hxxps://archive[.]org/details/malware-pack-2

Resubmissions

06-07-2024 17:52

240706-wfyeysxepp 10

06-07-2024 17:38

240706-v78vbsxbrl 8

Analysis

max time kernel
578s
max time network
587s
platform
windows10-2004_x64
resource
win10v2004-20240704-de
resource tags

arch:x64arch:x86image:win10v2004-20240704-delocale:de-deos:windows10-2004-x64systemwindows
submitted
06-07-2024 17:38

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://archive.org/details/malware-pack-2

Score

8^/10

evasion persistence privilege_escalation ransomware

Malware Config

Signatures

Disables Task Manager via registry modification
evasion

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\O:	[email protected]
File opened (read-only)	\??\V:	[email protected]
File opened (read-only)	\??\E:	[email protected]
File opened (read-only)	\??\J:	[email protected]
File opened (read-only)	\??\N:	[email protected]
File opened (read-only)	\??\M:	[email protected]
File opened (read-only)	\??\T:	[email protected]
File opened (read-only)	\??\U:	[email protected]
File opened (read-only)	\??\Y:	[email protected]
File opened (read-only)	\??\G:	[email protected]
File opened (read-only)	\??\H:	[email protected]
File opened (read-only)	\??\L:	[email protected]
File opened (read-only)	\??\Z:	[email protected]
File opened (read-only)	\??\A:	[email protected]
File opened (read-only)	\??\K:	[email protected]
File opened (read-only)	\??\P:	[email protected]
File opened (read-only)	\??\R:	[email protected]
File opened (read-only)	\??\S:	[email protected]
File opened (read-only)	\??\W:	[email protected]
File opened (read-only)	\??\X:	[email protected]
File opened (read-only)	\??\B:	[email protected]
File opened (read-only)	\??\I:	[email protected]
File opened (read-only)	\??\Q:	[email protected]

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2753856825-3907105642-1818461144-1000\Control Panel\Desktop\Wallpaper	[email protected]

Event Triggered Execution: Accessibility Features 1 TTPs
Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.
persistence privilege_escalation

Accessibility Features
T1546.008

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Kills process with taskkill 2 IoCs

evasion

pid	Process
548	taskkill.exe
4828	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133647616973942355"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\icon.ico"	[email protected]
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2753856825-3907105642-1818461144-1000\{557AB573-7F27-4566-985B-23BA0C9C868A}	[email protected]

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2972	msedge.exe
2972	msedge.exe
1864	msedge.exe
1864	msedge.exe
2636	identity_helper.exe
2636	identity_helper.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
1772	taskmgr.exe
1960	osk.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1772	taskmgr.exe
Token: SeSystemProfilePrivilege	1772	taskmgr.exe
Token: SeCreateGlobalPrivilege	1772	taskmgr.exe
Token: 33	1176	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1176	AUDIODG.EXE
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeDebugPrivilege	548	taskkill.exe
Token: SeDebugPrivilege	4828	taskkill.exe
Token: SeShutdownPrivilege	4552	[email protected]
Token: SeCreatePagefilePrivilege	4552	[email protected]
Token: SeIncreaseQuotaPrivilege	4516	WMIC.exe
Token: SeSecurityPrivilege	4516	WMIC.exe
Token: SeTakeOwnershipPrivilege	4516	WMIC.exe
Token: SeLoadDriverPrivilege	4516	WMIC.exe
Token: SeSystemProfilePrivilege	4516	WMIC.exe
Token: SeSystemtimePrivilege	4516	WMIC.exe
Token: SeProfSingleProcessPrivilege	4516	WMIC.exe
Token: SeIncBasePriorityPrivilege	4516	WMIC.exe
Token: SeCreatePagefilePrivilege	4516	WMIC.exe
Token: SeBackupPrivilege	4516	WMIC.exe
Token: SeRestorePrivilege	4516	WMIC.exe
Token: SeShutdownPrivilege	4516	WMIC.exe
Token: SeDebugPrivilege	4516	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4516	WMIC.exe
Token: SeRemoteShutdownPrivilege	4516	WMIC.exe
Token: SeUndockPrivilege	4516	WMIC.exe
Token: SeManageVolumePrivilege	4516	WMIC.exe
Token: 33	4516	WMIC.exe
Token: 34	4516	WMIC.exe
Token: 35	4516	WMIC.exe
Token: 36	4516	WMIC.exe
Token: SeIncreaseQuotaPrivilege	4516	WMIC.exe
Token: SeSecurityPrivilege	4516	WMIC.exe
Token: SeTakeOwnershipPrivilege	4516	WMIC.exe
Token: SeLoadDriverPrivilege	4516	WMIC.exe
Token: SeSystemProfilePrivilege	4516	WMIC.exe
Token: SeSystemtimePrivilege	4516	WMIC.exe
Token: SeProfSingleProcessPrivilege	4516	WMIC.exe
Token: SeIncBasePriorityPrivilege	4516	WMIC.exe
Token: SeCreatePagefilePrivilege	4516	WMIC.exe
Token: SeBackupPrivilege	4516	WMIC.exe
Token: SeRestorePrivilege	4516	WMIC.exe
Token: SeShutdownPrivilege	4516	WMIC.exe
Token: SeDebugPrivilege	4516	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4516	WMIC.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1772	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1864	msedge.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe
1772	taskmgr.exe

Suspicious use of SetWindowsHookEx 38 IoCs

pid	Process
1960	osk.exe
1960	osk.exe
1960	osk.exe
1960	osk.exe
1960	osk.exe
1960	osk.exe
1960	osk.exe
1960	osk.exe
1960	osk.exe
1960	osk.exe
1960	osk.exe
1960	osk.exe
1960	osk.exe
1960	osk.exe
1960	osk.exe
1960	osk.exe
1960	osk.exe
1960	osk.exe
1960	osk.exe
1960	osk.exe
1960	osk.exe
1960	osk.exe
1960	osk.exe
1960	osk.exe
1960	osk.exe
1960	osk.exe
1960	osk.exe
1960	osk.exe
1960	osk.exe
1960	osk.exe
1960	osk.exe
1960	osk.exe
1960	osk.exe
1960	osk.exe
1960	osk.exe
1960	osk.exe
4552	[email protected]
4552	[email protected]

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1864 wrote to memory of 748	1864	msedge.exe	83
PID 1864 wrote to memory of 748	1864	msedge.exe	83
PID 1864 wrote to memory of 4028	1864	msedge.exe	84
PID 1864 wrote to memory of 4028	1864	msedge.exe	84
PID 1864 wrote to memory of 4028	1864	msedge.exe	84
PID 1864 wrote to memory of 4028	1864	msedge.exe	84
PID 1864 wrote to memory of 4028	1864	msedge.exe	84
PID 1864 wrote to memory of 4028	1864	msedge.exe	84
PID 1864 wrote to memory of 4028	1864	msedge.exe	84
PID 1864 wrote to memory of 4028	1864	msedge.exe	84
PID 1864 wrote to memory of 4028	1864	msedge.exe	84
PID 1864 wrote to memory of 4028	1864	msedge.exe	84
PID 1864 wrote to memory of 4028	1864	msedge.exe	84
PID 1864 wrote to memory of 4028	1864	msedge.exe	84
PID 1864 wrote to memory of 4028	1864	msedge.exe	84
PID 1864 wrote to memory of 4028	1864	msedge.exe	84
PID 1864 wrote to memory of 4028	1864	msedge.exe	84
PID 1864 wrote to memory of 4028	1864	msedge.exe	84
PID 1864 wrote to memory of 4028	1864	msedge.exe	84
PID 1864 wrote to memory of 4028	1864	msedge.exe	84
PID 1864 wrote to memory of 4028	1864	msedge.exe	84
PID 1864 wrote to memory of 4028	1864	msedge.exe	84
PID 1864 wrote to memory of 4028	1864	msedge.exe	84
PID 1864 wrote to memory of 4028	1864	msedge.exe	84
PID 1864 wrote to memory of 4028	1864	msedge.exe	84
PID 1864 wrote to memory of 4028	1864	msedge.exe	84
PID 1864 wrote to memory of 4028	1864	msedge.exe	84
PID 1864 wrote to memory of 4028	1864	msedge.exe	84
PID 1864 wrote to memory of 4028	1864	msedge.exe	84
PID 1864 wrote to memory of 4028	1864	msedge.exe	84
PID 1864 wrote to memory of 4028	1864	msedge.exe	84
PID 1864 wrote to memory of 4028	1864	msedge.exe	84
PID 1864 wrote to memory of 4028	1864	msedge.exe	84
PID 1864 wrote to memory of 4028	1864	msedge.exe	84
PID 1864 wrote to memory of 4028	1864	msedge.exe	84
PID 1864 wrote to memory of 4028	1864	msedge.exe	84
PID 1864 wrote to memory of 4028	1864	msedge.exe	84
PID 1864 wrote to memory of 4028	1864	msedge.exe	84
PID 1864 wrote to memory of 4028	1864	msedge.exe	84
PID 1864 wrote to memory of 4028	1864	msedge.exe	84
PID 1864 wrote to memory of 4028	1864	msedge.exe	84
PID 1864 wrote to memory of 4028	1864	msedge.exe	84
PID 1864 wrote to memory of 2972	1864	msedge.exe	85
PID 1864 wrote to memory of 2972	1864	msedge.exe	85
PID 1864 wrote to memory of 2204	1864	msedge.exe	86
PID 1864 wrote to memory of 2204	1864	msedge.exe	86
PID 1864 wrote to memory of 2204	1864	msedge.exe	86
PID 1864 wrote to memory of 2204	1864	msedge.exe	86
PID 1864 wrote to memory of 2204	1864	msedge.exe	86
PID 1864 wrote to memory of 2204	1864	msedge.exe	86
PID 1864 wrote to memory of 2204	1864	msedge.exe	86
PID 1864 wrote to memory of 2204	1864	msedge.exe	86
PID 1864 wrote to memory of 2204	1864	msedge.exe	86
PID 1864 wrote to memory of 2204	1864	msedge.exe	86
PID 1864 wrote to memory of 2204	1864	msedge.exe	86
PID 1864 wrote to memory of 2204	1864	msedge.exe	86
PID 1864 wrote to memory of 2204	1864	msedge.exe	86
PID 1864 wrote to memory of 2204	1864	msedge.exe	86
PID 1864 wrote to memory of 2204	1864	msedge.exe	86
PID 1864 wrote to memory of 2204	1864	msedge.exe	86
PID 1864 wrote to memory of 2204	1864	msedge.exe	86
PID 1864 wrote to memory of 2204	1864	msedge.exe	86
PID 1864 wrote to memory of 2204	1864	msedge.exe	86
PID 1864 wrote to memory of 2204	1864	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://archive.org/details/malware-pack-2
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff67b346f8,0x7fff67b34708,0x7fff67b34718
  2⤵
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,6390234532973469983,6917767995421459951,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2224,6390234532973469983,6917767995421459951,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2224,6390234532973469983,6917767995421459951,131072 --lang=de --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
  2⤵
  PID:2204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,6390234532973469983,6917767995421459951,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,6390234532973469983,6917767995421459951,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,6390234532973469983,6917767995421459951,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,6390234532973469983,6917767995421459951,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,6390234532973469983,6917767995421459951,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,6390234532973469983,6917767995421459951,131072 --lang=de --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,6390234532973469983,6917767995421459951,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,6390234532973469983,6917767995421459951,131072 --lang=de --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2224,6390234532973469983,6917767995421459951,131072 --lang=de --service-sandbox-type=collections --mojo-platform-channel-handle=5280 /prefetch:8
  2⤵
  PID:3784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,6390234532973469983,6917767995421459951,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:1752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2224,6390234532973469983,6917767995421459951,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=3472 /prefetch:8
  2⤵
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,6390234532973469983,6917767995421459951,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5096 /prefetch:2
  2⤵
  PID:2676

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1692

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:948

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1772

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1760

C:\Windows\system32\osk.exe
"C:\Windows\system32\osk.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1960

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x500 0x304
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
PID:4476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff749cab58,0x7fff749cab68,0x7fff749cab78
  2⤵
  PID:5044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 --field-trial-handle=1988,i,11537637884396135285,9063883383699022427,131072 /prefetch:2
  2⤵
  PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1988,i,11537637884396135285,9063883383699022427,131072 /prefetch:8
  2⤵
  PID:3468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2296 --field-trial-handle=1988,i,11537637884396135285,9063883383699022427,131072 /prefetch:8
  2⤵
  PID:3136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3040 --field-trial-handle=1988,i,11537637884396135285,9063883383699022427,131072 /prefetch:1
  2⤵
  PID:1904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3048 --field-trial-handle=1988,i,11537637884396135285,9063883383699022427,131072 /prefetch:1
  2⤵
  PID:1684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4460 --field-trial-handle=1988,i,11537637884396135285,9063883383699022427,131072 /prefetch:1
  2⤵
  PID:996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4252 --field-trial-handle=1988,i,11537637884396135285,9063883383699022427,131072 /prefetch:8
  2⤵
  PID:1696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4276 --field-trial-handle=1988,i,11537637884396135285,9063883383699022427,131072 /prefetch:8
  2⤵
  PID:4632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4888 --field-trial-handle=1988,i,11537637884396135285,9063883383699022427,131072 /prefetch:8
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4784 --field-trial-handle=1988,i,11537637884396135285,9063883383699022427,131072 /prefetch:8
  2⤵
  PID:740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4772 --field-trial-handle=1988,i,11537637884396135285,9063883383699022427,131072 /prefetch:8
  2⤵
  PID:4336

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff67b346f8,0x7fff67b34708,0x7fff67b34718
  2⤵
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,13280438084586673139,5293408035875495509,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2024 /prefetch:2
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,13280438084586673139,5293408035875495509,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=2516 /prefetch:3
  2⤵
  PID:956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,13280438084586673139,5293408035875495509,131072 --lang=de --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
  2⤵
  PID:3100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,13280438084586673139,5293408035875495509,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,13280438084586673139,5293408035875495509,131072 --lang=de --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,13280438084586673139,5293408035875495509,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:1
  2⤵
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,13280438084586673139,5293408035875495509,131072 --lang=de --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4516 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2008,13280438084586673139,5293408035875495509,131072 --lang=de --service-sandbox-type=collections --mojo-platform-channel-handle=5276 /prefetch:8
  2⤵
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,13280438084586673139,5293408035875495509,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,13280438084586673139,5293408035875495509,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:828
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,13280438084586673139,5293408035875495509,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=5904 /prefetch:8
  2⤵
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,13280438084586673139,5293408035875495509,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=5904 /prefetch:8
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,13280438084586673139,5293408035875495509,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1328 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,13280438084586673139,5293408035875495509,131072 --lang=de --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2656 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,13280438084586673139,5293408035875495509,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2092 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,13280438084586673139,5293408035875495509,131072 --lang=de --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2144 /prefetch:1
  2⤵
  PID:1848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3664

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2592

C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\000\[email protected]
"C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\000\[email protected]"
1⤵
- Enumerates connected drives
- Sets desktop wallpaper using registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4552
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\windl.bat""
  2⤵
  PID:3684
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:548
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im taskmgr.exe
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:4828
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic useraccount where name='Admin' set FullName='UR NEXT'
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4516
- - C:\Windows\SysWOW64\Wbem\WMIC.exe
    wmic useraccount where name='Admin' rename 'UR NEXT'
    3⤵
    PID:4372
- - C:\Windows\SysWOW64\shutdown.exe
    shutdown /f /r /t 0
    3⤵
    PID:3728

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa38a9855 /state1:0x41c64e6d
1⤵
PID:3508

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Privilege Escalation

Event Triggered Execution

T1546

Accessibility Features

T1546.008

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
5e12ac966e1ecab3d753ef5f1760c037

SHA1
7eda32b17a3b968c888e68bcc2fd27001d5d59a5

SHA256
23a9d95685da61ac430c552052cc151a173f3838a66c0f9e71773ad3ca6b089c

SHA512
6a2ab1c8b18e6e72930c8b95d9b22471f52aee0701e9b945033134b98f61470dc83784af9954a348a655d654ebb8f3db89d86f4f5f8c4133b5544c03077dbe26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
174e0743b908d7cdaf1f2d8dd1874551

SHA1
8166171e85e154c7083958613914f85fdfe3cfe6

SHA256
5b54210faa30618d4b03d51ad7a66ac492404c2f87fd6d51156eef30b0c9e8fd

SHA512
07f0a55ab0e45f589f6715c9cfe7306fa183ea791e6add0e2556a5dce5a9faf7cdeca1d86309d8d2ef5075a4b69e0801c92798d53468d0a53234017ce8f025ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f18c438f1beb72713190ea00c678260d

SHA1
5bf3f79f6472e2680a5cc02e2087f989695802cb

SHA256
d1530cf8a2149b538a002046c52b7c09f357805841dcb9ea5c362cf4c3f14fe8

SHA512
abec37b303044cb9ff5e8a28dd3224caaf805dc6425d00806ed85560b3ed2916a904f576d8cdb596e4d16ee9a8bc419f042cead5863417e2792681d50e2243de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
d28d14c5a227778ac3e0840544a710af

SHA1
01acd62ec5de49b2b23cf3bd39626fdb0350ccf7

SHA256
ade2844480d4844483eada22840504e42c1a6da243e16bb33dbf8138bda49fe5

SHA512
e337cd2715927ee81f82064e1b29449a4b57340ff38dcfd07bf14b761bbe66ad31b1eaf06cfd780907d64dcb59c2f1b0247319be1873112487485c2b1bd5c7f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
285KB

MD5
c7c930c0826b769a0cecfafaa191220f

SHA1
302d4d3f8b942a910ce25ca0c6b370e6da1f8e59

SHA256
4de62ec99658021e0ef64c378637c047e1b3006d94f6c1f367104c67f717efdd

SHA512
44127fe9f12faf7e4ec1d8e1042f0aeb96c4b96841abd97b12f4577d0b6cd0a2aa46649bf24127ddb8b08f5330789b3dfb7b2f3f37bbad4d70e9be15ea878378

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a27d8876d0de41d0d8ddfdc4f6fd4b15

SHA1
11f126f8b8bb7b63217f3525c20080f9e969eff3

SHA256
d32983bba248ff7a82cc936342414b06686608013d84ec5c75614e06a9685cfe

SHA512
8298c2435729f5f34bba5b82f31777c07f830076dd7087f07aab4337e679251dc2cfe276aa89a0131755fe946f05e6061ef9080e0fbe120e6c88cf9f3265689c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f060e9a30a0dde4f5e3e80ae94cc7e8e

SHA1
3c0cc8c3a62c00d7210bb2c8f3748aec89009d17

SHA256
c0e69c9f7453ef905de11f65d69b66cf8a5a2d8e42b7f296fa8dfde5c25abc79

SHA512
af97b8775922a2689d391d75defff3afe92842b8ab0bba5ddaa66351f633da83f160522aa39f6c243cb5e8ea543000f06939318bc52cb535103afc6c33e16bc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9f3149b25deeb78f2cb9901836439c59

SHA1
b8e9ed8429c735ae6b105170401ba308458a20c1

SHA256
cff12a0875454c0ff131c1c381c91dd51357f0e7614d2b8458866b1b84c62a30

SHA512
cd531b463d65ee37dc453fe18a51fded24c605316a7dd00966e52eee0930dced359045255dc7bc15b404afadb921e2445d439403b230942f98f1eef488475fe3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dea1a9a68fd72a4af53cb014ea2a7e7

SHA1
96c7dbbe1ff973156f92c39a274c0d28f66056b2

SHA256
39e7ca66bd9855efc4638ae2be34ed97a799788957d8bedb57bc90ed5a351ccd

SHA512
b9113f9125310673bbca7ff8ae057e2e0ac7488382ca78fdf3ef46980901f85066ea247a97bbc8c7f1db0aea3a6ec2a382d987c5cc164e20ebc75d5d92a0bae7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
bf6a777944640e7fc1ce12ea100af4f3

SHA1
8668e3ef08dc0514516daf10b766da33542edb55

SHA256
e145505a21556f2b22c873268633764ac768c9ca30b7c7358aae54fbbbd07846

SHA512
79d832031ceb9e4f7a7a967572eb72509ce28145e915d247ae60d9d50e2b561c8059032ff91f1f447126223c89d2c06e4015b6ca35c3af4ac9b05110e9a124d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
fa5f30a7d909f8a017eb611b476e56bd

SHA1
b6bf85402e5795e82acad7fa1f7f4db7f6c7e981

SHA256
b278fade081203f46915b8f4f00d5ac6851611f74f0efe1237a9a35dceb9f4d3

SHA512
dff33eae47ea01df06c3045c02e126aa538e1baeab551a44154027317a6ce6303a89c9b2c83ce7638d8f7a8a055266cd9c971811076d5a72df0f75382a36b160

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
d7193ec4dc6ee7cd9180c691a99e7cc5

SHA1
fcbfed4677a1360b75bc7782bf67389ecece1fb5

SHA256
66fa28e104b62f923f635b179178bb3a3b9d7c8f64c711c1aff8ef5c3501bf6a

SHA512
d6614cce070600b237e5175c9b402a595770a34ba4cac4c8fe46f70d37778f2446546b781ec8e598fa89bf1fa42adc6de04c8f17d42a07fd18ef7711332e5970

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
fa0e77fe75d424efd4ce47c701355486

SHA1
b0b01bc7aa2c8b76cca4f3fef38e104db5b5c431

SHA256
9a80a6dede00d9a5c235d1ffbe2e801123651e6bb9a54cf2689b8c046fd179c3

SHA512
0b6213ac2b82b42d048e33373af61a88771b19f4023d0f1090b23b51f7a5cb49fa2546f20ed4c550fb7c9f10020b536a6a3ad933fc2ed85c0c14857b95b902e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
521347e60f422cf10f11f0d640a4227c

SHA1
608fae41aa9d87fab294a57227b8ba140bae6d13

SHA256
ac5e85a3aa3ac125b5668d3e45a4f777e2bb2e10057e8b857fefee97c4f8c5c2

SHA512
ce76ab7f07a930d15e54843a593bbb75d21716d075d443d86991fc4f84de84b0d8897d92f8bba7b496efbebe537b34ea431b83c482624da23e8086d56b542481

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
dd72c27c586728a047581a0119ed170f

SHA1
5c34dfa2c3c068e14ff85104c74f617244db06c0

SHA256
c0c2e7dff910a7ab253b34bd062cedc1cc554bf18347c6fdecc11fe69dfe55d9

SHA512
3f8bf4375d9f3a9c5efc62af7238743b5e9c3c841eb11ee71fe757e53a5e6a321726003ebfbd12a1026ed1ddb49a87c8cdf4af5486046d0b2c736b6fabb77a0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
772e986b6f07ebe1374bb1d8da7ad61b

SHA1
9a5b0406c57c12f4c86668f5423c4fdb61d86025

SHA256
1a65dc5e14c36e482a94764660cfac2bd5a5c61e31fc52959e52d4419c6c6830

SHA512
7a88f87fa35687ed63e2e13d18b85fb43f4775551a40cb63e346ac0fb43a3d1042f349d3bc5bb001aa8cfa17b92334462a8c38c4b2a84102155a31f7f3efdfdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
d3e734c5528065950b654e6f38655fdb

SHA1
e7e25557e634b2fa8b359a7464a6256c378bc639

SHA256
8de60f14aac02b7b75a8d8ebb40b3068e7c36dab095e6a2bcdd79f3f8684ef3e

SHA512
5df5f5a71eebb036ef06e362f47a2df5a3fd71f9ebbfdf2fcf85b5240d46c6e740e6b26ef92d8782be5983975f308995c80fb174efed3cee849a313c2bc47475

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
900B

MD5
0e46136da77dcd939287d7df11116825

SHA1
e7d56d0a856f7662718d3112cebd8276cef1b2ef

SHA256
4e14b326a3a774d061db596b3808b33e866b1cf2699c6fbd15d07d1e55fc876a

SHA512
16f8116ac9515cc14f05b359434e63ecd4c3df90d6bb90224c56b26cf54e62d6c00b0127f2fc770b16836e03792d8b3689cd2d648c80744da1e82c583c1046e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
f73be9061a2a1fa018073a2b9009dfbf

SHA1
e4e0fea576e6dfc6ca3da3ae1530483b91122776

SHA256
d1a463a036cccce41e7c734900ae923f4e450a7b41323c490125e8dbbcb8dfa1

SHA512
231adddeab39bdf7a00d7093c73b6ae7869c72ae041bb6fdbd5574fba5e2dc7e4b734fc6f87f9dbd4c37091133d22356271106a5ac412dafea5477d10885f89b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
417B

MD5
cc759870b549c50183d5593a1707f9b9

SHA1
63cd136975d07ee4d0a87542f749e7d52b3ed54e

SHA256
5f8bec8f172575b2ed8607fd72d27b716c92f96d713a1dfd6c80b0ad8bfa9248

SHA512
c7ab6887b514cc702ae81f1b3a212cd6aad8fc88c0abf7f9543a1bb05fae76e2c73adb4af21196c00be889f676ef4ad8e2d752ed47c40e589ee37ae19c22decb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
711177aaaae0d5347935689312c867c3

SHA1
e01be3ef4cf1280e9c5bfcd0351b0ec84c74f9d6

SHA256
d9e060cd13f185f887176d6163b074cab435566de3813a16e5da6eaf866f3a79

SHA512
c40c0dcb1eb9dc259875ce57402f92533830a83d002267d7c416ef993e373c9c7fc42316f95e97cefa693fce7f5e9821ac8f0ab450a6fbfc921cc4c5f8a49aa8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a53f37482992745b8a071a0ca329cb25

SHA1
5b454a2bf981be84e4a1673e77e65b10ea931ad3

SHA256
b49b32128dc43071175a95a098e4b5d780ac014343669f3b0736af9d03fecb74

SHA512
16faa540c461889a4f4bad1af3cda2d4425aaaa81a1c37a3e8c7d5f42cc23ccc974047704f382910e26ebfd6ab5e8504825c1b3d8b82b2c016c39fd5f06e9e36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1126d920ef927ce4c1327ed1ff8e36de

SHA1
1cf09578b7221ce510e78169edbdc6b15ba6494b

SHA256
20c7fe77dac5329a9b6ab8a0fab38af84d57048054b2d9654f401df92c1a03bd

SHA512
af7c3d11f4550757aa66b00e9d1673fbffa853dbaf366a020ec9ec61086d1d084181a846f3f10d4379db3be0bd91817925babe0e00c380136502cbd1db6500c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
15a3ac27275460d37cd777634ec077e2

SHA1
7a63f31df1c961f4cbb44aae2eb1c886b84e7bf5

SHA256
a47058455c5764691db2b344cb85b838f4f896bccff9fd6623821726bb553403

SHA512
91c974faa9f0855ef5fd37eff286453d2180cb2b5285233a154efe7eecaf05f1e132dee1553466756de355018e94a44e8260dcbd9b59d4aed3b189b5a532058b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d8c030d414d79bbc982e07e27b564641

SHA1
8d7964322ec83a60074a3f17989b94e593d9da97

SHA256
eeb9449b40a59a9d156f9b74675f7beafa9f0b117e613de77040c2fda2a2f72e

SHA512
e2673ca6a64e1f2380aa1c8e35090fce4f3d42ff6f5b15338872ec78cde5ef1e5650f531d53484f5e2b2e6ffab7fe5224968ab8f2db86c10e87b0b44bda17bec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
14e87ce4c99d91cad49d625d4ffe78f7

SHA1
b13872b7a3d114ddb8b22b73c3517d9a03aec213

SHA256
7836edda93a6ffc7363740d101797787dfbbae3c3bc2764a0ca4b054e63359f7

SHA512
8c221adc7125a20f9b33cc37bd2cf31acee42dc52cc08e647488973c4c9871105c84846665f061ef786b53b7873292200fdc55b85c49ecccb036c42d57e931e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
175B

MD5
6153ae3a389cfba4b2fe34025943ec59

SHA1
c5762dbae34261a19ec867ffea81551757373785

SHA256
93c2b2b9ce1d2a2f28fac5aadc19c713b567df08eaeef4167b6543a1cd094a61

SHA512
f2367664799162966368c4a480df6eb4205522eaae32d861217ba8ed7cfabacbfbb0f7c66433ff6d31ec9638da66e727e04c2239d7c6a0d5fd3356230e09ab6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
658f3674c8e2c2f506a8d22d6b55a6af

SHA1
5e0ce936a6a627011118b9d214d809c48adfb1e5

SHA256
47a75ccd401f3b84c079870d82a3b2d88a45299a5a4968facb6a938c45b98bf4

SHA512
699160a758af8cda92633509017feeba61a1d52dc2788f21826707c9a21d1aac28d34576a91e34363d319a403d0ea8335b3a43d011bd2f7f7676e318ed6a3188

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13364761172549636

Filesize
3KB

MD5
7a3ddce831fda1df9a9a36bac202a433

SHA1
0c721cad9581ccf9749c512c215d36dc9e2729aa

SHA256
dd72eb6a366039d3005df07f2bdbd1b118cb619e7e378bd4684b711101bda1a8

SHA512
ae7b2cf4dfec9fde83e12dfcc978109fbce99713b0ee6ce99faf751da8eed7cd8e8002b66d6814f1b90728bddf4eb415208247a6408bb0898dfeeb9f082afee9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
810d651f43ccfa2aae86fffe6b660200

SHA1
a8e57d6f657cb488c80ab0954b72bb3a90ea2db5

SHA256
9adc8c9af4c9d4991b1e74b5c51ce7f13b4a50484e040d4e7941dc7c91f82d11

SHA512
1fe960b7a6221ce9c32a0cc26be80ae7abaa0e61eedcad020e3d4b2c36c09386db13e92c74c0874c768a342ef7596be6bf69a68cf51b88addb26ad963f18b2c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
70b51124eeaa2391e362820208fc1125

SHA1
1e9bb3023c6c5ab9fef46f22faf60d70ccceb481

SHA256
3c34652f1dd07283d233d3946cdd593887c37adc5e196ae8bdbb60a3d42ad508

SHA512
9394c5da8d851cde8f42b7fca58d81bc95ed04654ea43663b531781cd4f960a7867be66a89a774519a9640831b43a90ae0c6ad23c66ed9ff4b9e35e4ca71c902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
2eb47b8e65a5774f7daf50c440a28df3

SHA1
9b4bf0364b90dc343ff673686d7955329ed4d9c5

SHA256
a99e836b34ae351f78805c512e77ba9d51dceb7dc11032c5f71ba78da9ac163d

SHA512
1a672af88550cb4bde5f8b5707aaf81db15ffd8b76b3d809515d00c778637d73e34d73486060065e1aa8267c5b84d760eb34770419290e4809b06f0ff5ed979f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
540B

MD5
e896eb742031a3fa63acce576de4f565

SHA1
421c58a08eb202603fe8bb1dd1a5d5a8c416de46

SHA256
bd504b719da2506330f8bbb9748d01e3e7b57a8d7caf33dd640c69c8b4d415d6

SHA512
69a16558510e0fb6d042af3e8328e99793d7c2ae36a719a3d8d86aff2c1cbfab87ef56026d703a8190f92e74ac070cd6b7e9de416e3378db2ce59696e019b41a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
540B

MD5
e8b875a5d0e87ff05b729982cd722aef

SHA1
7be71eab3a9d3266d6f55d4f41a04a3e6db39867

SHA256
e7320c7098dea6ffd838d6d998663777b1e47812e082b41b5bb5823d2c5f52ab

SHA512
56cf747c13de5fb136a0d6f2c05f105b98d6acff250f39375e1725a81805a37417ae97da4b970712e6f5d588e7444daaad2126fa4c009d7c8c0a82a904c2a233

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582b22.TMP

Filesize
372B

MD5
0d2dd65f4a3dcfb441944680c1a25959

SHA1
9e85ced130f402a01a590624003dc619eeb46ba2

SHA256
021ff072d3ca4c26c255b2ea51f1f2f4ebe548857f8abfa229dd07e6c33bc41a

SHA512
4a62a93c712fd6f0ddc229103f66dab35deaf26bd6aa462a06191ce73ef27a139f6159d8fd9b2f7a6f950f8276bbcd040a05fe6e590aac2459e835830fb5fefd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
fdc346a77f4fa3a687ceb1e342c8ec6e

SHA1
685dfe4e6b2bd42a36365afe8666974b50de0105

SHA256
2d559a247536a66db30dd8cf80f75b07b383442b9a9677c9310dcc9ac22f494c

SHA512
8280d6304da8e2855a7e708a42d6d89f1f66b8cff855473680683ba649df1bde8ca4bcef47427f1422280103941a8e80c9402aea1e5337fc5b3bb514a80ab33b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b2cbda1c-6af7-43aa-ad82-d340e5f8a6ae.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
4617d86ae33a6b5eca860f95433e876e

SHA1
922b7215a8064a2c769e730a1c5dad15256a839c

SHA256
01d4b2ca5c793b15136337b9742ad217e72db1a9b26652734cd4409d1cee24c3

SHA512
9198d01565371956a712d2c2365cfa70a15d9aabfaf89b04406749f23fefed9f02c0f2b2df1746f7d40c3426a387ae259ebe04ed4b4919f16855a24f70ad3225

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
132KB

MD5
0082f621c38d21d3bda0e2194abb6820

SHA1
91c1967d398fb043df4a62714d043a14128411cf

SHA256
98cfa519bf58da009be175b9aa3fa0194d0eb9f022d2689561845d9ef8cd972b

SHA512
bcc20acc1d01e5578fe77db9f80bced76cf25171a5caa037baf2775307d368921a6c7da868f6644d7a94608150532a8172a6d9cfa727a77e0261d1dcac470dba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
f020b3cc72183e4893538da7b120c014

SHA1
d77416c09c8f6cc4e56570ee43b6ce2222978c2b

SHA256
ae321e290ae5342b1d44dad9cc7aa7c5e4621b9e34b3908c03ca3cf7dd16008c

SHA512
8e85501bda53b13a8c6f9924a69a4027d5f7d93f0e692e28a2f6c411787638ad2ccafa0419c3169c4edae0011d8115f85e5cfb4b01ed39ad5181ff0b7d257697

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
565B

MD5
da55ba3cec5e8a300a35357b18ce44bc

SHA1
aa8ac333750daa07142bce982216d332195a9bde

SHA256
ef066870f10ff20e23e88ce4b6e2a8cca074f19bae61f415d4cb9419a3af536a

SHA512
d9e33aabd33c7effbe5f8a03f0af936d2f485f39a96cad0f9862ac926cd715142bf8c06edcb500586fe3f6a8937e847f1e45756606a1b44bcffdedf8666ebf5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
9667f04d8dd09088eb6249cdecc0e9d9

SHA1
75821a917e431b1f8d000d0fadc5176417de4e3e

SHA256
2a7dbaf27113b6938daac8bacac8e3fc0debd4adaee87378b03c75293bfc4ef2

SHA512
11a70f5413839c20b9f0502410adbc8f11bf26cbdbaf67fa2df02599beb7a8b290fb77b27063e9016449d051652de945fef798bbf772eb68f1285c76574b9ebf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
103432976708e325115ba0273c0d6a57

SHA1
c77d2f6587606ba5c0c41b263a1c2d0c319b3598

SHA256
22d96e5dc6281657785ef3d189ce65c2d1e469cbdb5fbfa160586a9bc60f1d5e

SHA512
ecbc2a10b550798579f4f40daa9be49e37794101980ae7581ca49804ad0a3a2eeb2229c20cf749560f76c438513783f96391d5cd1ce5122a2a4ef1663e8df342

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
ca654542052a172e2e226c26ca66a217

SHA1
7022005665c7ed59a0a6a31d2d74f0c5d8a17053

SHA256
51930d9dea9c7357954b21e3d6fd8ae7e46cb8ca2bd4e0eeb8de43126a5e441a

SHA512
77c0a36d839843031e680321343788e5936bed30fc77cc98f6b0bd35833f145dee243178df1a31c366b47ac75505486c0d64377e2fae1dfce52b1707ee349789

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
08747bccbd6853e66740d6f4ecfba8a4

SHA1
dae2640df531d1e02c37851f91206235b78204b1

SHA256
b1897a63843b11ee61355fcb792a9005f4e7c4852f88e43315175427ad9b6f7e

SHA512
6b8ae8de7b80b27786beaee5acd387846dc4ab59b1926b17745b8b3b12ae7eb33513bf61ea1e0b294ca4a8d0f9e4ea734e4f1fd41239d90dfb63617099fcbfc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e2bbe7d9e0ee2d85ada2f30165535d4e

SHA1
d31a8d6b36a75305f1a96e11526039afd7f6a8d7

SHA256
1c5124e12a23931e6cd9ad0b5cb4fb9916cd2c35ef45593dd9c521d7a78576f2

SHA512
b3394ac54da5a46965b73432cca075a7aac1ca18f9eb4f10058c168e7bf783a9870596855db2387e65cb8f03424dd43b1afb1f6922223a41e3906d456b3b06f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a8db2df00c4a39ccf9d2c5bc2837453a

SHA1
57ddb0228ea14cf9ddf46770f83422119e3ea0eb

SHA256
435c66af1fa0894bbb1a52449a0521e6a4e25dc58acac230bc101694317d897a

SHA512
ce48f25be25cba2de65428191a3839752e42687dcf2251b06eb2d91ca2d6b22948ee4a05142e61f010c3833668d822a53725f8b2007b266f20451025feb459c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
def7819bd7c87c786cf478cb0138f613

SHA1
45c69952f8bcab3d06eaf2cca38c5abdb88cf19f

SHA256
6295d4fea0d98e5841cb827650da6d4417d614cd9d81e2611bf8cb69846aabb5

SHA512
c8c080ad82c1f3b33a92adb73415a57c53266f3966765ef7c17bbd1eb367bf76701983fe7284167e8f5c059f6eafaf6d42c7a9f169b711f447956ec8aba62a69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d3e884223a5c08114fe9c244d3534655

SHA1
6a0bf90bb68e2e3bf68f3bb3bef3f68480981aac

SHA256
ee3ebcf12c5975885323eec5eeb56784154f3f61c99796b4cc049e86f18d0368

SHA512
7cdcaad3ab0b43a9a2ac7abdc9cb426deffad90641de902d3574b1259375e103a5f8e5f9f3baf25cd1e86af7e35cb9a082fe74edb82781ad905a2c5ceac1423b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
78c7a631a97542eedaad0d13ee368943

SHA1
c7e68d3904c876fab8559965471adcaf057a0c5a

SHA256
fcefb3bcdd4e96091e354c560b15467c2fbba487c0aff65375d88a3d7de36e35

SHA512
cf716734a92438a13b85c121d9fb743742784bf8a05a4b15858c335a092aec952f7aa9818cc599adc7e7e08a654b583ff1e02934573f0c49b73f7a40f39fc0a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
896KB

MD5
9c85291c74b46238b9fc20d8340c0419

SHA1
5a5b2c49f92ef4d0c7ed21a69f208c483cfcf8a2

SHA256
f7d48e461c11b9af72b727bb2f71ce3f8adcd103794dcf54443d84a5843aa6ec

SHA512
ac5f26bd04a65a4d951737d0480814a436346cdb532ff3e85014a59aa53e9278e135550cb2c2574eea36111b952191b4cdbf41a16e5dacfcefe6c289f16403a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\Desktop\UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR N1XT.txt

Filesize
396B

MD5
9037ebf0a18a1c17537832bc73739109

SHA1
1d951dedfa4c172a1aa1aae096cfb576c1fb1d60

SHA256
38c889b5d7bdcb79bbcb55554c520a9ce74b5bfc29c19d1e4cb1419176c99f48

SHA512
4fb5c06089524c6dcd48b6d165cedb488e9efe2d27613289ef8834dbb6c010632d2bd5e3ac75f83b1d8024477ebdf05b9e0809602bbe1780528947c36e4de32f

Download Submit
memory/1772-122-0x0000026AA45D0000-0x0000026AA45D1000-memory.dmp

Filesize
4KB

Download
memory/1772-121-0x0000026AA45D0000-0x0000026AA45D1000-memory.dmp

Filesize
4KB

Download
memory/1772-132-0x0000026AA45D0000-0x0000026AA45D1000-memory.dmp

Filesize
4KB

Download
memory/1772-120-0x0000026AA45D0000-0x0000026AA45D1000-memory.dmp

Filesize
4KB

Download
memory/1772-128-0x0000026AA45D0000-0x0000026AA45D1000-memory.dmp

Filesize
4KB

Download
memory/1772-131-0x0000026AA45D0000-0x0000026AA45D1000-memory.dmp

Filesize
4KB

Download
memory/1772-130-0x0000026AA45D0000-0x0000026AA45D1000-memory.dmp

Filesize
4KB

Download
memory/1772-127-0x0000026AA45D0000-0x0000026AA45D1000-memory.dmp

Filesize
4KB

Download
memory/1772-126-0x0000026AA45D0000-0x0000026AA45D1000-memory.dmp

Filesize
4KB

Download
memory/1772-129-0x0000026AA45D0000-0x0000026AA45D1000-memory.dmp

Filesize
4KB

Download
memory/4552-612-0x000000000BF30000-0x000000000BF68000-memory.dmp

Filesize
224KB

Download
memory/4552-613-0x000000000B460000-0x000000000B46E000-memory.dmp

Filesize
56KB

Download
memory/4552-618-0x000000000BF10000-0x000000000BF20000-memory.dmp

Filesize
64KB

Download
memory/4552-619-0x000000000BF10000-0x000000000BF20000-memory.dmp

Filesize
64KB

Download
memory/4552-621-0x000000000BF10000-0x000000000BF20000-memory.dmp

Filesize
64KB

Download
memory/4552-620-0x000000000BF10000-0x000000000BF20000-memory.dmp

Filesize
64KB

Download
memory/4552-626-0x000000000C5E0000-0x000000000C5F0000-memory.dmp

Filesize
64KB

Download
memory/4552-625-0x000000000BF10000-0x000000000BF20000-memory.dmp

Filesize
64KB

Download
memory/4552-595-0x0000000005D20000-0x00000000062C4000-memory.dmp

Filesize
5.6MB

Download
memory/4552-624-0x000000000BF10000-0x000000000BF20000-memory.dmp

Filesize
64KB

Download
memory/4552-623-0x000000000C5E0000-0x000000000C5F0000-memory.dmp

Filesize
64KB

Download
memory/4552-622-0x000000000C5E0000-0x000000000C5F0000-memory.dmp

Filesize
64KB

Download
memory/4552-594-0x0000000000480000-0x0000000000B2E000-memory.dmp

Filesize
6.7MB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads