Malware Analysis Report

2025-03-15 05:53

Sample ID 240628-s29hkawakb
Target Beatware.Internal.v1.7.exe
SHA256 9fffea08116948a80151baf5271b5ba94d54e11d4c9aa7315591626d11ac0242
Tags
vmprotect
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

9fffea08116948a80151baf5271b5ba94d54e11d4c9aa7315591626d11ac0242

Threat Level: Shows suspicious behavior

The file Beatware.Internal.v1.7.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

vmprotect

VMProtect packed file

Legitimate hosting services abused for malware hosting/C2

Suspicious use of NtSetInformationThreadHideFromDebugger

Unsigned PE

Enumerates physical storage devices

Suspicious use of SendNotifyMessage

Delays execution with timeout.exe

Enumerates system info in registry

Modifies Internet Explorer settings

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-28 15:38

Signatures

VMProtect packed file

vmprotect
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-28 15:38

Reported

2024-06-28 15:41

Platform

win7-20240611-en

Max time kernel

150s

Max time network

137s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe"

Signatures

VMProtect packed file

vmprotect
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a8076000000000200000000001066000000010000200000005fbb62cb2559052fa58965fc889b95b50decc786f1f4321a90fb0bb922552a1f000000000e800000000200002000000094e282c9e59ec32af98a9196cf6352cfd73e3d8b1588864c68c4f54da256d1b520000000b09a914b52fe06133d3f87160b383557404b0a9481536fe5b4cf93ee85d1ac8d40000000b47aed43b6ace003f210166fc69f71a23de6e067ac0ef1b71d99d2ea2bff7cfd29f093604d805d439676e45725960f4d0d16233419a38d88b2c5c6fe6e5604b2 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000005ec80cf279b2564c91633e21940a807600000000020000000000106600000001000020000000515ff6bd206486fb263247c0b5582d499d62b0039e34e5c5590b12e85a3992cc000000000e800000000200002000000025107f76ded0f6e5700aa552d3872ca2bf40d623693aae22c29d806d03820f7a900000004f255e32fac793a7cc9e45d9dde93252d0afd6bc29547f520da73f3aa129bb67881d2ae03fdf4510c6d542fca023cb8adb83624c7130fee37c23971d49aa8309807b677d857701b2a6db8f1ed96076a1457c7c475500aecaa3fefa25909f1b0b46e012314898b69ea72f9c48133444bc6cdb48d9db419c265c3065b5b78b3d1b7941b1f28b770b627288333ee916a7df400000002778e401bfbe433c0f49ae3871ae18e2983605b29f6f7ef32035765749169bd31d132933f926f9e40f74fc7420f7c23fd77252f6fd957e5a64e0f82ded31fcec C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{863041F1-3564-11EF-9E55-E6415F422194} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 509bdd4c71c9da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "425751002" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\discord.com C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DOMStorage\discord.com\NumberOfSubdomains = "1" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2176 wrote to memory of 3004 N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe C:\Windows\system32\cmd.exe
PID 2176 wrote to memory of 3004 N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe C:\Windows\system32\cmd.exe
PID 2176 wrote to memory of 3004 N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe C:\Windows\system32\cmd.exe
PID 2176 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe C:\Windows\system32\cmd.exe
PID 2176 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe C:\Windows\system32\cmd.exe
PID 2176 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe C:\Windows\system32\cmd.exe
PID 2612 wrote to memory of 1100 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\certutil.exe
PID 2612 wrote to memory of 1100 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\certutil.exe
PID 2612 wrote to memory of 1100 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\certutil.exe
PID 2612 wrote to memory of 3040 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\find.exe
PID 2612 wrote to memory of 3040 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\find.exe
PID 2612 wrote to memory of 3040 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\find.exe
PID 2612 wrote to memory of 3000 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\find.exe
PID 2612 wrote to memory of 3000 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\find.exe
PID 2612 wrote to memory of 3000 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\find.exe
PID 2176 wrote to memory of 2820 N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe C:\Windows\system32\cmd.exe
PID 2176 wrote to memory of 2820 N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe C:\Windows\system32\cmd.exe
PID 2176 wrote to memory of 2820 N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe C:\Windows\system32\cmd.exe
PID 2176 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2176 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2176 wrote to memory of 2596 N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2176 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe C:\Windows\system32\cmd.exe
PID 2176 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe C:\Windows\system32\cmd.exe
PID 2176 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe C:\Windows\system32\cmd.exe
PID 2596 wrote to memory of 2500 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2596 wrote to memory of 2500 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2596 wrote to memory of 2500 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2596 wrote to memory of 2500 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2176 wrote to memory of 2400 N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe C:\Windows\system32\cmd.exe
PID 2176 wrote to memory of 2400 N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe C:\Windows\system32\cmd.exe
PID 2176 wrote to memory of 2400 N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe C:\Windows\system32\cmd.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe

"C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe" MD5 | find /i /v "md5" | find /i /v "certutil"

C:\Windows\system32\certutil.exe

certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe" MD5

C:\Windows\system32\find.exe

find /i /v "md5"

C:\Windows\system32\find.exe

find /i /v "certutil"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://beatware.xyz/discord

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2596 CREDAT:275457 /prefetch:2

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

Network

Country Destination Domain Proto
US 8.8.8.8:53 keyauth.win udp
US 104.26.0.5:443 keyauth.win tcp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.63.101.177:80 apps.identrust.com tcp
N/A 127.0.0.1:49202 tcp
N/A 127.0.0.1:49204 tcp
US 8.8.8.8:53 x2.c.lencr.org udp
GB 173.222.13.40:80 x2.c.lencr.org tcp
US 8.8.8.8:53 beatware.xyz udp
US 172.67.144.202:443 beatware.xyz tcp
US 172.67.144.202:443 beatware.xyz tcp
US 8.8.8.8:53 dsc.gg udp
US 104.21.7.223:443 dsc.gg tcp
US 104.21.7.223:443 dsc.gg tcp
US 8.8.8.8:53 r.dsc.gg udp
US 104.21.7.223:443 r.dsc.gg tcp
US 104.21.7.223:443 r.dsc.gg tcp
US 8.8.8.8:53 discord.gg udp
US 162.159.134.234:443 discord.gg tcp
US 162.159.134.234:443 discord.gg tcp
US 8.8.8.8:53 discord.com udp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp

Files

memory/2176-8-0x0000000140035000-0x000000014039E000-memory.dmp

memory/2176-5-0x000000013FFA0000-0x000000014091B000-memory.dmp

memory/2176-4-0x00000000776D0000-0x00000000776D2000-memory.dmp

memory/2176-2-0x00000000776D0000-0x00000000776D2000-memory.dmp

memory/2176-0-0x00000000776D0000-0x00000000776D2000-memory.dmp

memory/2176-10-0x000000013FFA0000-0x000000014091B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Cab84BC.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z5LT06Y3\favicon[1].htm

MD5 011e81dfa695f67680f7b8190e9ab008
SHA1 95971340b232699ae3bfa505cf5763b6afcff253
SHA256 0c6ee91de583298df3e6ab98aef857ba19c669e9adb5c80427c97971afcc37ee
SHA512 a14b35299001aad2d4eab68ad0bc78b31a72081781d0f29d961e7d98e637dc5f90c0ae472ec5b107cb64ba0092a0fe334ae0099401d671f55016e4963757e59b

C:\Users\Admin\AppData\Local\Temp\Tar8867.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0f399156fe346b34a2bc3eda721f6666
SHA1 2d39fb255070766e14beec4df4cf3e3ac4ff4936
SHA256 08b8a47e19cda0b53cc71375066acfef73d06f6871ef953a2ca1cda3dcd60f57
SHA512 0a52d297af4f30d7a69515806d468d5b29a0a5c83bb20b0dea842255459703bc8e7344bb21860be235ef82679b9d566ebbbdc219cb588f603af4c6e2377501df

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 49390830f85e4a636729383492218a9c
SHA1 2d0097d90a5cfc8d27b2e5a1a7de641218f0811c
SHA256 15f3114b4e55aa54e73a5e0c150568c7f5efacfd6d385606adbcd629815532d9
SHA512 af20acbc14479341939f012920ca1c5fe384d6446af98f1a64b5f7a5d8eb4fe6a4213d090aaadf9daf274b3c9a60bef477c8790662a75b8d78c13c4384778248

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6526962f3d0e3f93bbfa187ad3e17e77
SHA1 b60c1b54390a5baf365d038ef66221eabf542366
SHA256 76b735d58c091f6b8c28002171896663339310175719652f073112723db3e76b
SHA512 08a4a7d37e0b76575682ba263edc274c12c53f3ccb7a56ae8458b98331ab632754cb27fe599f5d26ba8f8b03ae8f94da5952875c3c4134acfef347e68573f80d

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3JK00ZJ\favicon[1].ico

MD5 ec2c34cadd4b5f4594415127380a85e6
SHA1 e7e129270da0153510ef04a148d08702b980b679
SHA256 128e20b3b15c65dd470cb9d0dc8fe10e2ff9f72fac99ee621b01a391ef6b81c7
SHA512 c1997779ff5d0f74a7fbb359606dab83439c143fbdb52025495bdc3a7cb87188085eaf12cc434cbf63b3f8da5417c8a03f2e64f751c0a63508e4412ea4e7425c

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\c70czm7\imagestore.dat

MD5 4fee1d7c60efdda81b05ebc86ff5df2b
SHA1 3891cfd8507d1751950b1401437d87d91b31c8bd
SHA256 50f97325df1cad5fea8e25fb6ee496fc5f7c1650fa03b46dd7cf8a8f5806de5f
SHA512 cac28d772bd4d5a8654f45eaf095c507016df18b9dee0ad7b047b8a1774c8a94900f1f3a72f426328619cc0a417ae346403d5764140db19e07e1d71154f58484

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 622eb5a13b7490770c33182499cd78a4
SHA1 751f4d4a865b528ec3fde7029eb539c6208402bb
SHA256 6eb354e086a4d6ddc42970982020266a094ecfb68422dcb253fc7934ffe323c1
SHA512 88a07914df883900d5cbb2ae115d70f1c050062f2debdf41cf0035d3526b7fa0c5faeeb3fe5272b9fb820f3ef848e6173e8630c9d01aa3e34f55d22a7f41e7f4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 2a61f0e36a823fff0c6d75dc0d95f4de
SHA1 8972417f8727c77dab41bd4b2c20b5f6d3f26255
SHA256 90b2d28df6ba5418acb6531641c429a49829d73a85dd2ed1fbc500bb8cf03fdf
SHA512 d2e73caf1b8d578bf7dc262ee68a057cf169d4861ffd9a6fdea28edbfef45d077ebaeb9935ba62f21f94098c741e805e80463ce494d2c6104e1ae27cceb14b6f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fa0681a69606933ae4cc0ec8e6da4acc
SHA1 76afea7ad9d71da41a8bd6a24325f6adf50ff98b
SHA256 cd3d12b5e9f42e58b94718fd1c2519a336eee3e93f14cc96894866837c52dfe6
SHA512 853451242cac59968ab6c5a96ad43f957ab841570d8089a11b84737d4b4829dc2d3a0fc4bd38d6c7d60610a5b896ae14e5921e5209ddfda3f2246dd600a732fa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5739420e7b9928227739d5167c28b4c5
SHA1 dcdf582e26cf1a221f707eaa6e2f14f2849e1d49
SHA256 a875e004f05e0c0dade3c0d68491a9c597305b4b4f39bb8e26c3058dc5e6c7d8
SHA512 959c53c0235a4a225f8d8a4b9e4fa2fb81753e559eb638b459fa614184dd31921fc4cb1bc52d9807c3da5d05b44d7df581c11a19bdcf867c6e73f093a87b9f54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b4bbec2c0d32eb3abeb0fc4e415e8ebc
SHA1 6aac7b6ee36fec1325cf8731b456eb9cbcd4f29d
SHA256 d990ce5badbf022f2ad61b13f31ee9274d3930ef18bd21d377c2f7b375ba0b1c
SHA512 270f8411a83b6ae6be0c8ff6e720f46224231615ffd513785ea83f0b444cee12450f898422eebc938489e4bcb5b770e7093c658336412f1f6e93e1896ad2319c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d6b6625371cf9637d25779fb16b6c981
SHA1 c4312f8043fdcfd2137e3e643f5824aaa69141cf
SHA256 63aaceaacf1a448610ea5c08df5cdfb23b58b90e4a1790258c7f8259cf2bb719
SHA512 aaca266a5c34d690423c49c68b439805ef9727600e16b1dfecdf1ec893ec04c0d18043b34e771706b032a4ae2e70dacc146d4e905dcf4b7b2f2a75ef763d1057

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8a89af6449e37fe401f6e254abc5d5cf
SHA1 d571cf070bfc9db3f4b63b2f6e707d53ecb22b89
SHA256 b108f88df1158943ee017f5a3f9bb76c6869020301132c2bb184e4bf7f0fd86f
SHA512 e858c25fcc1506688072243b257add6638abdf5782c2340109455a1509532f35d48f2236caa184735f6638d6f0efe2d55fc3ce3bd327fcb3f0124711bcfb2ab7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 08b56d2de57c496aa4d6cda66f38f746
SHA1 9bc1229dc7dc8253483fe813a7c42c7055808287
SHA256 35eb55c132d52c87273d25e79cd72191e5e46a8e303507eebb98cabe9bf64f6f
SHA512 5416a3e1b12283d7c9c226e93829e61f1e880f10f7dacd1cf7b6be606b11219b98c314329d0d1f8f27972f4c5871f07dfe895ea4696b899f42d5330596d32867

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1f63a6d3db080956e23a56dedf78a216
SHA1 4053b7ec733e31b397ddef23195acd2f08f8078f
SHA256 6dfb7ee829a318975bfc99656ee1303d53dbe246f216f84dc85e204162de9869
SHA512 bbb6eb21a288eacdd6b7f17c738102b33f5c3b88e0e597603a34ac40cac8947342b5705b5f5a5af5ec26b1766eb067b74f9bdebb8c11442a882a2d6878c9419d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bb10882de9c0b5ea11a17fd010caa33a
SHA1 3f12f5db0d09a1abc6678fac8092a60b1774ca0d
SHA256 79c3dd19a5789bc59126e61bf87cda0b7d6e0b4b136dd00b275c07b2649218a2
SHA512 9a1cb51cdbe704e8fbf4fc3037cdbeacd085c79966c5527d8192d67107f1be5cb067e79a85830cd5c65fdbe2a2fcbdb0330410fc3803db48fede64c5d7606b31

memory/2176-693-0x0000000140035000-0x000000014039E000-memory.dmp

memory/2176-694-0x000000013FFA0000-0x000000014091B000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8ae58561768f5a3c6ade8194d5f16bc4
SHA1 96f987bd82cc96d0aa626ea5f6eea3fc599b7cc1
SHA256 d9696d97c6ac6ee14b558d2aff5f7c64a8b41c68ff5e565a77e8cb7defba6c55
SHA512 724a81b3e8f1f54cdeb1bb79b9e6c60dce33803d52e8ce09224edc6c262f69da007d4750bbadc5d2a434dd92b9ea850aaa400f6a775c3972048197eebd18cef7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b8c789d01d62091a8963858a90aab85b
SHA1 c6680bdc86345cf63e7a747150c0807052570312
SHA256 201751ce899fa5064591092d3a7483a6cc0fe894e4944f1f1975ab6f43f9bca5
SHA512 458a11d332247502293f95805ff6aa1dbe5bf779a41a12081992812d13719d37036c89091897f4d2174f50800d4c84499b8cbf9e3059027c70ecb36aa9624b0e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 06a688b48b96b5a7c28ea1f4d413c928
SHA1 3df55d949e9fef02784b54f474735d2d9ad7c044
SHA256 6c1638919322ec1b696b517bb12a0974076b9a6dd5d55f8a6dccc3fe53c77b7a
SHA512 e54a5b636c589bd39beb2d7f876bb6c93d5c6b40c0e42d26898806051a3b0271e1843b29f9c81473ad315a7a243ba4b89194406da2b28df63c3e156f5058eca9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c95f7af679ef630b667e4b997d8536f0
SHA1 1cb380142cd701918beb0c27dbb72f30e0f39fdf
SHA256 773440ab1212e690b97039e4733ece2c4460dc6337cc6ea89e198e9ffbc6bad3
SHA512 c633e0cf6608a3baf14eb826d8a677755720edbdc4d6348a21669c3e070db5ba01bc769a09e599e534a7e78bb0237595c1a7eb14c91fa140ab528ea50a954bce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fd6ff4777640a35d8a786e0477372a47
SHA1 5d7f1ec5dd9662fc67114a4b6838e0fc032bf936
SHA256 cf62cb1c48b1d2ae52145019ce81080387db0746ee8a74774bf3bfb689e22058
SHA512 5072061e38306df2b94c647e775ea6427377cbab3f4db3b1541089a1ff918620d88d2f88d9276b4991afe4415c7a385be5f3b683ccf5b2ba71632ab704ed0fc8

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6753c74f9895dd23410488e01ca86b82
SHA1 c54d60a2ad25cc92cfa566123fa16730705c24e8
SHA256 7c516786d067d1ee89edadfc1d6d0054c090f75634011fc46bb9377565b8ccc5
SHA512 34bef0e2b4962c6d130a6259448362cdcd7dd5a85c0d885e5eb753b7d5beab2e506f1b3f71b496f65c236a3e1a178adcf33bf33aefce8c662bbbc2eeab7cc054

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c9c1f58b085b652806560a9d3e97cd42
SHA1 a25c082c63d59dbf9645edfac4da0383c22731e1
SHA256 dd1c84185b5e8d49f3322a1c0161a61f810506e53ca085098ed12cb69d694cad
SHA512 46fd23d268229a321493a57b2a58a62adfa99131b4c1729d868bf7400fa9e97e9e7aedbdfeb5789aa8e3a0b7e4f5b40e92cb1b74632779a6ca26671d29698442

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7dc57e7358624da3bd73743547ed4f2c
SHA1 b66e0c0f1854c7dff310e99f6ba04448485301c3
SHA256 a0a7ca08ffab2bc821b1ca75c7e0f20061ecadedc3ec7afd472ee8d231e68ef0
SHA512 1a5d6b11f969217b4451bdfc4b819f4452c07632636893fce3f63d19b4adb4ffbebc7d1ba431c9cde7b7fee9e6f3c22470da06fbf9b122fabd3629e945a9fb19

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8f42e89a0957a56d6c83ff3ed344cf32
SHA1 cad3d45aca77569cc38e6bbb4e0d742b86266291
SHA256 1f576a4493da1893f1af991a55f683872e6df3756c9307ad0610bfb04a9b112e
SHA512 e520faa61bf9eb405588b1aa34e24e4b05a141f0801396bf15e5b1b6447eb84510c9e45aa22b1e07a27def115c4d3eac489c3a879e4b722331cdc2536e57b82f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3f5bf914fe5f2a6196abff1847a5803f
SHA1 8d23ea3bff408dedc269793049b819c0d9027349
SHA256 dcc027d5f79655ed2fde60e8e114bd094c77caabe260848a7127d7c413c8ecc7
SHA512 71409925d44342274be5461ea19daaa5719ad9601e98351a8b1a24b23c194585400bba3951638dafa5fff538f2aed70b155679662ba476b25e7b4329b27c3939

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-28 15:38

Reported

2024-06-28 15:41

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe"

Signatures

VMProtect packed file

vmprotect
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe N/A

Enumerates physical storage devices

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\timeout.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3558294865-3673844354-2255444939-1000\{53BCE86E-B1DE-41B2-A57F-216C6CB40F04} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1416 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe C:\Windows\system32\cmd.exe
PID 1416 wrote to memory of 2408 N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe C:\Windows\system32\cmd.exe
PID 1416 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe C:\Windows\system32\cmd.exe
PID 1416 wrote to memory of 1616 N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe C:\Windows\system32\cmd.exe
PID 1616 wrote to memory of 2844 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\certutil.exe
PID 1616 wrote to memory of 2844 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\certutil.exe
PID 1616 wrote to memory of 4080 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\find.exe
PID 1616 wrote to memory of 4080 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\find.exe
PID 1616 wrote to memory of 4828 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\find.exe
PID 1616 wrote to memory of 4828 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\find.exe
PID 1416 wrote to memory of 676 N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe C:\Windows\system32\cmd.exe
PID 1416 wrote to memory of 676 N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe C:\Windows\system32\cmd.exe
PID 1416 wrote to memory of 1832 N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 1832 N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1416 wrote to memory of 1196 N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe C:\Windows\system32\cmd.exe
PID 1416 wrote to memory of 1196 N/A C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe C:\Windows\system32\cmd.exe
PID 1832 wrote to memory of 2804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1832 wrote to memory of 2804 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1832 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1832 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1832 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1832 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1832 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1832 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1832 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1832 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1832 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1832 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1832 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1832 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1832 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1832 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1832 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1832 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1832 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1832 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1832 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1832 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1832 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1832 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1832 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1832 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1832 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1832 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1832 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1832 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1832 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1832 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1832 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1832 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1832 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1832 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1832 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1832 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1832 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1832 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1832 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1832 wrote to memory of 1820 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1832 wrote to memory of 1420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1832 wrote to memory of 1420 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1832 wrote to memory of 3572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1832 wrote to memory of 3572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1832 wrote to memory of 3572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1832 wrote to memory of 3572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe

"C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe" MD5 | find /i /v "md5" | find /i /v "certutil"

C:\Windows\system32\certutil.exe

certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\Beatware.Internal.v1.7.exe" MD5

C:\Windows\system32\find.exe

find /i /v "md5"

C:\Windows\system32\find.exe

find /i /v "certutil"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://beatware.xyz/discord

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xd8,0x114,0x7ffb1acc46f8,0x7ffb1acc4708,0x7ffb1acc4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,11605255411444112631,15162273370874287575,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,11605255411444112631,15162273370874287575,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,11605255411444112631,15162273370874287575,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,11605255411444112631,15162273370874287575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,11605255411444112631,15162273370874287575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,11605255411444112631,15162273370874287575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,11605255411444112631,15162273370874287575,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4544 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2176,11605255411444112631,15162273370874287575,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4980 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2176,11605255411444112631,15162273370874287575,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4888 /prefetch:8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c start cmd /C color b && title Error && echo Signature checksum failed. Request was tampered with or session ended most likely. & echo: & echo Message: Session not found. Use latest code. You can only have app opened 1 at a time. && timeout /t 5

C:\Windows\system32\cmd.exe

cmd /C color b

C:\Windows\system32\timeout.exe

timeout /t 5

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 80.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 keyauth.win udp
US 104.26.1.5:443 keyauth.win tcp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
N/A 127.0.0.1:56960 tcp
N/A 127.0.0.1:56962 tcp
US 8.8.8.8:53 x2.c.lencr.org udp
BE 23.55.97.11:80 x2.c.lencr.org tcp
US 8.8.8.8:53 5.1.26.104.in-addr.arpa udp
US 8.8.8.8:53 11.97.55.23.in-addr.arpa udp
US 8.8.8.8:53 beatware.xyz udp
US 172.67.144.202:443 beatware.xyz tcp
US 8.8.8.8:53 dsc.gg udp
US 172.67.156.126:443 dsc.gg tcp
US 8.8.8.8:53 r.dsc.gg udp
US 172.67.156.126:443 r.dsc.gg tcp
US 8.8.8.8:53 discord.gg udp
US 162.159.134.234:443 discord.gg tcp
US 8.8.8.8:53 202.144.67.172.in-addr.arpa udp
US 8.8.8.8:53 126.156.67.172.in-addr.arpa udp
US 8.8.8.8:53 234.134.159.162.in-addr.arpa udp
US 8.8.8.8:53 discord.com udp
US 162.159.136.232:443 discord.com tcp
US 8.8.8.8:53 232.136.159.162.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 104.26.1.5:443 keyauth.win tcp
N/A 127.0.0.1:62755 tcp
N/A 127.0.0.1:62757 tcp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 153.141.79.40.in-addr.arpa udp

Files

memory/1416-0-0x00007FF7A2085000-0x00007FF7A23EE000-memory.dmp

memory/1416-1-0x00007FFB38C90000-0x00007FFB38C92000-memory.dmp

memory/1416-2-0x00007FF7A1FF0000-0x00007FF7A296B000-memory.dmp

memory/1416-6-0x00007FF7A1FF0000-0x00007FF7A296B000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 87f7abeb82600e1e640b843ad50fe0a1
SHA1 045bbada3f23fc59941bf7d0210fb160cb78ae87
SHA256 b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262
SHA512 ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

\??\pipe\LOCAL\crashpad_1832_HOFOYFREYVUHGITR

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f61fa5143fe872d1d8f1e9f8dc6544f9
SHA1 df44bab94d7388fb38c63085ec4db80cfc5eb009
SHA256 284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64
SHA512 971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9db0af0f257614467d3bdb75b64b522c
SHA1 54cf306cc765f1ac3c686e0733713739b87a467e
SHA256 6fdeccd1b987b422188fd274d0542c9e495bc18fa6e4f520b63bc6afebda64f0
SHA512 624ad26fb45120bcebdc8a24b1bcf4234b66bf70953acd9038967f76972bcff0e6e210c71590fb36ba97ee94bbdc23b412d6357fde4cb45d8b5ed9a00115f7c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 da9a978ef17bc3cc3cc9720145f9c222
SHA1 60f92250d059fc7f0150bff774cfc72bfea3c5f1
SHA256 24cc20e026c2097e82d09422e0d48c66b41cfbe35f9c1a2be3ed294bd092f6dc
SHA512 7ae25fdd54fed7f7bf6933edcc6b6bb10e45b72867d53ed37205f6341b2b35acda7fa8ed40d88a278f4bebd012a4d8fa3bcca9d9b1cf04f416cf8c1a39cc21b5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c8b02ea7a6da92c44edb81a7b79a5883
SHA1 c99250e286407580dd370fbec1a635a7de8a6cbb
SHA256 bf637568c45c8ffa989626c0047c3e2486912e93f04be40ae8796d0cad6c1307
SHA512 fad98f96a050e2febee46eaeab55f591efdd7e518de951719d06ddd4b2697b5859b0bab59dcecb83d0ff7668ac21db61ddf0876c15decc92b1a78fe10908b174

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 04c676e750013923a534fff2c3ede6a0
SHA1 ae3a235f21a8785ad249ed17bbc8468be56d6a61
SHA256 7f4374451f39d204c377c4ac4ee90cd509dcf0844bc30e40e811ceabd9b28b91
SHA512 b987edf4bbdd7ebf729af5837aaebeaa1e14d3e42a953193eb8ad4f3131036ddcd9637a9a34e34d3f537481cf713374421e3e75bda74b6084ea236649442e289

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 c25e4327be5885c43a4c1b84899f3b0b
SHA1 b9d5f8356ef5ca9fc4b67e209209378805d1cdc2
SHA256 028e241ffe5046e0c2bdb7f7ba8670fafc458baae4508bceed3b1b2b1fb225d5
SHA512 5898c626fba49474cfe50934e60fde4aadaf045a7cb97b692f66576e2e64477ac035ab473b402c78aaa9e9f979dd3b15d5bcdc63537aeed45d08066396a2dc93

memory/1416-177-0x00007FF7A2085000-0x00007FF7A23EE000-memory.dmp

memory/1416-178-0x00007FF7A1FF0000-0x00007FF7A296B000-memory.dmp