75e06ac5b7c1adb01ab994633466685e3dcef31d635eba1734fe16c7893ffe12

Analysis

max time kernel
292s
max time network
298s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
20-04-2024 01:22

Sharing

Reason

Machine shutdown: "{\"level\":\"info\",\"time\":\"2024-04-20T01:28:10Z\",\"message\":\"Dirty snapshot: /var/lib/sandbox/hatchvm/win11-20240412-en/instance_13-dirty.qcow2\"}"

Report Analysis Logs

General

Target

tinytask.exe
Size

35KB
MD5

8fd3551654f0f5281ddbd7e32cb73054
SHA1

9b1c9722847cd57cd11e4de80cd9e8197c3c34cd
SHA256

75e06ac5b7c1adb01ab994633466685e3dcef31d635eba1734fe16c7893ffe12
SHA512

a716f535e363fc1225b1665e1c24693e768d13699ea37bdf57effe4fea24b4b30a2181174f66c35e749b9c845b07f82eecbf282ee5972de0426f847293d46b4b
SSDEEP

768:sAzGzd0LnFjuwY6QlVwvHI1pSgNEl/MYoeAW:5zGzd0wXlVwv0SgNQXoeAW

Score

8^/10

bootkit persistence

Malware Config

Signatures

Downloads MZ/PE file
Executes dropped EXE 8 IoCs

Processes:

MEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid process

2428 MEMZ.exe
1392 MEMZ.exe
2468 MEMZ.exe
4708 MEMZ.exe
928 MEMZ.exe
4860 MEMZ.exe
1068 MEMZ.exe
2348 MEMZ.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

46 raw.githubusercontent.com
70 raw.githubusercontent.com
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1542.003

Processes:

MEMZ.exe

description ioc process

File opened for modification \??\PhysicalDrive0 MEMZ.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
2428	MEMZ.exe
1392	MEMZ.exe
2468	MEMZ.exe
4708	MEMZ.exe
928	MEMZ.exe
4860	MEMZ.exe
1068	MEMZ.exe
2348	MEMZ.exe

flow	ioc
46	raw.githubusercontent.com
70	raw.githubusercontent.com

description	ioc	process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

msinfo32.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	msinfo32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	msinfo32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	msinfo32.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsinfo32.exechrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\ECFirmwareMajorRelease	msinfo32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133580500057941845"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

NTFS ADS 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\MEMZ.exe:Zone.Identifier chrome.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\MEMZ.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

msedge.exemsedge.exemsedge.exeidentity_helper.exechrome.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid	process
4728	msedge.exe
4728	msedge.exe
4660	msedge.exe
4660	msedge.exe
1220	msedge.exe
1220	msedge.exe
4424	identity_helper.exe
4424	identity_helper.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4708	MEMZ.exe
4708	MEMZ.exe
2468	MEMZ.exe
2468	MEMZ.exe
928	MEMZ.exe
928	MEMZ.exe
4860	MEMZ.exe
4860	MEMZ.exe
1392	MEMZ.exe
1392	MEMZ.exe
2468	MEMZ.exe
2468	MEMZ.exe
2468	MEMZ.exe
1392	MEMZ.exe
2468	MEMZ.exe
1392	MEMZ.exe
4860	MEMZ.exe
4860	MEMZ.exe
928	MEMZ.exe
928	MEMZ.exe
4708	MEMZ.exe
4708	MEMZ.exe
4708	MEMZ.exe
4708	MEMZ.exe
928	MEMZ.exe
928	MEMZ.exe
4860	MEMZ.exe
4860	MEMZ.exe
1392	MEMZ.exe
1392	MEMZ.exe
2468	MEMZ.exe
2468	MEMZ.exe
4708	MEMZ.exe
4708	MEMZ.exe
4860	MEMZ.exe
4860	MEMZ.exe
928	MEMZ.exe
928	MEMZ.exe
928	MEMZ.exe
4708	MEMZ.exe
4708	MEMZ.exe
928	MEMZ.exe
4860	MEMZ.exe
2468	MEMZ.exe
4860	MEMZ.exe
2468	MEMZ.exe
1392	MEMZ.exe
1392	MEMZ.exe
2468	MEMZ.exe
2468	MEMZ.exe
928	MEMZ.exe
928	MEMZ.exe
4708	MEMZ.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

msinfo32.exe

pid process

4060 msinfo32.exe

pid	process
4060	msinfo32.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

Processes:

msedge.exechrome.exe

pid	process
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe
Token: SeShutdownPrivilege	4948	chrome.exe
Token: SeCreatePagefilePrivilege	4948	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exechrome.exe

pid	process
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe

Suspicious use of SendNotifyMessage 36 IoCs

Processes:

msedge.exechrome.exe

pid	process
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe
4948	chrome.exe

Suspicious use of SetWindowsHookEx 12 IoCs

Processes:

msedge.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid	process
4728	msedge.exe
4728	msedge.exe
1392	MEMZ.exe
928	MEMZ.exe
4860	MEMZ.exe
2468	MEMZ.exe
4708	MEMZ.exe
1392	MEMZ.exe
2468	MEMZ.exe
4860	MEMZ.exe
928	MEMZ.exe
4708	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4728 wrote to memory of 5004	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 5004	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 4940	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 4940	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 4940	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 4940	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 4940	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 4940	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 4940	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 4940	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 4940	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 4940	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 4940	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 4940	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 4940	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 4940	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 4940	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 4940	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 4940	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 4940	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 4940	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 4940	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 4940	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 4940	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 4940	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 4940	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 4940	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 4940	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 4940	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 4940	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 4940	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 4940	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 4940	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 4940	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 4940	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 4940	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 4940	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 4940	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 4940	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 4940	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 4940	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 4940	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 4660	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 4660	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 3996	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 3996	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 3996	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 3996	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 3996	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 3996	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 3996	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 3996	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 3996	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 3996	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 3996	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 3996	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 3996	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 3996	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 3996	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 3996	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 3996	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 3996	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 3996	4728	msedge.exe	msedge.exe
PID 4728 wrote to memory of 3996	4728	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\tinytask.exe
"C:\Users\Admin\AppData\Local\Temp\tinytask.exe"
1⤵
PID:1404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\SaveGrant.xhtml
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff84bc83cb8,0x7ff84bc83cc8,0x7ff84bc83cd8
2⤵
PID:5004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1860,2352514605275899485,14757158014114314124,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1864 /prefetch:2
2⤵
PID:4940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1860,2352514605275899485,14757158014114314124,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4660

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1860,2352514605275899485,14757158014114314124,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
2⤵
PID:3996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,2352514605275899485,14757158014114314124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
2⤵
PID:2688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,2352514605275899485,14757158014114314124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
2⤵
PID:2488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,2352514605275899485,14757158014114314124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
2⤵
PID:892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,2352514605275899485,14757158014114314124,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
2⤵
PID:3168

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1860,2352514605275899485,14757158014114314124,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3272 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,2352514605275899485,14757158014114314124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
2⤵
PID:1668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,2352514605275899485,14757158014114314124,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3856 /prefetch:1
2⤵
PID:3128

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1860,2352514605275899485,14757158014114314124,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,2352514605275899485,14757158014114314124,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
2⤵
PID:2704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,2352514605275899485,14757158014114314124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
2⤵
PID:4968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,2352514605275899485,14757158014114314124,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
2⤵
PID:4392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,2352514605275899485,14757158014114314124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3828 /prefetch:1
2⤵
PID:1416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,2352514605275899485,14757158014114314124,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
2⤵
PID:3160

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2540

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:244

C:\Windows\system32\msinfo32.exe
"C:\Windows\system32\msinfo32.exe" "C:\Users\Admin\Desktop\ApproveSearch.nfo"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Suspicious behavior: GetForegroundWindowSpam
PID:4060

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:3004

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff84a89ab58,0x7ff84a89ab68,0x7ff84a89ab78
2⤵
PID:1056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1824,i,16688193242884898630,6711579152822532368,131072 /prefetch:2
2⤵
PID:1828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1936 --field-trial-handle=1824,i,16688193242884898630,6711579152822532368,131072 /prefetch:8
2⤵
PID:4852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2224 --field-trial-handle=1824,i,16688193242884898630,6711579152822532368,131072 /prefetch:8
2⤵
PID:3404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=1824,i,16688193242884898630,6711579152822532368,131072 /prefetch:1
2⤵
PID:1592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3084 --field-trial-handle=1824,i,16688193242884898630,6711579152822532368,131072 /prefetch:1
2⤵
PID:3868

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4164 --field-trial-handle=1824,i,16688193242884898630,6711579152822532368,131072 /prefetch:1
2⤵
PID:2996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4340 --field-trial-handle=1824,i,16688193242884898630,6711579152822532368,131072 /prefetch:8
2⤵
PID:1696

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4456 --field-trial-handle=1824,i,16688193242884898630,6711579152822532368,131072 /prefetch:8
2⤵
PID:2672

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4536 --field-trial-handle=1824,i,16688193242884898630,6711579152822532368,131072 /prefetch:8
2⤵
PID:2584

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4684 --field-trial-handle=1824,i,16688193242884898630,6711579152822532368,131072 /prefetch:8
2⤵
PID:2840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4456 --field-trial-handle=1824,i,16688193242884898630,6711579152822532368,131072 /prefetch:8
2⤵
PID:3560

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
2⤵
PID:4812

C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x250,0x254,0x258,0x22c,0x25c,0x7ff74216ae48,0x7ff74216ae58,0x7ff74216ae68
3⤵
PID:4084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4728 --field-trial-handle=1824,i,16688193242884898630,6711579152822532368,131072 /prefetch:1
2⤵
PID:4008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4844 --field-trial-handle=1824,i,16688193242884898630,6711579152822532368,131072 /prefetch:1
2⤵
PID:1480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4672 --field-trial-handle=1824,i,16688193242884898630,6711579152822532368,131072 /prefetch:8
2⤵
PID:5076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5024 --field-trial-handle=1824,i,16688193242884898630,6711579152822532368,131072 /prefetch:8
2⤵
PID:2916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5180 --field-trial-handle=1824,i,16688193242884898630,6711579152822532368,131072 /prefetch:8
2⤵
PID:3552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 --field-trial-handle=1824,i,16688193242884898630,6711579152822532368,131072 /prefetch:8
2⤵
- NTFS ADS
PID:3376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4872 --field-trial-handle=1824,i,16688193242884898630,6711579152822532368,131072 /prefetch:8
2⤵
PID:2260

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3160 --field-trial-handle=1824,i,16688193242884898630,6711579152822532368,131072 /prefetch:8
2⤵
PID:3444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 --field-trial-handle=1824,i,16688193242884898630,6711579152822532368,131072 /prefetch:8
2⤵
PID:2860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 --field-trial-handle=1824,i,16688193242884898630,6711579152822532368,131072 /prefetch:8
2⤵
PID:4684

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe"
2⤵
- Executes dropped EXE
PID:2428

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1392

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2468

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4708

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:928

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4860

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /main
3⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:1068

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
4⤵
PID:720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free
4⤵
PID:4636

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff84bc83cb8,0x7ff84bc83cc8,0x7ff84bc83cd8
5⤵
PID:4544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1848,6037193722623514014,13427935185374142665,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1856 /prefetch:2
5⤵
PID:1232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1848,6037193722623514014,13427935185374142665,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
5⤵
PID:2328

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1848,6037193722623514014,13427935185374142665,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2576 /prefetch:8
5⤵
PID:1996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,6037193722623514014,13427935185374142665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
5⤵
PID:3576

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,6037193722623514014,13427935185374142665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
5⤵
PID:5052

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4816

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1240

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe"
1⤵
- Executes dropped EXE
PID:2348

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4920

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3088

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
780e268777e25e259736b1dfd38bc293

SHA1
5554de760c7b9037329b985600f40f3a22a366f5

SHA256
ad87042e5a8db7e7b6f4556e366cf67d36ff28a7b8bfb889df9f5024da4b5acf

SHA512
9d19578843b55fe7f69fde2ea46501bd13b4a41d26ed5ea2994ce4399a844c99e5ddb137174a6226dac761d1d65381ac1fcd80683f296ebe150475d9d63050b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
6a0f3a09d74270b7424071265cc8e009

SHA1
21c6a4c3ea78d81f363d049a836e37f603d26b11

SHA256
0a8b5bfa1f6ed02ed6c605ff36fbadcf827c375d86f920e2de5649185e84bef7

SHA512
d4f55c4261a1b16e4753d2f0e26143347d3a3886badc45b46cbd0d98d6499719273ddcb2f6f9073142f56225a139c0f45b1c8194f1cbd4b6664d90611ec5377c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
859B

MD5
16165f39fd298294405a60a1cd881926

SHA1
da1de3fa6e06bfb75f0a86f7b15bec44316c48e1

SHA256
1fb0a120059695e0d415e14481fb68f37778381a46f24d344ea85ce4f682ce4c

SHA512
1943328955a9c4cac62ef924055a2d084c00cad5cc941de6daa3b5e5ea026ebba6b97866e60af19e9746bca11e7278c4eeacb9be13d06038c12407908440c993

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
b4f67becd6afc407f6a8849f9e1abb28

SHA1
1208c8f463484d2e7fbbd5d00ed7cc152079059c

SHA256
c5e8861cb38240932d841108c713067bb814a775c74f9b78af2ebdf20611087c

SHA512
260d919ddaad75bcd499f3a307d4223d86b80b30326dfe9599733e5cd44493ea665504b105143398ac7282987bc9f802bd51fe648fd534a3571fbd52d257617c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
1707d2c722b24d458e0715a221d178a6

SHA1
ab6979f16600c7b4bfe833361dedeb0d5590f1ea

SHA256
d083e390633dec56c3ff131cf2e5f536b77a00c03c829de200d6b027de0d8581

SHA512
e2b4efcdc2003b9a39767f2ba0f854b16243be801416764703824c97a4bf7090de86c4c4e427c13dc25de878fa633786db5b966a2a8b59cc333660dd4d32803a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
4b6432b25b214d71fa6ef6651cccc6c8

SHA1
99628c8ce605fc3566b60b57ceaab793ef467380

SHA256
cc651b85e26602d699037b07b59f974b61778aa86358a51e7b9bd7754db073b6

SHA512
3d0a8c7286dbb3306aa44bc1b8985834afda7c635ca1917803732336903850a87962273fbcc556eb8caea240db38212f8fa3638bb4e0c13fe663993b7f569359

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
970522bf7b4c5bd9a2a70ac4bafb6a60

SHA1
91fdfec309aec7033bf1040452142127a527a68c

SHA256
8de402906b74eb60905884575f85d3f41babf5c8d944475733450aab1f3f8150

SHA512
a6122faf789d716dc25d0e2e9336cce0f8addc604483e5cb2d26bf81df760cf021ae01fc7bab00d7f5d9b7972ab1e98f1602f1ec17469857be4b88600c437ac1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
0f334023944dbfba18f334fe35d56b83

SHA1
7334e2b04264a9e37f2c02d4297853a5e392b099

SHA256
7e634905e75afadd930d9b1834fcfc4aebc1e2728121af3a237e677c5ed91241

SHA512
5ea85b4cb20904b38300b0d0390e931fb73f07eea6083a3e20dfb3cfad66f742173506d951bbb828d9c491ff8ad4bd83f1d7126fef117831b659e24c548def60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
a6dc99139d8ec01a6fab0a06ae16ca1f

SHA1
d61fd8473c853f6317fe44ae139d32700bdff9ea

SHA256
76cc02d60e03950344e3dcbb7f51e8c6ca519d677f483127a550ee281c84b98b

SHA512
12a8eddd9bb7faff7f7e6546daf11c42b2e338d71eb38cc91fdeccce72c07b9bfa42c2935a587164c3d71f4758ecd94d2e63f07f8453bc4365c45e509af681f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
fec969af233f7a0638b18ee72c76630c

SHA1
7eaedd771f93734ffe80719dcc103ba88d4301b6

SHA256
252f51b71041561753053fd1a721d4b0afa2009c5414cd1957503ad65a07c729

SHA512
7fb96ebf223f5e62c9841165beebf06e71cb799ee0e0d3a21f92adf3be61a8678e59553395bdde81f084edf9ebe6088c9d690f9e0022011686626b2bd7162595

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
128KB

MD5
c123107755735c4ee59d87ef3a7408ba

SHA1
aa11c6e71d2a85618294d7e534873d6e8738c60e

SHA256
a7353a727d964f38660f354d9c15c7a34e9597321efeca7adedbe7da19724399

SHA512
f951636560b6e7f1000ab51e6cf145f5013fae78091b7c46a9b00261d75eae2eec17f914f6f51719ce20995c80cea24599b6cf9738146fe2c7c4ae7058589499

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
254KB

MD5
24abe2077e973359a6e8c2d2fd15dfd0

SHA1
3a554c51f09167078d3b869ac7bf6b50995070c0

SHA256
ad17d1300933123bf5d834ae4137eff643b3ea6bcf404ccb279b301a32c244bc

SHA512
6804bde8a5965bff3686e9903d4fa687a82f3b33bfdee2bf645cf0589a231f257686c57d21c204e5b531147b8acf50cd531be21d90b39fc42301edf8468e62e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
254KB

MD5
0d6f0fe752aed61d9e6d87dc2755c0ab

SHA1
3763f5eb7e96940e68a21bca4ac798a9aba92287

SHA256
9ec80ac33199d5693707e72932bca6d890d28ddd70b5d9bc741eff393c9b97a2

SHA512
586d477f915e23acf20cb9e7143bfb8562131943916a629f9bfd3fe088c0a67738d1521b2d272cebae7da878031f904d78da297ce55b240cad02fe622963493b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
101KB

MD5
68d99a85763071874e3762d1291d0d84

SHA1
621336d8414bcf48a53415d3f7abafacf26d6d22

SHA256
a4161af78ae1fdc844154ce331cbaa6d35d42d5275c8b2e7ecf55fdba6ca6ac7

SHA512
b254dc8513238a4231d758bef07f1241dc21427c09b590b084f5800e11319f935a12c67daca7c1b26be888bf5fe081c55d6cb67fe6368b7ff81b772dd101352c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5b510a.TMP
Filesize
83KB

MD5
2aed61de89ba914dceee9a121529b0a4

SHA1
5fc3c3629e4096d3982106e631036249a23cccbe

SHA256
d77ac98230755f567c6ae83afe964b5239ba63620c67b5d17baef9f090f30d5f

SHA512
37051fba7e47dd42de871c0649fedfc7afccdf21e54fd038f97a55122ae51319c29e62c75e9ee40c42fc3f0bcd9ef3341dd76c82c939d236fb0c3bdfac99db90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
6e15af8f29dec1e606c7774ef749eaf2

SHA1
15fbec608e4aa6ddd0e7fd8ea64c2e8197345e97

SHA256
de9124e3fddde204df6a6df22b8b87a51823ba227d3e304a6a6aced9da00c74c

SHA512
1c9c9acd158273749e666271a5cdb2a6aebf6e2b43b835ebcc49d5b48490cbbf4deddef08c232417cee33d4809dec9ddac2478765c1f3d7ed8ea7441f5fd1d15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
3e5a2dac1f49835cf442fde4b7f74b88

SHA1
7b2cf4e2820f304adf533d43e6d75b3008941f72

SHA256
30bd1e1bafb4502c91c1fb568372c0fb046d32a4b732e6b88ce59ea23663e4ce

SHA512
933ac835894ce6cb8aac0261153823c96b6abec955173653dd56e534d644efd03aec71acb4f8cb0b9af871962296ec06cd03e570a0ac53098b8cd55657543786

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
48eec2a1fd127bced0a0e9038cbcbd20

SHA1
96ff8dfdf13593d68f1dd741cfc7f3b6bf6404c0

SHA256
bd45e9f176455149c2b2057beec1b85d16a1cab2a61781345335147cf7071782

SHA512
7a6dec8205ef8a31b6c879fd3db69e01744a0b8bdf80f48c2b46b047a1447ba47c2151f97367e96d2fe672ea056243f10302244e83859812950dc94ef2e2dd4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
938cfbf9deee906bf5175d73fb53986a

SHA1
770f3b15913b64839ed278494c3da0861d0525fa

SHA256
85f73e88e22ffae333c96ef0bb7b3d5e9047a1febb5183fceb954af3b18231e9

SHA512
33b1c4e3b0e70573c4a289c00aa264cc5d0dbbca3e7ab1f84e5d043a2e0cc5f2ae8676567a8efe6668da5700d7bd5133bf571f6ea2800e6c6b2e6c3e99568101

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\46d5b5f1-ce8f-4b4d-906c-4edde34624b1.tmp
Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
Filesize
116KB

MD5
da38b6c8e1c55cc15e6a317734bd17b9

SHA1
b0f0adbf24dd65c68b1979d1921855290d1ad162

SHA256
306594ceff4764e061ff54134f03648451735029eab676b71b051b8b0f1a1bcd

SHA512
3651a3b15137ab7ac5bc429a9c58287fe20a734609e0e330af43434a92b5dee58cbb6199b1b6d41ed5e8b381ea70ba59c81678345fe5d78cf1783a1781985b53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
Filesize
513B

MD5
ea41711663a8c683534a80d2fbc3da52

SHA1
67c9e2d26b852dec1bd2856bebfd715f7e0fb9a5

SHA256
ba3cfbb8a5eb0784b96cd69debb4a6c2a2f63a9861d5a4f76348c068a018ff06

SHA512
4281485754b25fab8fd1235f4d99ace042ecc5bd1391b2b35be5abb90442cb69c7af5f0f0b51b19de3e25f83fd69caebab1acc8679daed76d970753da2eb6110

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
5fcb8641c93a8c7213d32aa7b6c7d40a

SHA1
2c0b819b5f0f0b620c50eb17fe04b4be92d44cf5

SHA256
5d15862a364f2cf05cf24e693964d3988ea6f14ec867dbba18710dff6efbeec8

SHA512
81eab9c74af9c8056b1b245b708fe3f954e5237dc2a37785a202c7bc22a199ac35a1b4eeda998c9f807c7d7dde89d32ce73b966d5a1aca6386a45f06e313e6fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
eeb1084296115bddf91b9f648db5a1e1

SHA1
5b84e47541c4393e3575d19ae0adbb24a650e71a

SHA256
054b935d733c1803c2a5334646c129b182649dcc97ce24ec24c400d9f044836b

SHA512
fcc6c6cb51552613fddae855a35c7e19393e5f1e58a24dcba0b26606a625689353ba72e9b01abf2e426b24ac04ec1d602b332db5c4b1816487180608786ca63a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
55e064eac2128ff89d03abdd197e6a84

SHA1
37e397b9b256a1d7de409d7df933d8b3c75ab68a

SHA256
d24610be99329209a1ca3c05032bc03800341631af356b50d2992bd8d0e5a873

SHA512
dc89023449ebe54f7d18de1b05cad4f4221787eb395517908fa46fad574df7befbed5c75b7e290a517772f3367de20f16cd27ad903aaeae1bddcd804ff6a1cf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
38837d06e5fba5d93640e9bf534f97a2

SHA1
a69e0737f5ed0180abf5fc18e2756dc4654be9de

SHA256
740b772e77d0c128591490267fddca98a5ea074ecebdd74495b2c9d4284b95fc

SHA512
763eff9f19bfd58933a4d80642ac8f610e697ba2eacf0cae983b54d6a9c27677c346a892088cbf9624e860a24c5adb772359119ca5f3df33ac658ffda13fd3bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13358049810099387
Filesize
3KB

MD5
1f4fd01e4bca306fac776974e534a6f1

SHA1
dc1fedb5b384f9c46439cc4946d7bfcbb919b69e

SHA256
b9c182426be8a5458e5e9be502a3a79efd1362ea84259d42221e6fdd0e938b2a

SHA512
5ef506496d514a6bf0373b1b30fb4532bddb95ab0ca6ed420300cd48d9f90e38b2c065d58aa8dca68e12c8e7cd965951bd1724fffdd526f8a37ea3bf963ac106

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
Filesize
347B

MD5
4777eeab5f5a5ad99061c2caed148264

SHA1
93adec1b60c2fcc2dca7625228b011f95bc72b40

SHA256
213ae0cc9b6c7899ff022d245d16ca8f0c2d396964dd85a8b58e3447df28729b

SHA512
bba2c8492876ba630c72ec6d206450b473067a33f8a22bb9b6b177bc89b5a210b8b171b7bc5162b0404f8e565369a378abb5f94fa1459a994bd2dd5d6354552a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
Filesize
323B

MD5
c9edf8642d6a5654ced757e9710dd05f

SHA1
1effbd4bed6841fa052f7e018fe7053c00b40a36

SHA256
f8bd56619dc8193fc220bb136283e4418c8c9afa95d8d4b87f28364c4b663435

SHA512
58ee663e8acd494ed28531116b3a5d925af209c547b681454006a0d9536d5b6b68ed841965dabb9309f28451aa9620c4e55fe76fcd159ece17e59899a249beae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
Filesize
128KB

MD5
1c431d826e7d4e1837a362f82bf2afdd

SHA1
971bd1ff47b35c31e838dfc2a16df264ed18a562

SHA256
19fb42bd29fd925e3f6f732d061b572d1318125dd473fee6499b4018ab25eb41

SHA512
a2e97396496d09f7aaae2d9e12512f8539d6081ea15eb972f7ef883e0433fb9cecc8367737cddd6e16aa08bb3acde521a6275044603b91cbd40b2cf446e75ba1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
Filesize
44KB

MD5
0ebb14a9cce8341b918601774758c12b

SHA1
3300fa4045ab1146890c3bfb19fe970f544acf97

SHA256
2e49a9306969117fd5f69611a35a6f5550973b01a4ed3bc21a1c5ca17b389af2

SHA512
f8bc3c352019ae5c21ad315abf8cd77ee760ba6fe2775221d250d7431996f71ec26d7ba57408949f4050f32c2d836910248ababf710741b81ac216176080a80f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
5e261e4290a950052597524fa9015d69

SHA1
4e3893806447e9b3746ca13e20e1f102e2bf9ad9

SHA256
3fbad959973ed0e61dfb4ac5816cf7524ce86652d273dc38a0226d3560245efd

SHA512
3df53a64ac501af642d039b351a0fdfb05727fd0f73a768fc8eabe6f6340bbe12929604f5803c91b2d8dd61db626e7777272828a17f4fb94b750a1b0c4954406

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
bb28db5971999976b6fa5b697d3b328e

SHA1
d8f5b68cb6f64b06e9b72bbdc7252cb7bec60b5c

SHA256
924c056f7c0be18032efab59f12ec7facfee1bdbc2077494c81e47994d6ec052

SHA512
594fb6d4e6ed5b9cbdca87ba4e5b5c42214f44c1a4e4449a7744521a0f3bee583fab2eea886837aa359101154eea67e2bfbb77bf4ee03cd0bce8bd08ddc6265b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
0dc7efd56a5869f3438627752a39c09e

SHA1
9af0099b15a4b0250f725d86e5eeef20f009cc12

SHA256
ceee2d319289f7dcf84b79c38fdfdd0c2343f6a591b748ba1bdc39de90ceeb38

SHA512
0c3ccef7dddddbe58f4e19bd7d4e07ae6f856e8c3e720342f28885bbb68a83227dbac3d6427a1aad95072634c08f066b91335dfadb959cff39c5f84b5cf73c07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
Filesize
14KB

MD5
c4d646e84fc21d71241db6add530aba5

SHA1
55edf4faea443fdd1f9c4b208ff00518e1770dc8

SHA256
b7826ba251e4895e3699f7dfb568da523d1b9a95149fabe2ce16cd9e9c3efe4d

SHA512
591827ca48e665c41f49e4bdbc7f58b659a71cec3fe5f4d9e8571d0354f81be30467e8eb6f52570b19be4da22f0b0228e25441dd5f0b756d6fe22e0cae7c0dae

Download Submit
C:\Users\Admin\AppData\Local\Temp\tinytask.ini
Filesize
138B

MD5
cf43f1263c874490da2d25121143a1b3

SHA1
a1367598a9378b104c7e32d2776fbeb596a1e4f6

SHA256
91693e7b045358c3c9a38edf616378333b4e62df3ba56950687afb6c5f8ca89a

SHA512
685ebbd448b8e98f53397204246d9add9e78bbda67ff450452db9d556ebf42c915c4acb48656ba069c1ac72d9cf00c0b9d54fc49bd590e92dd979c6ba8352683

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe
Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe:Zone.Identifier
Filesize
170B

MD5
42ba018776c229ec8042d86ed887eb02

SHA1
f659b4b6d07346fa251e3ecd12b487a8855ade69

SHA256
e10ac4ed219df684b0d33d8e5a69e1d6d94dd7e98431b7af73d678effd1f628e

SHA512
021be5429ee8526ffba42f298912446bc621b9a9449e712818b766dd2cff73e91c4496a6cc4f7f2065c063838a67f9e84ef82c81a1586e302bcff2044f8d5123

Download Submit
C:\note.txt
Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
\??\pipe\LOCAL\crashpad_4728_HDJSXWAVSUPXAUFE
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads