Malware Analysis Report

2025-01-22 12:52

Sample ID 240520-psklasba59
Target Beatware Internal v1.8.exe
SHA256 09056146a9fc630956948e30d8d9c58272a887fa0c4fc3e839cf21ab740f1a8e
Tags
vmprotect
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

09056146a9fc630956948e30d8d9c58272a887fa0c4fc3e839cf21ab740f1a8e

Threat Level: Shows suspicious behavior

The file Beatware Internal v1.8.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

vmprotect

VMProtect packed file

Legitimate hosting services abused for malware hosting/C2

Suspicious use of NtSetInformationThreadHideFromDebugger

Unsigned PE

Enumerates physical storage devices

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-20 12:35

Signatures

VMProtect packed file

vmprotect
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-20 12:35

Reported

2024-05-20 13:06

Platform

win10v2004-20240426-de

Max time kernel

1736s

Max time network

1165s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe"

Signatures

VMProtect packed file

vmprotect
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3240 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe C:\Windows\system32\cmd.exe
PID 3240 wrote to memory of 2792 N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe C:\Windows\system32\cmd.exe
PID 3240 wrote to memory of 4736 N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe C:\Windows\system32\cmd.exe
PID 3240 wrote to memory of 4736 N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe C:\Windows\system32\cmd.exe
PID 4736 wrote to memory of 4400 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\certutil.exe
PID 4736 wrote to memory of 4400 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\certutil.exe
PID 4736 wrote to memory of 4604 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\find.exe
PID 4736 wrote to memory of 4604 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\find.exe
PID 4736 wrote to memory of 3980 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\find.exe
PID 4736 wrote to memory of 3980 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\find.exe
PID 3240 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe C:\Windows\system32\cmd.exe
PID 3240 wrote to memory of 3848 N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe C:\Windows\system32\cmd.exe
PID 3240 wrote to memory of 4116 N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3240 wrote to memory of 4116 N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3240 wrote to memory of 448 N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe C:\Windows\system32\cmd.exe
PID 3240 wrote to memory of 448 N/A C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe C:\Windows\system32\cmd.exe
PID 4116 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 4100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 1332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 1332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4116 wrote to memory of 2848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe

"C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe" MD5 | find /i /v "md5" | find /i /v "certutil"

C:\Windows\system32\certutil.exe

certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\Beatware Internal v1.8.exe" MD5

C:\Windows\system32\find.exe

find /i /v "md5"

C:\Windows\system32\find.exe

find /i /v "certutil"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://beatware.xyz/discord

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff64f646f8,0x7fff64f64708,0x7fff64f64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,5573018397690273113,6024873919223509426,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,5573018397690273113,6024873919223509426,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,5573018397690273113,6024873919223509426,131072 --lang=de --service-sandbox-type=utility --mojo-platform-channel-handle=2504 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5573018397690273113,6024873919223509426,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5573018397690273113,6024873919223509426,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5573018397690273113,6024873919223509426,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4620 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 keyauth.win udp
US 172.67.72.57:443 keyauth.win tcp
US 8.8.8.8:53 x2.c.lencr.org udp
BE 23.55.97.11:80 x2.c.lencr.org tcp
US 8.8.8.8:53 57.72.67.172.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 11.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
N/A 127.0.0.1:55812 tcp
N/A 127.0.0.1:55814 tcp
US 8.8.8.8:53 beatware.xyz udp
US 172.67.144.202:443 beatware.xyz tcp
US 8.8.8.8:53 dsc.gg udp
US 172.67.156.126:443 dsc.gg tcp
US 8.8.8.8:53 202.144.67.172.in-addr.arpa udp
US 8.8.8.8:53 r.dsc.gg udp
US 172.67.156.126:443 r.dsc.gg tcp
US 8.8.8.8:53 discord.gg udp
US 162.159.135.234:443 discord.gg tcp
US 8.8.8.8:53 126.156.67.172.in-addr.arpa udp
US 8.8.8.8:53 discord.com udp
US 162.159.138.232:443 discord.com tcp
US 8.8.8.8:53 234.135.159.162.in-addr.arpa udp
US 8.8.8.8:53 232.138.159.162.in-addr.arpa udp
US 172.67.72.57:443 keyauth.win tcp
N/A 127.0.0.1:57690 tcp
N/A 127.0.0.1:57692 tcp
BE 88.221.83.226:443 www.bing.com tcp
US 8.8.8.8:53 226.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 23.173.189.20.in-addr.arpa udp

Files

memory/3240-0-0x00007FF73D2B5000-0x00007FF73D61E000-memory.dmp

memory/3240-2-0x00007FF73D220000-0x00007FF73DB9A000-memory.dmp

memory/3240-1-0x00007FFF84150000-0x00007FFF84152000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4dc6fc5e708279a3310fe55d9c44743d
SHA1 a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2
SHA256 a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8
SHA512 5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

\??\pipe\LOCAL\crashpad_4116_TDAJTPRHMQPUSURW

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c9c4c494f8fba32d95ba2125f00586a3
SHA1 8a600205528aef7953144f1cf6f7a5115e3611de
SHA256 a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b
SHA512 9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6d3ef498-d32e-4b9f-9de7-efad20942e9d.tmp

MD5 cb1b3a9e09b36103765a491ec1d9fb39
SHA1 d7e2d6f4a36df05a656953b8ace30675009ae586
SHA256 d22fb33da39dc5eb388e7ca261d68c98e4dc81f5e34ae33e0d4eaacf58515a15
SHA512 6e8496c9db232251ef7cb02fa8f2acec0b505e55c74aae135c579bd207ef5a748f9a722ff86622704525d844fbd4c92fc12676b2b85889085baf257cfd626bd9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ac81582cd036cc7f450bb6d848f03b7f
SHA1 a836d13afcd442817a0ef6c7b58102aaa0a5b05a
SHA256 45656956809e320259dac133042506e8125e2712f5757c565cc94af48f26d104
SHA512 257591b9acc33898413b1bbec112f3acb73905da8e06b13b153405d193c617139c0e4a368a5e5912fc754951b022e246d25c9ceade9d18bef7480258fcdf41dc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 acfd1da3162731ac21b50012975d29b2
SHA1 c4ef8a72d5ec3dce60ed00748d80bbe3cbe5f90e
SHA256 8c24533ee920d6687a3550d8ef4dd5ef37870b7b6fdcf2ed49d31749d3f8465c
SHA512 f31229f2b5a48e1ab9dc59b06bd6ab7ab88cdc1ad26bb1c16abe8f25d3cd385048fb65d49bba80c5b2bba8f4d03a6d4a55d04abfa3068689f028cfe5caea52b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 2decdc7aa2ceb52adc402e9cc1d2aeea
SHA1 749c25fbf45753378ccc721f83feef17b862daa1
SHA256 26913a7f84cf46417d06baa147cc69b8f5b7d18177e014abe3b97c995d7a222a
SHA512 7123e836e7fa42e5ca376a248e0614edda216a849e91f53a2011cfdc26cca1a1b83f6a82ed5cd1f0172b7478230987348b4387b0ff9e85466beb1e08020d6189

memory/3240-120-0x00007FF73D2B5000-0x00007FF73D61E000-memory.dmp

memory/3240-121-0x00007FF73D220000-0x00007FF73DB9A000-memory.dmp