085e02519e34bbd0428bdc818ed5dc30fa987c4914f9b5bd9ca1b5e404fbf738

Resubmissions

30/04/2024, 20:16

240430-y2dzjsgh59 9

30/04/2024, 14:45

240430-r4ycmshc4x 9

Analysis

max time kernel
219s
max time network
220s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
30/04/2024, 20:16

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

SimuliaLicensePatcher.exe
Size

7.7MB
MD5

4bca154d91fa2592f11f730988a106cd
SHA1

c244e509538a64f6e4ccd41d13b808f4f9bcda0b
SHA256

085e02519e34bbd0428bdc818ed5dc30fa987c4914f9b5bd9ca1b5e404fbf738
SHA512

d70cb3ba385dbda8a1b7a763aaa4c093f8f912e7bfb5d955b64cfcb34f6c280ab3a4d47acc59d4b67f9791f194b88bb9697d177b9aced8850e3bcde13bd00124
SSDEEP

196608:LytYizJjKD9Y4o5aBV2uzE0FQxidgM4RwZ+:mxe9UiVpZaIdMRp

Score

9^/10

evasion themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	SimuliaLicensePatcher.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	SimuliaLicensePatcher.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	SimuliaLicensePatcher.exe

Themida packer 16 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/memory/5020-10-0x0000000000C40000-0x0000000001DBE000-memory.dmp	themida
behavioral1/memory/5020-11-0x0000000000C40000-0x0000000001DBE000-memory.dmp	themida
behavioral1/memory/5020-15-0x0000000010000000-0x0000000010865000-memory.dmp	themida
behavioral1/memory/5020-16-0x0000000010000000-0x0000000010865000-memory.dmp	themida
behavioral1/memory/5020-26-0x0000000010000000-0x0000000010865000-memory.dmp	themida
behavioral1/memory/5020-28-0x0000000010000000-0x0000000010865000-memory.dmp	themida
behavioral1/memory/5020-29-0x0000000010000000-0x0000000010865000-memory.dmp	themida
behavioral1/memory/5020-27-0x0000000010000000-0x0000000010865000-memory.dmp	themida
behavioral1/memory/5020-32-0x0000000010000000-0x0000000010865000-memory.dmp	themida
behavioral1/memory/5020-33-0x0000000010000000-0x0000000010865000-memory.dmp	themida
behavioral1/memory/5020-31-0x0000000010000000-0x0000000010865000-memory.dmp	themida
behavioral1/memory/5020-30-0x0000000010000000-0x0000000010865000-memory.dmp	themida
behavioral1/memory/5020-34-0x0000000010000000-0x0000000010865000-memory.dmp	themida
behavioral1/memory/5020-35-0x0000000010000000-0x0000000010865000-memory.dmp	themida
behavioral1/memory/5020-57-0x0000000010000000-0x0000000010865000-memory.dmp	themida
behavioral1/memory/5020-60-0x0000000000C40000-0x0000000001DBE000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	SimuliaLicensePatcher.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
5020	SimuliaLicensePatcher.exe
5020	SimuliaLicensePatcher.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "174"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133589818857670030"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4728	chrome.exe
4728	chrome.exe
5796	msedge.exe
5796	msedge.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
656	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
4728	chrome.exe
5236	msedge.exe
5236	msedge.exe
5236	msedge.exe
5236	msedge.exe
5236	msedge.exe
5236	msedge.exe
5236	msedge.exe
5236	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4160	taskmgr.exe
Token: SeSystemProfilePrivilege	4160	taskmgr.exe
Token: SeCreateGlobalPrivilege	4160	taskmgr.exe
Token: 33	4160	taskmgr.exe
Token: SeIncBasePriorityPrivilege	4160	taskmgr.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeDebugPrivilege	4472	firefox.exe
Token: SeDebugPrivilege	4472	firefox.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe
Token: SeCreatePagefilePrivilege	4728	chrome.exe
Token: SeShutdownPrivilege	4728	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe
4160	taskmgr.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4472	firefox.exe
2568	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4728 wrote to memory of 4416	4728	chrome.exe	107
PID 4728 wrote to memory of 4416	4728	chrome.exe	107
PID 4728 wrote to memory of 1624	4728	chrome.exe	108
PID 4728 wrote to memory of 1624	4728	chrome.exe	108
PID 4728 wrote to memory of 1624	4728	chrome.exe	108
PID 4728 wrote to memory of 1624	4728	chrome.exe	108
PID 4728 wrote to memory of 1624	4728	chrome.exe	108
PID 4728 wrote to memory of 1624	4728	chrome.exe	108
PID 4728 wrote to memory of 1624	4728	chrome.exe	108
PID 4728 wrote to memory of 1624	4728	chrome.exe	108
PID 4728 wrote to memory of 1624	4728	chrome.exe	108
PID 4728 wrote to memory of 1624	4728	chrome.exe	108
PID 4728 wrote to memory of 1624	4728	chrome.exe	108
PID 4728 wrote to memory of 1624	4728	chrome.exe	108
PID 4728 wrote to memory of 1624	4728	chrome.exe	108
PID 4728 wrote to memory of 1624	4728	chrome.exe	108
PID 4728 wrote to memory of 1624	4728	chrome.exe	108
PID 4728 wrote to memory of 1624	4728	chrome.exe	108
PID 4728 wrote to memory of 1624	4728	chrome.exe	108
PID 4728 wrote to memory of 1624	4728	chrome.exe	108
PID 4728 wrote to memory of 1624	4728	chrome.exe	108
PID 4728 wrote to memory of 1624	4728	chrome.exe	108
PID 4728 wrote to memory of 1624	4728	chrome.exe	108
PID 4728 wrote to memory of 1624	4728	chrome.exe	108
PID 4728 wrote to memory of 1624	4728	chrome.exe	108
PID 4728 wrote to memory of 1624	4728	chrome.exe	108
PID 4728 wrote to memory of 1624	4728	chrome.exe	108
PID 4728 wrote to memory of 1624	4728	chrome.exe	108
PID 4728 wrote to memory of 1624	4728	chrome.exe	108
PID 4728 wrote to memory of 1624	4728	chrome.exe	108
PID 4728 wrote to memory of 1624	4728	chrome.exe	108
PID 4728 wrote to memory of 1624	4728	chrome.exe	108
PID 4728 wrote to memory of 4116	4728	chrome.exe	109
PID 4728 wrote to memory of 4116	4728	chrome.exe	109
PID 4728 wrote to memory of 4360	4728	chrome.exe	110
PID 4728 wrote to memory of 4360	4728	chrome.exe	110
PID 4728 wrote to memory of 4360	4728	chrome.exe	110
PID 4728 wrote to memory of 4360	4728	chrome.exe	110
PID 4728 wrote to memory of 4360	4728	chrome.exe	110
PID 4728 wrote to memory of 4360	4728	chrome.exe	110
PID 4728 wrote to memory of 4360	4728	chrome.exe	110
PID 4728 wrote to memory of 4360	4728	chrome.exe	110
PID 4728 wrote to memory of 4360	4728	chrome.exe	110
PID 4728 wrote to memory of 4360	4728	chrome.exe	110
PID 4728 wrote to memory of 4360	4728	chrome.exe	110
PID 4728 wrote to memory of 4360	4728	chrome.exe	110
PID 4728 wrote to memory of 4360	4728	chrome.exe	110
PID 4728 wrote to memory of 4360	4728	chrome.exe	110
PID 4728 wrote to memory of 4360	4728	chrome.exe	110
PID 4728 wrote to memory of 4360	4728	chrome.exe	110
PID 4728 wrote to memory of 4360	4728	chrome.exe	110
PID 4728 wrote to memory of 4360	4728	chrome.exe	110
PID 4728 wrote to memory of 4360	4728	chrome.exe	110
PID 4728 wrote to memory of 4360	4728	chrome.exe	110
PID 4728 wrote to memory of 4360	4728	chrome.exe	110
PID 4728 wrote to memory of 4360	4728	chrome.exe	110
PID 4728 wrote to memory of 4360	4728	chrome.exe	110
PID 4728 wrote to memory of 4360	4728	chrome.exe	110
PID 4728 wrote to memory of 4360	4728	chrome.exe	110
PID 4728 wrote to memory of 4360	4728	chrome.exe	110
PID 4728 wrote to memory of 4360	4728	chrome.exe	110
PID 4728 wrote to memory of 4360	4728	chrome.exe	110
PID 4728 wrote to memory of 4360	4728	chrome.exe	110
PID 4728 wrote to memory of 4360	4728	chrome.exe	110

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\SimuliaLicensePatcher.exe
"C:\Users\Admin\AppData\Local\Temp\SimuliaLicensePatcher.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:5020

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4160

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd8a8acc40,0x7ffd8a8acc4c,0x7ffd8a8acc58
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1924,i,13697377972856517665,4485974167245621996,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:1624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2088,i,13697377972856517665,4485974167245621996,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2096 /prefetch:3
  2⤵
  PID:4116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2252,i,13697377972856517665,4485974167245621996,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2432 /prefetch:8
  2⤵
  PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,13697377972856517665,4485974167245621996,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:2828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3348,i,13697377972856517665,4485974167245621996,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:3236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3724,i,13697377972856517665,4485974167245621996,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3716 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4784,i,13697377972856517665,4485974167245621996,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4800 /prefetch:8
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5080,i,13697377972856517665,4485974167245621996,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4536,i,13697377972856517665,4485974167245621996,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3460,i,13697377972856517665,4485974167245621996,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:3876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3376,i,13697377972856517665,4485974167245621996,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4024,i,13697377972856517665,4485974167245621996,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:5336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4964,i,13697377972856517665,4485974167245621996,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=860 /prefetch:8
  2⤵
  - Drops file in System32 directory
  PID:5552

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:3872

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4892

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:4828
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:4472
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1984 -parentBuildID 20240401114208 -prefsHandle 1912 -prefMapHandle 1904 -prefsLen 25457 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ee25132-4a28-42ea-8b83-374255766df3} 4472 "\\.\pipe\gecko-crash-server-pipe.4472" gpu
    3⤵
    PID:3824
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2388 -prefMapHandle 2376 -prefsLen 25493 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {715617bd-4cd8-4329-a861-7c0a65729314} 4472 "\\.\pipe\gecko-crash-server-pipe.4472" socket
    3⤵
    PID:624
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1440 -childID 1 -isForBrowser -prefsHandle 2768 -prefMapHandle 2764 -prefsLen 25634 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7360fd09-c9a5-4613-9d68-8ab6e08977ae} 4472 "\\.\pipe\gecko-crash-server-pipe.4472" tab
    3⤵
    PID:3472
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3932 -childID 2 -isForBrowser -prefsHandle 3884 -prefMapHandle 2812 -prefsLen 30867 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a35108fc-1bdf-49c6-8a0f-15013704a5b6} 4472 "\\.\pipe\gecko-crash-server-pipe.4472" tab
    3⤵
    PID:2936
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4832 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4824 -prefMapHandle 4820 -prefsLen 30867 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c81c39e-c2df-4999-96d3-5c78a86b6a6b} 4472 "\\.\pipe\gecko-crash-server-pipe.4472" utility
    3⤵
    - Checks processor information in registry
    PID:5748
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3880 -childID 3 -isForBrowser -prefsHandle 5196 -prefMapHandle 5152 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7201e8c8-6f1f-4c5d-9dfe-9e18ec2ec16d} 4472 "\\.\pipe\gecko-crash-server-pipe.4472" tab
    3⤵
    PID:5992
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5392 -childID 4 -isForBrowser -prefsHandle 5232 -prefMapHandle 5220 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d4e825b3-0d19-45f0-ae8b-4b56908ba825} 4472 "\\.\pipe\gecko-crash-server-pipe.4472" tab
    3⤵
    PID:6004
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5520 -childID 5 -isForBrowser -prefsHandle 5596 -prefMapHandle 5592 -prefsLen 26990 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7003c848-d2b3-437f-bc64-657bb7c13395} 4472 "\\.\pipe\gecko-crash-server-pipe.4472" tab
    3⤵
    PID:6016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\ApproveRepair.mhtml
1⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:5236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xf8,0x12c,0x7ffd86a846f8,0x7ffd86a84708,0x7ffd86a84718
  2⤵
  PID:2412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,9469616014443623614,2496894056345883022,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2
  2⤵
  PID:5828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,9469616014443623614,2496894056345883022,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,9469616014443623614,2496894056345883022,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
  2⤵
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9469616014443623614,2496894056345883022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
  2⤵
  PID:5944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9469616014443623614,2496894056345883022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,9469616014443623614,2496894056345883022,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4664 /prefetch:8
  2⤵
  PID:6508
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,9469616014443623614,2496894056345883022,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4664 /prefetch:8
  2⤵
  PID:6592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9469616014443623614,2496894056345883022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:6220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9469616014443623614,2496894056345883022,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:6228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9469616014443623614,2496894056345883022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9469616014443623614,2496894056345883022,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:6452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9469616014443623614,2496894056345883022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1908 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,9469616014443623614,2496894056345883022,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:5308

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1596

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:https://go.microsoft.com/fwlink/?linkid=864589
1⤵
PID:6848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffd86a846f8,0x7ffd86a84708,0x7ffd86a84718
  2⤵
  PID:6316

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DevicesFlow -s DevicesFlowUserSvc
1⤵
PID:5972

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DevicesFlow -s DevicePickerUserSvc
1⤵
PID:6632

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DevicesFlow -s DevicesFlowUserSvc
1⤵
PID:6440

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa38d9855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:2568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
c85f44ca80e56a2a0c7909799b88dad0

SHA1
a081e1b940b67448c6b744d93bf8f1d75faba3d4

SHA256
630836b30df3946a80aa57568c4d1648b121651881c861ca65a0066f0cc7ce48

SHA512
95239aa95bbc8e66772abe645c51fdcb32c8b0d4abafb7adc1e9c9aa31db9857f73a1cf0aca7d6629fea70166db135b4baa95695a18dffcf3891c185c1ebed39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
192cda57bf7f5f06e683fa89ab90d74d

SHA1
f1e4e78be34681c17a66f75167acb152d8c4413b

SHA256
c199233be127725ce10b306e922979d8a914506d31150041361d917a6b4a2494

SHA512
d9b3d79addd9375469c07de699d50b24e52fba3681e9ae3c400cc822b090f37b9121be3f5081051921993786bb0529a6767f1bfa52cfb1f69f3d543524da9616

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f7ff1e63ec9b9eb363f621af8d2b7d03

SHA1
2632888df34b9802de790fefed7c534868b6b30b

SHA256
0b43667ea2fb9e73c0d66fedfc7571f73ab8e961a6f86b035333046b14a4313e

SHA512
d1662688a74c8f56f500cf2ab11b7921fc3b9daa49c092fead7bbdcf411fa27180a8f6347e4aba7d0551599352e67b3901524e9198c34330604e908b61afc647

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
65f24d7b7a8e03729418ba1589cc217f

SHA1
259b62fbc05a44384fc1fae4ff23b88a1614442b

SHA256
88a306af58ab7d75bac69ea617e14e2697e849e49eaf55e3833a805889d29994

SHA512
e4faf5231a01145302504d8a1741ddbca7dc4d1f6af2a5db248bb8387478d4598d8900f7b8c3f7059d37f1d38da7f5de817103a4e4165c9fd6212390b41138bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
63cbaad813a5f5df2674ae43b2fb50c4

SHA1
40019421538506b059894d1d8c6d70071cb5a7af

SHA256
70d8d69cfc2fd12f2497286af770c9d9c3943e5c27a30ac4def1df9dd8135411

SHA512
560d1bf9f51943bffd0875843fdaa84cbdd7c2cdd8b2e71986af39e9d685a42a44e389259267ed865e4533f2d06af778ede7ee3307cefd86ae5da119c31cd6c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ea93ae53964942cd2907e08b229404c4

SHA1
a62f26f5c865936ab16401edeec0c7e952068c0f

SHA256
8bba9bf18717296fd1c156c4599f53f7e83e327910630c5e9a725983f63c4d5d

SHA512
f7dd8be2e0df6740f9d69d7b6bd1f815819738fd57e67a91f4dca0f796ff6983759cd9ac5dcc715351f96576b09223fa49a9300800748f408feda34d5b7bff7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8b7452bb261d899a1d91676d81bb0378

SHA1
3823f6a73c4d7a73d542508e741ed33353bf944c

SHA256
3f97ed449cd112f5510e26a08d3c0e3fe649fb3f9ae911ce644f61273fafe100

SHA512
a8b1e3e8dcf686c77efe08d511a51b983147ac289705ac4d50e1a63f211d68ffe4fe7c40a36f70932873f96e2f0b3889bd5c179df2f90bce8348300bb6a55143

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
782943f836a9826f3260ce0a07a2143a

SHA1
e08025861b9e70000c118c8c5616009ffeb98f6c

SHA256
7335dce1e9e56e602061dcbf04aa067f5309d62301f9b5d4f386b52d5dc4ed90

SHA512
bb9e25e1098cd9ddf6caab1918fb88825a9aa1d891225a1d24d125895ca5106655f02cbc798f2b2750ca96bfc75b485ac35b6ba4749cc87caed25ae0249023a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bad18e88ec2a26799e6d25d18a3beaa2

SHA1
347d1715e753b4e68ef3e8e80013735b1756e757

SHA256
a9e7ebbad080705395420eb9f412232bf06cf72e596d651d485975b51830306f

SHA512
270fb912548b51276947ec19682f179fd1384d4ae8bacf9f93df92200a32d8a1dd8b2877cf45416bb687dcb59dec285ebdaba3b2bc8db7bb5d473a50e5e7df31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f59c701b545ec2fe02a11e908850b00e

SHA1
3a8b5fc6baad99eb1482b237da98e7a2738eb1f8

SHA256
0f46698675dd3de4859b30215ac5fd73ec8050e0509023ce71e42494b5a0f6eb

SHA512
25eb8696178fe2d51cc0716313bc42a8d1adfafd09cbc15d7e7d1e39518d0ba1a80b1ddefe9759efe8c1bfc76f5b58398ceb3c2f90cfc7824f721a665b18f11b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fd4ec1c42afa805eb56b984170f2d267

SHA1
f58a21bfce11905e3a2172d444f1d1d87be02a01

SHA256
f60d4a7070fcc2cff7463770183710a5bbb0ea9ccffadcf3aabf5d97fdd97064

SHA512
6a4a94468f064e765a92802e5820076897f81512e680fa688e8e9bbb0ef9fcb362ab9fc3b180eec48071c41becc8dc164572196090b22a901f97138ba819dda3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5eead2a6593b306133c6762442366e56

SHA1
555291cf4256d3d9e055c5b69e9ce588ee9f6599

SHA256
6ae66ae2cecf3c4ae3fa2ae9673e3bc906f9723f7d33b945f3f4546823a5a386

SHA512
6f2487e197029c905c5c32e2a0318a6115dc7a9faa78e66b2a3a9c15fb630280b969ff9263b4cc85827dace8b22152a4c358a8c2471869df7d7359777e9835e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
73d97102f901be637976e915bb619a3a

SHA1
892e27629404a279d6bf7f5555096e418fb85623

SHA256
769e1874bcc13a4a3a9a2561b4e837ff8c724795349d364b6759a6fd5ad52b0e

SHA512
a6b98741f8a89d5f034403867692e456cb5eccac2ad162d29c74528fa9a8ab7779651e88b21cbe976d7c5f1a683b5ac96440efe6a0c878da58fd5ea2b28ea636

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
77KB

MD5
b07fac762f5ce388da92d6654a3cdb78

SHA1
e0c752fd27d0a659e3bfbf4cf02ceb3b5c7f12b1

SHA256
60e0cbdc269be2cc3a81fb96fec81fa774ca145b3380f36b9ba2ae00d3f7e433

SHA512
f9373e2bc0cc14498f5c7b049b91ec7b7a5d5b6820297c6fe01fb7520eb73fca665539ad510cfe8c2fcc71439dff3c7b0815ba7f51d97b8957589351dbd95e0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
850f27f857369bf7fe83c613d2ec35cb

SHA1
7677a061c6fd2a030b44841bfb32da0abc1dbefb

SHA256
a7db700e067222e55e323a9ffc71a92f59829e81021e2607cec0d2ec6faf602a

SHA512
7b1efa002b7a1a23973bff0618fb4a82cd0c5193df55cd960c7516caa63509587fd8b36f3aea6db01ece368065865af6472365b820fadce720b64b561ab5f401

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
62c02dda2bf22d702a9b3a1c547c5f6a

SHA1
8f42966df96bd2e8c1f6b31b37c9a19beb6394d6

SHA256
cb8a0964605551ed5a0668c08ab888044bbd845c9225ffee5a28e0b847ede62b

SHA512
a7ce2c0946382188e1d8480cfb096b29bd0dcb260ccdc74167cc351160a1884d04d57a2517eb700b3eef30eaf4a01bfbf31858365b1e624d4b0960ffd0032fa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d5813765273f63515dea76401463e4d5

SHA1
41a8df976930e8811a2eeff19ea622ce32ad6844

SHA256
910b080012c36a5cc6736dd06e0cc6ac0a876fd600c0bcb21388b8abbeb17a84

SHA512
fe1c3c4a64b30cf2d4e86034a58f3ccc3e58652fa0e876e3bbd52cfb32cbb5117da8b962e171fc3cb4a501c05af17195f846a63ab7a7800b12bbf266844dd3c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
73dc20081acf0c11c54a401051251fc1

SHA1
23d54649203f4291ff921d13c6439a6d9fd842da

SHA256
f4ab9167e6e584e0ea97979da5f45b48428033b9e00a70eb9fbf8e5e251ef02a

SHA512
baa4eab52f3255be7dc5ad576c491c8cc5b05f316626d8ebc8f4d60256466d30a27926fe9721b5669fa3c8c59d4c10791881e1ed0e6b9a38164741191c294ffd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
22b7e552a744608de0c7558ca105359c

SHA1
b7ec8d4df7425889eb8283b26f037858cd0f3380

SHA256
73fc474740dbc63be5a93ee5ff157dc14c3a6d9fd5358af5063440c06e4e7732

SHA512
1afe163f72000be4b9157284dd52c0a0ee99f36bb4ac5a8b42bb9b0cafa71fd76caabba4ba7c5367ee67b76ded90b82f25df345d0339acf68e88157c573c1770

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
01dda8fb985fec0832bf561a8144acd8

SHA1
55e034fedf77f8018f2558c369797fd846782daf

SHA256
d2945f55f000a20e764e5856133f8f824f9f0c3b9df60043868cf7adb27dbd95

SHA512
696e5f744e7e49cb5eb977057a89d2f4cebc1a4fcb59986474667cd1cde2a382d53432a29f83becc23b1b24803a350894c0f40ded023712effd572d51861dd7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
32c574d8eb2701c52fff12b042ba84df

SHA1
7ad1ca69de149ac2902864bd292352228539efa1

SHA256
5f45d737e2ac0e5650f8d70aa908c7c4bd0bb43536554d9c2934ef3d21e5d7ba

SHA512
9e30572e25c75fa44974e601241762b3ea0f8de564befb07610f611da8aa4b4af1dc722ecb9aba9e3ea1ead5bfd8ed085c65712f6de9a482ba1419dcbd355ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
db5f9abb4652d3038bcd0b87a523c0ac

SHA1
4501f135f5165fe0ace5a478813ea6862b248e05

SHA256
f8adec39c0a79e0d2de5527309da990ec79330327925f2a123cbb89931b3d6ca

SHA512
9ff318e548b45ecff3411c03217abf45dbe9d80508efa22362388aa2e1cdf033ab670fc5a67327cc6be394caecb126c7524bee589ae02a9c26b7a6bbe7dbc76d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\md1ejlmw.default-release\activity-stream.discovery_stream.json.tmp

Filesize
18KB

MD5
a62a71a8218d486828729d246c79ed83

SHA1
7f7090e38b5cc41bd769e5718537268ee21fe3f9

SHA256
b52ecfb006df92e5dfa393225f40b2613e6b193c4780319e422bf477847d1ffe

SHA512
58ec8d65e542991444ff279a3746e5797c24fc5f68a3fae0a4678724074ff8250c0ad7a995d4d423adceb9d525c8e84a41f95bd3a506d333e59fd162ef24abbf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\md1ejlmw.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
d5c9808de84ebc3c3b6855e5e065b20e

SHA1
84a772ff6050c1ec675aea6cf3263c4941916e37

SHA256
6bb0d143889f346a17f60157276c122bde46a45d83e37bc8ca0932ee88047363

SHA512
1d79bb0972cbf77575d136be4d689a46658b9a7b346ce234b735254a70940d4241b5872cd70f8eda64ed9e1f966265c7381109feed793c1f56e17e52a6e4a288

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\md1ejlmw.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
32ffdb49d4009e0c39adf17c40f73ac7

SHA1
1e676231220ed477c64afeb7203534c0be6235bb

SHA256
700af71410d894437f57666af058bd0dfbfd4a37687ec9adcd88b74181ea5c63

SHA512
e77cec244a69c7c85b9d6b91c87e4d311caebea9ec25bd4b83c54de95e8fcd61d95494afe94abc157aebccc4e2c860bff70d8a017db0ad4323d4653d59a7e225

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\md1ejlmw.default-release\datareporting\glean\pending_pings\ab9b9520-266f-413f-9067-2c8cb4d5b2f1

Filesize
982B

MD5
3a3257a9bcd51f773ef7e6abb25ea26b

SHA1
8e207237a4f8805a552b0cc0aae3b472012f4c71

SHA256
079c31805b0f3cb8177cfba3bfbee9c97831e35790fc033e17e56f3d05fb3f6f

SHA512
2098c6cdd1882d44097e87b4195d27952d5d7c01801dbd366e0833cb15488fe1d501f47ed68ff7ffc0561b330cb338cd02d4798254b418daf7f52f4000e22c5c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\md1ejlmw.default-release\datareporting\glean\pending_pings\bca2ad53-affc-4d53-86c4-efac1c037227

Filesize
27KB

MD5
e3671d3a92f8165ce9cbdaad09b78523

SHA1
150da5a5e3f7bc5adf97bec63d1018c8f47abf6d

SHA256
9f406583961803fc4dcc6c3282abf07bded216770b3656fb9363c9ed6728f86b

SHA512
efaba09dc150e3ffee46ffa659b265009dfda4e921bb62fe9dbd41de6a5f5ca91ace4769318be466a80e6d1fdba36d82b9e5820c5e1e26c724e24733d4c74ff7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\md1ejlmw.default-release\datareporting\glean\pending_pings\f7edad2a-190a-4509-87ae-10b2cc8182dc

Filesize
671B

MD5
16197adf8910dbe89d244ed91bd0baf3

SHA1
1c6d8786b8b4475b5863aae87b9b2058054cba38

SHA256
2d3a8ea213ed09dee1ec7c12830572bf30dff580ac53037cd1b495f3dbe9ed44

SHA512
f323f6710e9f73489371d6f2db0c8c627126c4aa21f0da0b1ff5bac01806f089dba84edbf78c6772770fcbfc4aa8585d7dd7943b2e534e1042c21e570c81d86b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\md1ejlmw.default-release\prefs-1.js

Filesize
8KB

MD5
2d95c59e47b7d88544fbb51701a067b5

SHA1
403e0431a060e4bad60fc64726263f947f5c43df

SHA256
396dd6a9cd002daa302b8931982533dc735ff99891d2ecc9275f9539127440c8

SHA512
ec568918d507416c4efed1cee4ec16e30132fcf78425d504ecb5fe87db1588bff6524e3765617360b5756618b5c6d9f3e9be82b485fc55986cd47e5b1a608749

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\md1ejlmw.default-release\prefs-1.js

Filesize
8KB

MD5
c3457dec5055660ce104fd0f9037a928

SHA1
84dd3fa29fe1a1f00e784cd045ebf8929a66194f

SHA256
531c7d2c3e6f4845693d084fae5b62be3fc7b2a8457c99d598f4263faf927035

SHA512
22cdadc3b6cec23f1753bd34c0baa2573dd966db86e5d98d97112e347ba9d962f756c0f469f8391556cdf2e7d16f527275c5444b113b10ff3187f97d21663276

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\md1ejlmw.default-release\prefs.js

Filesize
8KB

MD5
301fb7809079b0781260787009c03c19

SHA1
b7ae1fc8c812cd1e65198ed9c42bf32b13a898f7

SHA256
dc7667c1457c06d16f512cd1b3496615765f01d6611ced554e3535e12650232c

SHA512
0aee94d9337951d871503c433289ca9e854febbd6b028a6b3077d520362041d295fe0a9ce9546b35a45f11ca8f508216acc22a7238cb05e6eef62457caaa238d

Download Submit
memory/4160-49-0x000001DA61280000-0x000001DA61281000-memory.dmp

Filesize
4KB

Download
memory/4160-46-0x000001DA61280000-0x000001DA61281000-memory.dmp

Filesize
4KB

Download
memory/4160-42-0x000001DA61280000-0x000001DA61281000-memory.dmp

Filesize
4KB

Download
memory/4160-40-0x000001DA61280000-0x000001DA61281000-memory.dmp

Filesize
4KB

Download
memory/4160-47-0x000001DA61280000-0x000001DA61281000-memory.dmp

Filesize
4KB

Download
memory/4160-48-0x000001DA61280000-0x000001DA61281000-memory.dmp

Filesize
4KB

Download
memory/4160-41-0x000001DA61280000-0x000001DA61281000-memory.dmp

Filesize
4KB

Download
memory/4160-50-0x000001DA61280000-0x000001DA61281000-memory.dmp

Filesize
4KB

Download
memory/4160-51-0x000001DA61280000-0x000001DA61281000-memory.dmp

Filesize
4KB

Download
memory/4160-52-0x000001DA61280000-0x000001DA61281000-memory.dmp

Filesize
4KB

Download
memory/5020-33-0x0000000010000000-0x0000000010865000-memory.dmp

Filesize
8.4MB

Download
memory/5020-60-0x0000000000C40000-0x0000000001DBE000-memory.dmp

Filesize
17.5MB

Download
memory/5020-57-0x0000000010000000-0x0000000010865000-memory.dmp

Filesize
8.4MB

Download
memory/5020-59-0x0000000076730000-0x0000000076820000-memory.dmp

Filesize
960KB

Download
memory/5020-54-0x0000000076730000-0x0000000076820000-memory.dmp

Filesize
960KB

Download
memory/5020-55-0x0000000076730000-0x0000000076820000-memory.dmp

Filesize
960KB

Download
memory/5020-56-0x0000000076730000-0x0000000076820000-memory.dmp

Filesize
960KB

Download
memory/5020-53-0x0000000076730000-0x0000000076820000-memory.dmp

Filesize
960KB

Download
memory/5020-39-0x0000000076730000-0x0000000076820000-memory.dmp

Filesize
960KB

Download
memory/5020-37-0x0000000000C40000-0x0000000001DBE000-memory.dmp

Filesize
17.5MB

Download
memory/5020-35-0x0000000010000000-0x0000000010865000-memory.dmp

Filesize
8.4MB

Download
memory/5020-34-0x0000000010000000-0x0000000010865000-memory.dmp

Filesize
8.4MB

Download
memory/5020-30-0x0000000010000000-0x0000000010865000-memory.dmp

Filesize
8.4MB

Download
memory/5020-31-0x0000000010000000-0x0000000010865000-memory.dmp

Filesize
8.4MB

Download
memory/5020-0-0x0000000000C40000-0x0000000001DBE000-memory.dmp

Filesize
17.5MB

Download
memory/5020-32-0x0000000010000000-0x0000000010865000-memory.dmp

Filesize
8.4MB

Download
memory/5020-27-0x0000000010000000-0x0000000010865000-memory.dmp

Filesize
8.4MB

Download
memory/5020-29-0x0000000010000000-0x0000000010865000-memory.dmp

Filesize
8.4MB

Download
memory/5020-28-0x0000000010000000-0x0000000010865000-memory.dmp

Filesize
8.4MB

Download
memory/5020-26-0x0000000010000000-0x0000000010865000-memory.dmp

Filesize
8.4MB

Download
memory/5020-16-0x0000000010000000-0x0000000010865000-memory.dmp

Filesize
8.4MB

Download
memory/5020-15-0x0000000010000000-0x0000000010865000-memory.dmp

Filesize
8.4MB

Download
memory/5020-14-0x0000000005E10000-0x0000000005E1A000-memory.dmp

Filesize
40KB

Download
memory/5020-13-0x0000000005E20000-0x0000000005EB2000-memory.dmp

Filesize
584KB

Download
memory/5020-12-0x0000000006510000-0x0000000006AB4000-memory.dmp

Filesize
5.6MB

Download
memory/5020-11-0x0000000000C40000-0x0000000001DBE000-memory.dmp

Filesize
17.5MB

Download
memory/5020-10-0x0000000000C40000-0x0000000001DBE000-memory.dmp

Filesize
17.5MB

Download
memory/5020-6-0x0000000077D34000-0x0000000077D36000-memory.dmp

Filesize
8KB

Download
memory/5020-3-0x0000000076730000-0x0000000076820000-memory.dmp

Filesize
960KB

Download
memory/5020-5-0x0000000076730000-0x0000000076820000-memory.dmp

Filesize
960KB

Download
memory/5020-4-0x0000000076730000-0x0000000076820000-memory.dmp

Filesize
960KB

Download
memory/5020-2-0x0000000076730000-0x0000000076820000-memory.dmp

Filesize
960KB

Download
memory/5020-1-0x0000000076730000-0x0000000076820000-memory.dmp

Filesize
960KB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads