c2

SHA1
4c6d0ef395d1c74313b194ae32f8a580885be5a6

SHA256
129e4f15533f6c6ebc8e99920d6e9d7799999d7e7a1b55e51d6ef964db4837fc

SHA512
a44fa995d9cbc12b06f9aa1ef9c88db00ca13d56db090073315500aa7a2f833a3568fddfab4c7cf664c5a9ed3f53fed667b5f1b1b0ed174443eb74a6688b06fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
Filesize
69KB

MD5
aac57f6f587f163486628b8860aa3637

SHA1
b1b51e14672caae2361f0e2c54b72d1107cfce54

SHA256
0cda72f2d9b6f196897f58d5de1fe1b43424ce55701eac625e591a0fd4ce7486

SHA512
0622796aab85764434e30cbe78b4e80e129443744dd13bc376f7a124ed04863c86bb1dcd5222bb1814f6599accbd45c9ee2b983da6c461b68670ae59141a6c1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
Filesize
36KB

MD5
b8a4bc990b87e9eb73a932db3e67410c

SHA1
2fa86989312cef68b1cd471263c8cf2dfda009dd

SHA256
73c29de3fcd0e0314679d144981177177c4bc6b46c85899a0ac9d725aab92332

SHA512
b2dc2ad62ba3af0d24657b063d16070f166538dda292b1dfe40c264c8c80b3cd7c82adb5e4f98222210d1c6e3dd43f4bb1711cb678a07c41b2de8be24f42279b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
Filesize
226KB

MD5
df3641e0b5ccc838ed4a1582a1da49b0

SHA1
72576c2f1470e2e0728adc973b41dabe1efe6169

SHA256
fc301d9ccdb8e8665f86d3253cca11e7008296896fd7074092cf79fea8e311a4

SHA512
94c4c1272a8564e2e53d91b3742130e8c412c5a64dd47adc91f1fcd0a27c4e6fc9739924b3b0f40dff7255df33755e4886d053881503dbac5f3c210b4d1ade41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
Filesize
34KB

MD5
e8117f0a14c3cdb602bb39b3dd88d992

SHA1
b4d08bb1089be5eb84ef9408400e594fbefa05b4

SHA256
2f11c98f111e90b39ce0e3ea3d62912bbccc97a54340d17843a5cedb742c9811

SHA512
97fac38d5a5bc939a65fc289dcefb0be7c7da50ec6828653579bb306b7d3b387299e71cb45cacbfc5cfe3e442bccb31726674c4acfc0d76000fdc050b737f589

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
Filesize
1.1MB

MD5
798e76073abe579251a34ee1dacf9b3e

SHA1
7e9294eec6545c8e1bbdb7849a73820cdca2fbd2

SHA256
8657f6d3867c20699a230df7939c02ca5fe065db2efcfecf5d8d864ca4873666

SHA512
cf5d69395e47fd4da4de0019a77162736c38f88ef0dd803d114388fbfb139a66083f51bbedd8ab205ab5d41f8464a685f4e0f6b5d3a13f7b91cbb211de14c7fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
Filesize
32KB

MD5
bbc7e5859c0d0757b3b1b15e1b11929d

SHA1
59df2c56b3c79ac1de9b400ddf3c5a693fa76c2d

SHA256
851c67fbabfda5b3151a6f73f283f7f0634cd1163719135a8de25c0518234fc2

SHA512
f1fecb77f4cdfe7165cc1f2da042048fd94033ca4e648e50ebc4171c806c3c174666bb321c6dda53f2f175dc310ad2459e8f01778acaee6e7c7606497c0a1dea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
Filesize
74KB

MD5
bc9faa8bb6aae687766b2db2e055a494

SHA1
34b2395d1b6908afcd60f92cdd8e7153939191e4

SHA256
4a725d21a3c98f0b9c5763b0a0796818d341579817af762448e1be522bc574ed

SHA512
621386935230595c3a00b9c53ea25daa78c2823d32085e22363dc438150f1cb6b3d50be5c58665886fac2286ae63bf1f62c8803cb38a0cac201c82ee2db975c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011
Filesize
36KB

MD5
208d0121595cb33f049ac33bb5ea7c77

SHA1
02096073207880c99343a39b38d617ad24a613d4

SHA256
b89378f308f659a8f33323249de0b77b996853464c790ae5df80a775c6614ccb

SHA512
e30ed0544e3ea7ca9fb3ce418a0b8994cac0af9c4a977b4b7e230dbf8f2ec3fde5124ebb635c6bf1044913d88c922c0d432fb8007be2f8d42645b4693e9ed19c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d
Filesize
65KB

MD5
d37a0b50e8cbbc3de35d3d1e9e1185cf

SHA1
c898ddfa3f2c551980ab4bef4a463c3fd11021b3

SHA256
deb12434ba06baf14aed67ee8aa28f48ae856f3792797eeeab1ee218754caf04

SHA512
d52983a3cd1343454bb9bfecdcdb76791a93b15fe83a46a62ca668041fff818f94815b6c596c2794972e11df3f4139a86e480578cd5e332bf9325e6e5e1572ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f
Filesize
19KB

MD5
2857adf1a9605ffe485d8fc987dd9fed

SHA1
94e412468c687d6c43dbb9427cca3eabc23944c3

SHA256
bc7f037334953f85a56ab92753e4bc429815445ff54e727e9cb69ed097d5161f

SHA512
012e1b52dfdf8dc00633569ff161662133d37cca4df26cbbc273b0eb6cfe52c1054fc8d5036dca26d754fe21e014f5e978f334f4abb5b36e831182489272fe14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008b
Filesize
3.2MB

MD5
4403cb3b8b299528d40a2555d8395beb

SHA1
52971b252d0e259808f158872db478eef4ed94e4

SHA256
cad92559e7848f000ca084aa6e5434a2eafedd2bc2e5ff06a13b724bfd447359

SHA512
a1bd42758a68499dbce08cf99d6da6cd526914032a8129869da40c28f6daa4006b26b24047d40d0e4e11e325c97cef603172d5029bfda4756d5b94f0454fdb18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\06450eb6a7b09545_0
Filesize
2KB

MD5
d4fb465d784955c1f8611f662fe4e2af

SHA1
4065830cb85f37b08c4cadc70b9a76031ee99a7a

SHA256
00d7343b882e7d894eca07e29755880b947d4103b6c9bbfc0264bf5044cc11af

SHA512
b6919058eca5bc7cdabfec87ed0a53fc4a9950bda061fe7476d0dce209809845427f4be081ece906a46d8a56135c566af37163ab3e5107945b934267ff82624c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0b0642232c5e45ad_0
Filesize
1KB

MD5
87b578a7bc9a8f5b751cc913917633e8

SHA1
4d8fbe2cdb5fb1d44b7b8eb8032eef4c85f208d1

SHA256
56d6d8a02bd0b9a1965e0666c7370f59b5f0aef77ddb219c988367feb191c50c

SHA512
2a501c796b1f6ec88bc7d1bdd322a2912fc2098da7b6f2b28b5ec93916ffc1097635795f3e8e7e25708ae047658ff2322be4c9e27e822d0ada9c596cf95caf9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1927a26afb9a8b4a_0
Filesize
3KB

MD5
7f3fe08f25f38b68c6827a26cffa8a16

SHA1
12f2f0f1c630485859659ff80291f47e02ab29bd

SHA256
fde1b3cd670f56eb883023dfe5f18d591eb2745e0e2bf770fe829f446314ba0c

SHA512
e1f19d9f507d998d07d9746f0e73d5b3219dfc329fb446097f8df2330f9a84fd9294851b2930180047d7407b7cc998a50f6074068f3af8714845542d862c112c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\64fa70d4ab69732e_0
Filesize
9KB

MD5
c63b5b6bbd3d8437393f9be76f1bbb23

SHA1
41354cbcf1f2ae979513389b0114f66a53e05f0a

SHA256
f98108ddf2ee6b363dae8c3513077d710be0b11e00cb8b144166b55582487a55

SHA512
e9963dd581a1b94f6860ae3925328e5c65796c8e3dca45ee483740bda3b22d3c770a936e5202d44237e5f821771ce00268b35775e0499030be0cf74d3e3fcdd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6d3b0ad57bdf7db9_0
Filesize
1KB

MD5
8912db6a321baa3a2009ba06b25bc407

SHA1
4820b1d6ffc8728e95f122bd352b8b1d8f2e9bb3

SHA256
3311b00f11968d8b8040e973bbd4e966d6e12b6e64a011c40a18991876f7b174

SHA512
93f23eaffea24faa54e6ed8f22b446ad7deb656255d8b36abbcf603b9ff8a6b0b96076f07609a809a5975584337b40636544e8033e3b43d75d6bbcc1249261cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8e5987d08f7b6e11_0
Filesize
3KB

MD5
28c550a621d0c62ae5e233282474d92b

SHA1
b34e188e797d4511c585056c40efd979b02bc9a7

SHA256
3d6e0c70749377f5d1e6b61de465dfaf73936efc130bb03ffb032873f1c4f06a

SHA512
71c432cbe4a86946f0632561f7317fb5a5e9ef1b7adb8ea1ac23eb78a643b36aeb7468d4cedf7d65efe31606786dca2d18f2dadbeab38ec680f1b639db130c55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\94ebe1630900d094_0
Filesize
21KB

MD5
928926a64cf1302aa3277a6b786b580c

SHA1
4a834d729b6976e4331afc2aa758a1ab8ab7bdf0

SHA256
a011816f596f6ef7d7224881571fd0a8e650c4bb839c338b419e5e5db08566ab

SHA512
e699cee68b8e568ec650d50b21d40e6c4edc7812e1260a2c949c1208080438a728f7ce21c7e6b9f9ad3bf3c2f542cacd4119e816e9d7e884572ac6f9fa45e69d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\af2cfcaf6d9b18bc_0
Filesize
5KB

MD5
bdfbeae5bee62187b14346768fa3fe88

SHA1
832d91cfbd52a1b469e98cc980a165c673efa5c5

SHA256
64df7dcf8b9bc83e72e460716d2c419e33727e576b2b3dc12bdd8f912c887bc0

SHA512
01badb00d0f3c61e8d1df86352a5bbcd5568373b645435bd4fd8ef1e3b2d5262c808a693d7a992a999ad8aa2bc65c317b4b3681b7a1d9ebc09ba0d8e4bea6482

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b1d7d09e2437e8ee_0
Filesize
5KB

MD5
70dba1ef832659e1e5aaa3bc217a9614

SHA1
c5148cf94eb3c447f69b84d6b8a295d463f5f6f9

SHA256
e327cb5e7cc2614e42bf58edfe4ee8859eae46a52462a402fb8f061565db8ad5

SHA512
2d65a6dda29210be0ddd267e47df9348208716b160d3ea7d0f079bf90036deb09571b66eba40d4f543e6279449523a4addc7a220728fa61ab5d2e20c72a9c1f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\daf0b019d07753bd_0
Filesize
4KB

MD5
b242b9ab15da3bcf234d826d9aa1cb82

SHA1
07d0fc5d65ef864c017fe3c2fd049720e89c29c6

SHA256
aba15507a7710851bfe0ab7b5192bbe43d0d803ae5f512a0e8c6641c2746a0e2

SHA512
09bd5d4ceb0efc696f8bc5228d0792d861f3e4d54b375a1725a69aee66cb116ad0ca031833c0c97d934bf7d041ea42b8a777538c577c8a3a51d60f8aa7d0d9ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e55f0a6d1b533c66_0
Filesize
2KB

MD5
0f4a4aedfc88d4c1d3d9c3ccf59d68ae

SHA1
2542d13838a698245ac7845a57e09359900880fd

SHA256
5f462ac1465f4f75e1c18df7939350c1ac800a6f375ea621e07cad13fe3c6624

SHA512
f4a1077530213822c25fa9a1aab9f97c09f7de195c9706f0752b9faae42c55d26391df8232033a1d871e4d7b40528089928318645c17ac1da052222697b7bb88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
e8d6f1d9b6487c3b4d9b5c3c4b860427

SHA1
beecce3b8b778ad1da727dd2af210e54d91f1c22

SHA256
4d3a4cb25edeec431e19885babc3b91fb5a7c8ed654cd3f0a6f8789278cc4538

SHA512
a0c03c20edc60dd295523bd8db0e7563b9b612e6770febf114afd759e924c130b21b972b784f78304e07cb845488bfb0d3391ed24dbcb0c49eba218feacd5b74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
629f2c188126a44a5a413a0aa81c99e4

SHA1
5868bf108f049d4b67df9ed6a08f1d40f00baf89

SHA256
8f87bd4686146ec63c1b84dae58268db642eec9015b3b8281cf10f5637746643

SHA512
28e7946b970d5c003cdc3fff04aa8f2e50f58a15e00818c522ad608d31d1818bdd9bde9735f656fa6d7c40088ed20abcb5dad369bb773a4dc0f295ddc72bbfb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
7KB

MD5
b5b2ec8f18eb0ae5b340061f2dffbe84

SHA1
58f887611ea9d9ee4c12d0f34e6a59f50cfd403d

SHA256
7b263dd3a60468b16736b98198d2da7a0cfd94d6bfae2d2fef0aa2aa3afe967b

SHA512
9230e22ce432115d5c9eb491244152376fc9a2c76e2ef80b9a64f88e146dfd57c06e689dbf7fe5a6b89a8c034d22a7bf24678e3d0cc6aa8d7c7e0deccae9f74c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
7KB

MD5
4774251744e4fb3a91819f9493d6bd65

SHA1
d2046b0eaa061989a843143a4ae41bbdb6eae88a

SHA256
b2415257bdf6e3a6ba10f665247b6bea3550359d705569a72f4406f3a5247c7a

SHA512
add8122346707a31278aae91b2195b0858adbfdf3c9da3090ab2ec10d1898637cb8ca9fdd6d72a063eff6ffb07ed033f3929992bd26d3da5eb46ba287a0b3599

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
7KB

MD5
f3440d3878a80af3177867c12277ff80

SHA1
cb9619e459a3cb6c14a7487f7eed68f3dd7d36fa

SHA256
3b31a94b95f1981659c9e24de78e1e019d0f6b181f475834973167ee9a2e5ae7

SHA512
f923a797d6225cbc187695b48fdf8b27a53d460acf1e479b29f24050d0378396b8fdaada8be1c59a17c0dcce3d2618f8ab68fb4d0120fd7f71f1c6f610dedfb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
9cbcdd2e2bd262c399f5d9ecd1dd16e6

SHA1
3226e86d997bf0dcb0723cc9308ad8680d2522f7

SHA256
0f96dfb918af2c63ed917756862d877f5927a2465ff594a4f6363db906acbc14

SHA512
4337695c6f96a17a555f99d058a3c5f076427de7b6a9d4b89be734a2c168152ced9786845c26540670d869805f13044e9477331b2701872f802f2fe1a60e4d87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
17KB

MD5
a9bfa24671052392853ebb28bc4d5a0a

SHA1
ad561cde2ec78b451328a88a45facaf69f82a5f2

SHA256
1da5751c2b90c74a7823e53e22a0c627e1de3893a19732ec9b3c255e0e6d67b5

SHA512
0b3447a7c747af5c966f6c2afa686f4e4688735b240e2d0e6a4bcfebd665e0248edfe33a6a4114345bab859c488a7416d658909ba2611a5125ace5f098b9c2c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
16KB

MD5
12b3f364144656e23b70f91d363772d2

SHA1
d702b10b205f188af8f785974e70a632911d65f7

SHA256
694cac87004cf8096679dd1afe18be1afcbc6b6a28fffed9f4221c5d1dd09bc3

SHA512
5da02e742305f215b6341fc3dea780497e4a3354d9846823b69804b63f32f8ae91f823d6401989d4bb9ea0b313a07de08e029fad139db0648d0f84613747b8fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
4KB

MD5
778cd3e950c00fa2fdd26ff5c7ad0443

SHA1
f07d67528d6ad054d5147a039b0fe4843d9ce356

SHA256
f37c1a0577d5b11f78511ec5ca67ee47c2ba8c16c2bec02ed21d4369e9501823

SHA512
a8fb9217c27f7d72d26d900bef535698a4a14848ad5d63fdf2e0487c12e366fb8d7b93575ed252fa9c617eaed70315e7f2a53b2994e34f47c2410f32265210f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
21f84dd407f236a50ee9420e151d0bdf

SHA1
0c3ca6e8e49f400b7dede5982e0a5c4dfc20946f

SHA256
a7c3d7d44bbf6910ed8b08682f274de06535e5509ec7be9cd9cda489e78bde9e

SHA512
f7b603385139f77b8622e9bf156123e6c88950b9aee44b30e2b6a42c3f60b541c696eb4ba67ef0ef4e69a3cbcb2ee48c589bbe3cd1c8ff966ee70a48b2651354

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
631fa02bbc9b36735bab8db9b43ded76

SHA1
b4ffc72e5dd4901ac24d745596fb6d9471e4be54

SHA256
ea7b4aa2fba75bad279ee64815a01e5cd2cf1e1c3e2a0f814ceed52f0250f28e

SHA512
67afc952c215ea105f7fad08e91c1042313e6794aed83136022e708fc1a4ff6c367d2ba9b840d80777c96d7b476c87aa07502d65d91e05cb2f6c3a249d62339d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
d2049254232f0d741ade86547095c147

SHA1
c5069165013a8b8ed03bf306f4937654d8d246df

SHA256
f380eafa0e595c52882bb7449406ad365f37ce1e25dfe27619bffb75a9a4853a

SHA512
a07db8a1b4c97d08441aee95450b2021da16e6ab86b2df86f0453f4f9071bb5c043098d8c5353d299c5aacb883dcf6ef05320df6e0822c5dc38e31b6d3ee6ccb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
14KB

MD5
b6fcfcd4092af16460c39d8a55b75e12

SHA1
0cf22f0437d011932b60a24b6de63b526aa299b2

SHA256
72b92805ddbaebe995df13be60ab6dc8b199b551baa6e9201e5ee8d01976b332

SHA512
6874e5a92a1bb25461652f6ffaaee2a97a04713136daa0cda90a271ffea2c7ddb3e8bf22e58f45e7ed93aa3607310aefb694df591fb4b5ac57a1e2e2849f6220

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
19KB

MD5
7613dfa149d186488215178a940c662b

SHA1
c746ce2b9ea54ed64c51372158dd37baa3a903b9

SHA256
515a95a8e47acc86397b1258d5555153f652b3718ff1a7c85bb1dc283915c587

SHA512
f91325808d0ded31cbe740a79a21542839e33f5367e2c0d66dd5e1c36cce01ac889b6c1f4518e172d189dcf477365e6df7af4facd9a908a99cb356f220442f47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
97f7431f615dc0dc432cfe25cdc7ab8a

SHA1
f4f061f08e3af8b20ae2a9968844d42c09b4ccdb

SHA256
a910f3c33477c66761085ec9dddce45d235d55043b738e053c113bd7370abd65

SHA512
58a24afa90965995c6da2cf98b1ec6d27b76af7c0d9f5073f42564bcca829f273a7546518d060e19a7dd066282369d3c1d10f4ef7383fa29608646375d6b87a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
18KB

MD5
82c82c9f64e946363b64929b363c40a0

SHA1
3a306178f2878e726185f3046dff16413776228c

SHA256
ce90ff7fc04e571c9689fe319eff971f52b37f042e6ed0104a05dbaee7d63289

SHA512
6005540d74dd90e279a11b7b44f61189203af1af96663cb80f79c80a2150133e7b49406f66d4bc4aa5107327c877eef2ce5432f97ce773599a3a2eddcf8e0381

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
b856b33df07cf4a00cb92018d34d4da2

SHA1
2b0ef693c549a79a4afbf2ccd6508c381e0b0cc6

SHA256
093d7fccb7dda6bbe42625e9a49714f33f3e2240617c13d8808f0fca216d1abc

SHA512
5c29cc74edccfb533823da0025004512ef9866d9f03bfc91293ea52d81c1c5fc17f7941d38375391d174aea459f336f8cb1e3e8b94d13a58e7557b79f1f353c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
6b1d7405329e4b5f878ac73252d3882e

SHA1
ce257077c805478fa5fe158afd3f372a87a684f8

SHA256
10fc3e4002d10f4ea85dc92c6bfd563c5e9b80f0b337a05c8db9221e5bf797a8

SHA512
e9c3ce88d1090b845adf372a238482b10df9ac708997f9f2e4e855571a95c0d079bd465a70ec2cf9c3b366a850b97883b192fe7da4811486a7c1b1aeaa0eca14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
8e4315c61e8166fd8ecb4b7d49601f5b

SHA1
716ca504e984bc61c368e9aa11216e5bc0a93edf

SHA256
ddf154b24d907b36109ac91a9430720f93039b507ff8fe5fcd61687eab25e6be

SHA512
fc1f023aed7daaf4e63dabee51c7fe41395185a2d8762b9280d2e2ac494d18a8a8b9f4a5f0b4fb17f95ad271d68db710c4930c9b6f6cd63d203b1bae8f11c1d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
ded5d1de6153406108984a5b07448439

SHA1
86774d8393a148f473433f71ac5eccc11e772e48

SHA256
58addadb75b71a0f34d45c9c2fe5427c6c56231d3a16e8bfb76bd37f3307f3d5

SHA512
a9155ded627047727d76fb6e1f2fd749bb4a766c3089b43d94fbabe3dd552b4a561154cc9969ac4da3ca4187f5b52fd9b4557043d7ef77f14629b42c6e87a6fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
1e2fa4b7d6ec79c6b344ce14741f7e94

SHA1
210b66d4c5d1962f82b3199e23288413d12783dc

SHA256
a7f9bdbd0272c3679a1b35602846002ca79da49157937cf0c3b1cac04f87e695

SHA512
5254f2b29eee4a1bc061a53c743617a6a4b1c3c798a0641f2e956bff0ebd182dad4a605c29142f4adb503b79ee3e3a8df3cdd38807c0a618a2948f5c16e92a15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
703B

MD5
52f826280e85e264cdc9eeea1b9b6297

SHA1
129eb232197a55a91baffe30b033bc0842d265a2

SHA256
0a3234c7659f27787488cc9cc41b5456bb8bd8aeb3195a9189acd7623c5ea970

SHA512
90b29f584d50412bd161ab2a140bf3ad400cb188d3794df71ee43266f0e3ce0d054e36f391519ca8441d293e05c5d49d1874eeb52dd58d8010eb455acc185bd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
871B

MD5
7e1bec152ef4e5aff08a1ade43e0eb87

SHA1
10305272fe9e890f026f18f8cc8a3d27ccfdfdcb

SHA256
63c0cf9a7eb0f6cfd678d24af697bc29a7c8f268b903b4dab9bf707a0d213ad6

SHA512
6a7163297bde619f9d1530b4b6e37de6d27de9e7e14097802c97c2b66d1b468e287b5d0074112c4a8c9e3eed96c88e67b869a4974b14f8cd2d4038b15ca5e075

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
871B

MD5
24c3465dddedaf7cfe3a2b4d56134b72

SHA1
62301d314cc2184b4cf74c4974905064ec4cf694

SHA256
d6d2a9e4b909ce960357903f6ea4c772ba489464c35b00a5a6f124b3f00a8b1c

SHA512
f9a520b4091a2c43c2827b2e62c866880c473ae7115c7ef2adcd6eaa939b0e82dbe84be2beeed108a942f94579991bc7e21234892584260978d42c64fadd8ead

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
8db94c4d620f578cdc0e0cb44e5461a2

SHA1
0042d2936715bb679f26d45b9b341b4bce50631b

SHA256
7fbdb8ba4c3d8605bea14076f64eed213dd5fd985188c31c31b6f8fdc6d1d211

SHA512
d27725be0b4bac669260d958809d9964eadd42c1daef3779c4dc1598504e02c34386d862d1f0f6ad2412c6e97bcbe4404e11a7363daee359e737b443df2c842d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
9954ad4dde4814eb4aa90f5244ff1231

SHA1
65359c1aefae2a2c0af44a66357c351132782e00

SHA256
029b1bc12c0dc2fc54ce25281bc219420a5c6739c1062559a63b523f2b57708c

SHA512
8da31d4accfeceaa922d98dafe21a03922510ee6a3528a0e3bba5a1d1d39323135f4346a554281bcd7126d535086d0027146f4d41d13fe76bf1153c4b4f63097

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
745968edadc919a0495562944043022e

SHA1
8e7c26018333fb91d336ab21343e1754d5be4576

SHA256
fccb2ea9829ca17f862cf337b041f41b3260fc3b02a977b1ceed9369ae74b6b3

SHA512
3d522a5c52f452ae590a7764ceee909d262272003006fdcfeb916be13ce95c32d9efa1e83c84120cb5c9c2ca248de218d9d86e54eee894271dc154fb7d01d35a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
3290bf87960ba9bc48d13c6ecffe3f6e

SHA1
15e74ba1778be4cdbf05ca0e52d568c66bc1bd4d

SHA256
254c1d0dd50a1cc5809d14e8ad99711ac00ff1ff6787d99c8eb238cac386548e

SHA512
0bfff158f1588c0093a1a280c3b4c2b69a95520a51bc29bbb9061160ab55c9894c06c1ac0b03b745e7c8dba0f202fb18d7445dde78cd9847a84007f8249ad4d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
6KB

MD5
cd66e894216ebaf01b6fd7a63cdb3914

SHA1
5669f1147986bb239cbb207ec25ddd8f9e686f6b

SHA256
821e7c6881f49b280c4b0d4a1f77665cfee09fb8b9a28c2c85780bc5eb939702

SHA512
4784469c15ac5c81e956e8b419c17e395a70c2ee745e6a80e36d5758661359100b72c42f057fac77a41601ed83d12798c4db56869361c72600bfd0d75d7a392e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
ea50b5d3f402a29d169cd25b66ecb532

SHA1
8b0428e6642a55572c2b13490529e555d18e1341

SHA256
df678dac7fd890e4c051e569b7e93a6bbcb78ec99360a3eb481834cebe27e31b

SHA512
e9cb09b96ae335f475ae5f3cfa4780c32384a8692b1cd8f56ad6ecc4d63499d9c648607479661cf71e726e0f79054967dd78f86a9d025f12cdc94cb4003d017d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e8f8.TMP
Filesize
538B

MD5
9d38450fc9d40a10c02dcd56fbeceb83

SHA1
f96bacde5efcefe93e0446226d15035159430c2d

SHA256
f5120e35c9c0b1507c110116bd98072211ee64a663c0eb120eb07e5a5ddef471

SHA512
555e8a58fc272d4407eb3ebffbee65dbf1f1a8f05d5424e32fcaccb241cc639b3b779a3572f9b9ddd8bd6153981abd441b1718b71b4d688c845bc3e15d0479d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
5247f5fd0f30a3da887e45b99e8cc039

SHA1
bfb19a6ad1621d3a157845decb6eeaa6ff621286

SHA256
3545796a47586a3fca77e5abafdda21e3ebf14905686d28fa5f2754b26a0d02b

SHA512
d920d914a0ba694d5f62dbfcc76033d72984fe3d76f10ddbc66b7f27ed9cd3601eca5c56a169515210e5f6440ee4f8c79d5db77ac516f9dab94f01a0638655b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
19ebb637ff3f7089a91aa13d7291ea29

SHA1
32800216d2731e71d62f9d7123ba8957002e77b6

SHA256
cb18ed1fc011212c692cc86a4264adb1b32e28d6bc52d45a79bd7144328ff5bb

SHA512
3f7922922feaf3315440fac6796e8124e51b4be95fe6f9a1350e773154ec4ee35332017fee473ffe6e1c556117c2c96d93c4dbc75c0fbdfb6d1b20480a7c321b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
59f93cad9ce29045c16b670d8911a357

SHA1
9b5d39fb161f8c9178d5095b84960e308b3cd645

SHA256
14a82eb6b1caaaf44600e5fded3f16af56b85e55937b8bd24b3ff3b11fa1a215

SHA512
e0e9e603094e8a48bacf0dfb5caec544012e62a4e28b18111e2e17747e8b009d8405dab779d860c3c1d5d1298429c86d4c0dd943a791694fbb2a36b111976a30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
e8b0d14d3107a878ec5d524bd28e3de1

SHA1
bc3d4c902675f45c6cff5955d5c3a2a9e436ebbf

SHA256
cdf73f951396b03fb5aba191311e4fa833c1fa2dabd0c4d618b98fd1b52b76df

SHA512
c76fd9c1bd9f2c1c14960ac6ca694cb7a8d9c121c913af8741c242be183ff1667e36133a6faa0909912a3c8bbaaf8c063bc899a70504a644d7004c242de08b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
5a06d20df61cdeda86a30eff14e55b60

SHA1
0adbfeeddf0ed6349f649b34e5b7d42ff5165ac8

SHA256
726abc427117c68579629c37e4008e8c3c05f88af0eb77b488ceef7b6819e573

SHA512
d505cc8f04bce51d26c256f826cfb98a1f5b52b157d0102277fac4c1564665f64047355fa7cb685b2fb937b9fbb96b0cd96d0934e1c83354519c44007ae8f030

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
Filesize
11KB

MD5
e3e15a868a60c5bc28058860580772ff

SHA1
31e64db52bcf6826fb18556214cc11cfca9ef116

SHA256
4dfd6f56923734f981111a3fc4cf3e11b420522506dac49441312b2fe80c4db9

SHA512
2b0db39c132bf6df3945c6acf0bc656650051c9483f0f454afd4640dc252c964049f4338889ed1289334fb536ad27997ff19746af420d11eaabf95db0e89f11c

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-4NHKG.tmp\extra-ram_softradar-com.tmp
Filesize
680KB

MD5
e60a74a65005e4c4f61cbe9c09d368df

SHA1
1d649b2ab5e08632d64e23f5f9e5675b68e184b4

SHA256
78f6692d50d07bd78a97294d196f9ae7d1fc48b058375e5d7bb766970faab758

SHA512
a73b84739f4da0827976cf473e63ba3dc7649ab2d37be13c8fb786487d0dc7ef5b2bd446d8c745d75266447357bde4f32f58f1f1c92b156f06f141fea2873856

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 53571.crdownload
Filesize
488KB

MD5
5afcb5dcc99b3d7bed0e2d479a271409

SHA1
fb1f25635a260c17648d7481c5a329477e48efcb

SHA256
a0785881a144a7e23f3f62e6703617153cae11904897713695457cfdf513cb75

SHA512
e43272d05dfd0afbc0741dff646353e5eea67a6b19cd2d801b6f29ea2010c1a6f6e34dff51f5b815a4fcd9d03ffb27bfb262cc2bf25c6b3050ef4478f5e9aa81

Download Submit
C:\Users\Admin\Downloads\extra-ram_softradar-com.exe:Zone.Identifier
Filesize
177B

MD5
c4538f66048844448da4c35ed70bec13

SHA1
509174a3b8c000c735fbc8e1f5740c4c413ccd5b

SHA256
9536f38f4fed91ec7fd801d188b9e7cd42e964016d67bed316e5f1eae717ad13

SHA512
f7cb05ee1388df8f2113e92711c3bb5de7943356bf5f71b6c0855d6976b3fc139584f02235e2191be94f70879a41467d06b045d4580784e7b7e96150b227f27e

Download Submit
C:\Users\Admin\Downloads\memz-master.zip
Filesize
17KB

MD5
4790677e05d72ef7429dddf35562bf4a

SHA1
4243d6ea53db7e8cc0c355e70d6cffb54787b90b

SHA256
319bf6087040d17b87f46cd05f5ee064c291ba9ca46e1910f28d1f4c57cb3d96

SHA512
a93c5f691938bc1bdd9ef20b975f0b22cf494543e7df82ec31838bf811552ead5cd855959be4e47186ee7de944be005030f52f58b9dc85e7cde719cb97b794e3

Download Submit
\??\pipe\LOCAL\crashpad_1372_NKPARUWABAVIJGQK
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1912-759-0x0000000000400000-0x00000000004BA000-memory.dmp

Filesize
744KB

Download
memory/1912-733-0x0000000002440000-0x0000000002441000-memory.dmp

Filesize
4KB

Download
memory/2056-772-0x0000000000400000-0x000000000048E000-memory.dmp

Filesize
568KB

Download
memory/2056-762-0x00000000005D0000-0x00000000005D1000-memory.dmp

Filesize
4KB

Download
memory/4348-723-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/4348-721-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/4348-761-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/5612-2177-0x0000000000400000-0x00000000004DC000-memory.dmp

Filesize
880KB

Download
memory/5612-2125-0x0000000000400000-0x00000000004DC000-memory.dmp

Filesize
880KB

Download
memory/6692-2137-0x0000000002490000-0x00000000025D0000-memory.dmp

Filesize
1.2MB

Download
memory/6692-2129-0x0000000002470000-0x0000000002471000-memory.dmp

Filesize
4KB

Download
memory/6692-2136-0x0000000002490000-0x00000000025D0000-memory.dmp

Filesize
1.2MB

Download
memory/6692-2178-0x0000000000400000-0x0000000000717000-memory.dmp

Filesize
3.1MB

Download
memory/6692-2190-0x0000000000400000-0x0000000000717000-memory.dmp

Filesize
3.1MB

Download
memory/6692-2191-0x0000000002470000-0x0000000002471000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads