d2974025cd3c93767b15c6f11c105f92c5c5f5b24389f69b2993c526f8c372b6

Analysis

max time kernel
181s
max time network
190s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
01-08-2024 20:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PlagueRust-master.zip
Size

12.4MB
MD5

cc58234c2f07a0317f794f020e06efcf
SHA1

9655c05040093a2f2dab6f0a207ddaaab949ef38
SHA256

d2974025cd3c93767b15c6f11c105f92c5c5f5b24389f69b2993c526f8c372b6
SHA512

99fe0580bd8e440df4f254c7c9cff710c6b8c5b8433ab5714211ca44c5f6212a3c5079ec2554bb60a628b423e978003b04be0cbec6bc03d01af389be5dd23e21
SSDEEP

393216:OQwhztkjbBHCuQa/Ytv4K0BbNszFzEuf1Zhsehc:pa0HCuD/BCzFzEkCcc

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-807826884-2440573969-3755798217-1000\{0D2E1E42-23E0-4806-8E15-C20AADF96432}	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4740	msedge.exe
4740	msedge.exe
4440	msedge.exe
4440	msedge.exe
3048	identity_helper.exe
3048	identity_helper.exe
2860	msedge.exe
2860	msedge.exe
3264	msedge.exe
3264	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe

Suspicious use of FindShellTrayWindow 40 IoCs

pid	Process
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4440 wrote to memory of 4808	4440	msedge.exe	92
PID 4440 wrote to memory of 4808	4440	msedge.exe	92
PID 4440 wrote to memory of 3492	4440	msedge.exe	93
PID 4440 wrote to memory of 3492	4440	msedge.exe	93
PID 4440 wrote to memory of 3492	4440	msedge.exe	93
PID 4440 wrote to memory of 3492	4440	msedge.exe	93
PID 4440 wrote to memory of 3492	4440	msedge.exe	93
PID 4440 wrote to memory of 3492	4440	msedge.exe	93
PID 4440 wrote to memory of 3492	4440	msedge.exe	93
PID 4440 wrote to memory of 3492	4440	msedge.exe	93
PID 4440 wrote to memory of 3492	4440	msedge.exe	93
PID 4440 wrote to memory of 3492	4440	msedge.exe	93
PID 4440 wrote to memory of 3492	4440	msedge.exe	93
PID 4440 wrote to memory of 3492	4440	msedge.exe	93
PID 4440 wrote to memory of 3492	4440	msedge.exe	93
PID 4440 wrote to memory of 3492	4440	msedge.exe	93
PID 4440 wrote to memory of 3492	4440	msedge.exe	93
PID 4440 wrote to memory of 3492	4440	msedge.exe	93
PID 4440 wrote to memory of 3492	4440	msedge.exe	93
PID 4440 wrote to memory of 3492	4440	msedge.exe	93
PID 4440 wrote to memory of 3492	4440	msedge.exe	93
PID 4440 wrote to memory of 3492	4440	msedge.exe	93
PID 4440 wrote to memory of 3492	4440	msedge.exe	93
PID 4440 wrote to memory of 3492	4440	msedge.exe	93
PID 4440 wrote to memory of 3492	4440	msedge.exe	93
PID 4440 wrote to memory of 3492	4440	msedge.exe	93
PID 4440 wrote to memory of 3492	4440	msedge.exe	93
PID 4440 wrote to memory of 3492	4440	msedge.exe	93
PID 4440 wrote to memory of 3492	4440	msedge.exe	93
PID 4440 wrote to memory of 3492	4440	msedge.exe	93
PID 4440 wrote to memory of 3492	4440	msedge.exe	93
PID 4440 wrote to memory of 3492	4440	msedge.exe	93
PID 4440 wrote to memory of 3492	4440	msedge.exe	93
PID 4440 wrote to memory of 3492	4440	msedge.exe	93
PID 4440 wrote to memory of 3492	4440	msedge.exe	93
PID 4440 wrote to memory of 3492	4440	msedge.exe	93
PID 4440 wrote to memory of 3492	4440	msedge.exe	93
PID 4440 wrote to memory of 3492	4440	msedge.exe	93
PID 4440 wrote to memory of 3492	4440	msedge.exe	93
PID 4440 wrote to memory of 3492	4440	msedge.exe	93
PID 4440 wrote to memory of 3492	4440	msedge.exe	93
PID 4440 wrote to memory of 3492	4440	msedge.exe	93
PID 4440 wrote to memory of 4740	4440	msedge.exe	94
PID 4440 wrote to memory of 4740	4440	msedge.exe	94
PID 4440 wrote to memory of 1956	4440	msedge.exe	95
PID 4440 wrote to memory of 1956	4440	msedge.exe	95
PID 4440 wrote to memory of 1956	4440	msedge.exe	95
PID 4440 wrote to memory of 1956	4440	msedge.exe	95
PID 4440 wrote to memory of 1956	4440	msedge.exe	95
PID 4440 wrote to memory of 1956	4440	msedge.exe	95
PID 4440 wrote to memory of 1956	4440	msedge.exe	95
PID 4440 wrote to memory of 1956	4440	msedge.exe	95
PID 4440 wrote to memory of 1956	4440	msedge.exe	95
PID 4440 wrote to memory of 1956	4440	msedge.exe	95
PID 4440 wrote to memory of 1956	4440	msedge.exe	95
PID 4440 wrote to memory of 1956	4440	msedge.exe	95
PID 4440 wrote to memory of 1956	4440	msedge.exe	95
PID 4440 wrote to memory of 1956	4440	msedge.exe	95
PID 4440 wrote to memory of 1956	4440	msedge.exe	95
PID 4440 wrote to memory of 1956	4440	msedge.exe	95
PID 4440 wrote to memory of 1956	4440	msedge.exe	95
PID 4440 wrote to memory of 1956	4440	msedge.exe	95
PID 4440 wrote to memory of 1956	4440	msedge.exe	95
PID 4440 wrote to memory of 1956	4440	msedge.exe	95

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\PlagueRust-master.zip
1⤵
PID:4300

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe2e3946f8,0x7ffe2e394708,0x7ffe2e394718
  2⤵
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,10846172781074723691,6096437106056272041,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,10846172781074723691,6096437106056272041,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,10846172781074723691,6096437106056272041,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10846172781074723691,6096437106056272041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10846172781074723691,6096437106056272041,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10846172781074723691,6096437106056272041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10846172781074723691,6096437106056272041,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,10846172781074723691,6096437106056272041,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:8
  2⤵
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,10846172781074723691,6096437106056272041,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10846172781074723691,6096437106056272041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:2624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10846172781074723691,6096437106056272041,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10846172781074723691,6096437106056272041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10846172781074723691,6096437106056272041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:1732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10846172781074723691,6096437106056272041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10846172781074723691,6096437106056272041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10846172781074723691,6096437106056272041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2124,10846172781074723691,6096437106056272041,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6044 /prefetch:8
  2⤵
  PID:1328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2124,10846172781074723691,6096437106056272041,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6260 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2124,10846172781074723691,6096437106056272041,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5796 /prefetch:8
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10846172781074723691,6096437106056272041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1
  2⤵
  PID:3604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10846172781074723691,6096437106056272041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1800 /prefetch:1
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2124,10846172781074723691,6096437106056272041,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1764 /prefetch:8
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,10846172781074723691,6096437106056272041,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6536 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,10846172781074723691,6096437106056272041,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5612 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4348

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:840

C:\Users\Admin\Downloads\PlagueRust-master\PlagueRust-master\PlagueRust\PlagueRust.exe
"C:\Users\Admin\Downloads\PlagueRust-master\PlagueRust-master\PlagueRust\PlagueRust.exe"
1⤵
PID:4272

C:\Users\Admin\Downloads\PlagueRust-master\PlagueRust-master\PlagueRust\PlagueRust.exe
"C:\Users\Admin\Downloads\PlagueRust-master\PlagueRust-master\PlagueRust\PlagueRust.exe"
1⤵
PID:2620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea9ef805116c4ab90b5800c7cd94ab71

SHA1
eb9c7b8922c8ef79eef1009ab7f530bb57fbbbea

SHA256
bff3e3629de76b8b8dd001c3d8fb986e841c392dfe1982081751b92f5bd567b0

SHA512
8c907d2616ce16cfe08ddeb632f93402e765c5d9430a46e90ab5ea32d4df0a854c6007b19f9b0168254ab7aadf720fed8c68d1a055704db09c1b36c201a9b3b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
347755403306a2694773b0c232d3ab2c

SHA1
94d908aa90533fcaef3f1eb5aa93fee183d5f6ac

SHA256
d43f2dd4ac5b6ba779100eb8b84bc92fc8700bedcd339a801c5260b1bb3ce3bf

SHA512
98f1fb18bc34dfc224132dfa2a2e6a131b280b25fcb516fac3bb66da2a47c7a7061124881de6fa5f65602663dc0ea71357b171a3346bb1514176943438322253

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
dad07b41cf57366700f40d8d7f6485c5

SHA1
5405eb26623735ccdff85ba7e391c0e711814673

SHA256
25d9644f006d44e0dbcf5ea684f2d2c2577de0cc0ab720f38dd6573901e92151

SHA512
d0f8eb2b40c2d5cafe84b1528ccdd8c2b12ec065b05a2307ee678895e147ad7cd0bf21019edbbb566facf192464ed7144b9e66850c96b04005b9dd1b83257d81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
942B

MD5
b2e235cb7d72d8400f22fa48011794d0

SHA1
9295cc7a78a8bc1429b2c65006ed7f41259b1472

SHA256
087c77a00d4eaaad523dafafed1d9ea46b00a4bb4d982610c53edb6fcf3c2a49

SHA512
b6d89e7ce06d9331eeae19c88cf59dd604dd0c8ef79f10271d2053993bd08231334a79ac55ebd8e7c53f987d3b392a2dc96f6c33d70bbd373a9decfbbd5accd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ee3d7a15aecf2161eacb1f5312b8b125

SHA1
43b2a244a69cfb7a542d26b27efd22ed1333babd

SHA256
64ce437fd016960302a5a1d9406c3c594c4e99e90d99af70de8e4eef820aefa4

SHA512
34fb2aed156591a0416a25d328fd3520c645fc838c7354a425328676245a4a60d32f2185efc35dd2d1408799103904a1cc6a05a1ad28c7768ea43b30da2b2456

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4858b8397e0b762769e5cd8d641f9b70

SHA1
297e925d5035679e189108d40e314dd76af4c2b0

SHA256
ab94aac08289afb563a3906782dd35381d5909fcc77aedab9abafa1f7739a046

SHA512
94dc0017d51895b2b45c52948840b51bb98e4ab833f125ec84e1b0464a9816453b33f4e03ea793f71d745e58a465873319e640694c6afc60c2444893d1639609

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d7b4bf4ebdbc7a87ffd9e8e2518980ff

SHA1
33871e8849f3704d29dd400543b9295f2c7ae636

SHA256
8610139ded5ada6c48ad4b09e26bf10c30fdb7b4a5fbcef2c7611271d379d188

SHA512
c22030a0c1e7e7b78080298a3372f944dc37670e39d5f152a59ac6ec0c557edd4aba81050f182591f584d67cac719512fbf300da84a659ab55601de37428d7ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
83a505ee89699160eeb477607110c715

SHA1
5610c03e62f80a542032d8d4609a6de28b01b261

SHA256
367b0198e862bb6c55b7b79e76509a01114f050a85d2cc637acd0c856e0b1608

SHA512
dc4814673ce8f07670097263662712dcd545edc0a9548c2d75754a5fae72328c1d3b029a0d10fd8b816f1d7065c6312582d854a0f39ac9e82a673826b060001a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ffa54e71cdeb42417a79be7fcc49e54e

SHA1
d80d9b2938c542fc18eb41b56028fc9b0bcc2c0a

SHA256
20426a029026e9dfbffe40fdaa3eced3e61f3931da228a7dc182c094f6a69389

SHA512
6648e7247b33acad8ef3218ee8cdba38c264fa6df5f26212b145597337b5dce5c5bb82e8bf9b64659edd432c5f1b8e07240e67ce95956d70a10a850e107ab945

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
337b78282d0fef9fcb6c3a15c73c1ed2

SHA1
9d1ddf06386b211de927c38378d3dfe810f68640

SHA256
0136e0a7b2e65c288e8d8b6f17576d2a0401df2334b7076becefe277f04e434b

SHA512
e8d71af73190896005e87410518927ebdbcbde73879dbbb026128e9f9c303a5bb8b8ba67c46c437b7ad4bf44b65fcf52f7a52a8034a612c9dc365e21433fee51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a926859e6af8d4e81893165dfec707c1

SHA1
9f32ba39f8ba20ca8955055fe7feb787af2a9529

SHA256
ed2ab0116be00a0d2891c16996c6e33087debc1d74cc6b3064c7f2eedf9b7e98

SHA512
b10e62d7512d5de1d4b615cb15188fc532779a5012ba4a6143ad8840c0de179eb7deed591e316869e80c567a9e7d368669759228677ade61ed839c28371292bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8b0680712203f88939ef1a85e1e7bb74

SHA1
e836640c931aa49a03112724e2ef08006493e528

SHA256
f66dae78b082c47ba8cdaa7e919f8ce43c6f974dcbd8a15456a29a8516b2f56f

SHA512
6df0bdc4174e1c46cefdf865884fa46d37d70ee57a1109a0f6063b374a7381d835ce2805e319cb2748657504c0764081462af6f809963a4ceeabd78b27e10adb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1ef8242d8f285157aedeb372f2390463

SHA1
fcc14ec25ca42d97c97ad4f3837d901f83c1296c

SHA256
18dc4d1ddc9fd2ed2852d248d28ababb14ed502c959136fef1af22bf151d8e28

SHA512
448404e8410a6f788257a43df418dabd29f7b2cac5e58e9ac7932b0fb617b43e09ad09b2e6a1ea7c45c804c58a29fd4d9f670a82f22da420bd249c8d04842a38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58c484.TMP

Filesize
1KB

MD5
e33d8726d6a3f05c152936ba898e25c6

SHA1
28e784b03f3825703cae9278d39ed7355b6ce819

SHA256
5f1a68990c5bfa2bd6af8ee5371dabab725213e4f3ab42670a6ea792a652fa47

SHA512
ae5d9e7f2fe5e43f538045b639f3857f1f3a54961a60662253c78876993800abdbe88425c2bcfd14a2ff6d0ce59fb02f96bcb4f271a6ea9c859c04173d37feca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
553879279ffbf974f01ca4c8e4a83733

SHA1
19884c9ad065512f645897083c04c9c25bc53963

SHA256
3fa76390363d19e5b15809849ee90fb78111f26c13a88e2fd236a4257172b9ba

SHA512
14a00df50e6d6570c815c4c26fe7811bd1cec379f3440e0edea8989b06a2f50d2bd1788b8402cac0e0b44342641dbe4f140ad4c8e9cf8b104f0d94c670004552

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9ad82dee8828a9de6949d4c286afc482

SHA1
b827d196b953488c7da2ae5ca1c593288a6b34c8

SHA256
a936b0795e545d7111d38ea2441081dcd01d509fda0ad191b1339a2cbeebb17f

SHA512
da1751fb73e2d4b03a7a3a77fedbc1dfc392311c626de514e062e4ea263e24b2836ec93c380b8821495075e48b1e47bce9585c0e991e6fdc5dfae604a767e995

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 505645.crdownload

Filesize
12.4MB

MD5
cc58234c2f07a0317f794f020e06efcf

SHA1
9655c05040093a2f2dab6f0a207ddaaab949ef38

SHA256
d2974025cd3c93767b15c6f11c105f92c5c5f5b24389f69b2993c526f8c372b6

SHA512
99fe0580bd8e440df4f254c7c9cff710c6b8c5b8433ab5714211ca44c5f6212a3c5079ec2554bb60a628b423e978003b04be0cbec6bc03d01af389be5dd23e21

Download Submit