9945aca9c51b2d420585e28adcb500631f27e4322e07afc1f13b7b690d177d0c

Analysis

max time kernel
198s
max time network
190s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 12:34

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

hwid-spoofer.exe
Size

266KB
MD5

322f7016ccf0835c39375dfc42370222
SHA1

701a2e8c1d8976c7b5b6a49d6449a4ff92dba6ee
SHA256

9945aca9c51b2d420585e28adcb500631f27e4322e07afc1f13b7b690d177d0c
SHA512

82fc8db901bd68ba322635d8a1d7d515f3b61cdf2a65d0c5f132ce7f0a3b74dd4545ed7c762707510a225e0adb91516a468019b264bd7ac625fe24ffc6e6aefb
SSDEEP

6144:amBvRxy3LhH3R8QG18lS8kjdiWNAYot/lKyy8rw/8E/lx1q:BxfeZk1oGNyy8rwUE/8

Score

8^/10

bootkit persistence vmprotect

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

MEMZ.exeMEMZ.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	MEMZ.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\Control Panel\International\Geo\Nation	MEMZ.exe

Executes dropped EXE 7 IoCs

Processes:

MEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid process

4524 MEMZ.exe
1640 MEMZ.exe
4112 MEMZ.exe
4180 MEMZ.exe
936 MEMZ.exe
748 MEMZ.exe
3504 MEMZ.exe
VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

behavioral2/memory/4620-1-0x0000000000080000-0x00000000000F4000-memory.dmp vmprotect
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

124 raw.githubusercontent.com
125 raw.githubusercontent.com
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1542.003

Processes:

MEMZ.exe

description ioc process

File opened for modification \??\PhysicalDrive0 MEMZ.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4028 4620 WerFault.exe hwid-spoofer.exe

pid	process
4524	MEMZ.exe
1640	MEMZ.exe
4112	MEMZ.exe
4180	MEMZ.exe
936	MEMZ.exe
748	MEMZ.exe
3504	MEMZ.exe

resource	yara_rule
behavioral2/memory/4620-1-0x0000000000080000-0x00000000000F4000-memory.dmp	vmprotect

flow	ioc
124	raw.githubusercontent.com
125	raw.githubusercontent.com

description	ioc	process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

pid	pid_target	process	target process
4028	4620	WerFault.exe	hwid-spoofer.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exetaskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exechrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133643109672780464"	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

chrome.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid	process
4132	chrome.exe
4132	chrome.exe
1640	MEMZ.exe
1640	MEMZ.exe
4112	MEMZ.exe
1640	MEMZ.exe
1640	MEMZ.exe
4112	MEMZ.exe
4112	MEMZ.exe
1640	MEMZ.exe
4112	MEMZ.exe
1640	MEMZ.exe
4180	MEMZ.exe
4180	MEMZ.exe
4112	MEMZ.exe
4112	MEMZ.exe
1640	MEMZ.exe
1640	MEMZ.exe
936	MEMZ.exe
936	MEMZ.exe
748	MEMZ.exe
748	MEMZ.exe
936	MEMZ.exe
936	MEMZ.exe
1640	MEMZ.exe
1640	MEMZ.exe
4112	MEMZ.exe
4112	MEMZ.exe
4180	MEMZ.exe
4180	MEMZ.exe
1640	MEMZ.exe
1640	MEMZ.exe
936	MEMZ.exe
936	MEMZ.exe
748	MEMZ.exe
748	MEMZ.exe
936	MEMZ.exe
1640	MEMZ.exe
936	MEMZ.exe
1640	MEMZ.exe
4180	MEMZ.exe
4180	MEMZ.exe
4112	MEMZ.exe
4112	MEMZ.exe
4112	MEMZ.exe
4180	MEMZ.exe
4180	MEMZ.exe
4112	MEMZ.exe
1640	MEMZ.exe
1640	MEMZ.exe
936	MEMZ.exe
936	MEMZ.exe
748	MEMZ.exe
748	MEMZ.exe
1640	MEMZ.exe
936	MEMZ.exe
1640	MEMZ.exe
936	MEMZ.exe
4180	MEMZ.exe
4112	MEMZ.exe
4180	MEMZ.exe
4112	MEMZ.exe
4112	MEMZ.exe
4112	MEMZ.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

Processes:

chrome.exemsedge.exemsedge.exe

pid	process
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

hwid-spoofer.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	4620	hwid-spoofer.exe
Token: SeShutdownPrivilege	4132	chrome.exe
Token: SeCreatePagefilePrivilege	4132	chrome.exe
Token: SeShutdownPrivilege	4132	chrome.exe
Token: SeCreatePagefilePrivilege	4132	chrome.exe
Token: SeShutdownPrivilege	4132	chrome.exe
Token: SeCreatePagefilePrivilege	4132	chrome.exe
Token: SeShutdownPrivilege	4132	chrome.exe
Token: SeCreatePagefilePrivilege	4132	chrome.exe
Token: SeShutdownPrivilege	4132	chrome.exe
Token: SeCreatePagefilePrivilege	4132	chrome.exe
Token: SeShutdownPrivilege	4132	chrome.exe
Token: SeCreatePagefilePrivilege	4132	chrome.exe
Token: SeShutdownPrivilege	4132	chrome.exe
Token: SeCreatePagefilePrivilege	4132	chrome.exe
Token: SeShutdownPrivilege	4132	chrome.exe
Token: SeCreatePagefilePrivilege	4132	chrome.exe
Token: SeShutdownPrivilege	4132	chrome.exe
Token: SeCreatePagefilePrivilege	4132	chrome.exe
Token: SeShutdownPrivilege	4132	chrome.exe
Token: SeCreatePagefilePrivilege	4132	chrome.exe
Token: SeShutdownPrivilege	4132	chrome.exe
Token: SeCreatePagefilePrivilege	4132	chrome.exe
Token: SeShutdownPrivilege	4132	chrome.exe
Token: SeCreatePagefilePrivilege	4132	chrome.exe
Token: SeShutdownPrivilege	4132	chrome.exe
Token: SeCreatePagefilePrivilege	4132	chrome.exe
Token: SeShutdownPrivilege	4132	chrome.exe
Token: SeCreatePagefilePrivilege	4132	chrome.exe
Token: SeShutdownPrivilege	4132	chrome.exe
Token: SeCreatePagefilePrivilege	4132	chrome.exe
Token: SeShutdownPrivilege	4132	chrome.exe
Token: SeCreatePagefilePrivilege	4132	chrome.exe
Token: SeShutdownPrivilege	4132	chrome.exe
Token: SeCreatePagefilePrivilege	4132	chrome.exe
Token: SeShutdownPrivilege	4132	chrome.exe
Token: SeCreatePagefilePrivilege	4132	chrome.exe
Token: SeShutdownPrivilege	4132	chrome.exe
Token: SeCreatePagefilePrivilege	4132	chrome.exe
Token: SeShutdownPrivilege	4132	chrome.exe
Token: SeCreatePagefilePrivilege	4132	chrome.exe
Token: SeShutdownPrivilege	4132	chrome.exe
Token: SeCreatePagefilePrivilege	4132	chrome.exe
Token: SeShutdownPrivilege	4132	chrome.exe
Token: SeCreatePagefilePrivilege	4132	chrome.exe
Token: SeShutdownPrivilege	4132	chrome.exe
Token: SeCreatePagefilePrivilege	4132	chrome.exe
Token: SeShutdownPrivilege	4132	chrome.exe
Token: SeCreatePagefilePrivilege	4132	chrome.exe
Token: SeShutdownPrivilege	4132	chrome.exe
Token: SeCreatePagefilePrivilege	4132	chrome.exe
Token: SeShutdownPrivilege	4132	chrome.exe
Token: SeCreatePagefilePrivilege	4132	chrome.exe
Token: SeShutdownPrivilege	4132	chrome.exe
Token: SeCreatePagefilePrivilege	4132	chrome.exe
Token: SeShutdownPrivilege	4132	chrome.exe
Token: SeCreatePagefilePrivilege	4132	chrome.exe
Token: SeShutdownPrivilege	4132	chrome.exe
Token: SeCreatePagefilePrivilege	4132	chrome.exe
Token: SeShutdownPrivilege	4132	chrome.exe
Token: SeCreatePagefilePrivilege	4132	chrome.exe
Token: SeShutdownPrivilege	4132	chrome.exe
Token: SeCreatePagefilePrivilege	4132	chrome.exe
Token: SeShutdownPrivilege	4132	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exetaskmgr.exemsedge.exe

pid	process
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

chrome.exetaskmgr.exemsedge.exe

pid	process
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
4132	chrome.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
224	taskmgr.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe
2368	msedge.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

MEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid	process
4180	MEMZ.exe
748	MEMZ.exe
1640	MEMZ.exe
936	MEMZ.exe
4112	MEMZ.exe
1640	MEMZ.exe
748	MEMZ.exe
4180	MEMZ.exe
936	MEMZ.exe
4112	MEMZ.exe
4180	MEMZ.exe
748	MEMZ.exe
1640	MEMZ.exe
936	MEMZ.exe
4112	MEMZ.exe
1640	MEMZ.exe
748	MEMZ.exe
4180	MEMZ.exe
4112	MEMZ.exe
936	MEMZ.exe
748	MEMZ.exe
4180	MEMZ.exe
1640	MEMZ.exe
4112	MEMZ.exe
936	MEMZ.exe
1640	MEMZ.exe
4180	MEMZ.exe
748	MEMZ.exe
936	MEMZ.exe
4112	MEMZ.exe
748	MEMZ.exe
1640	MEMZ.exe
4180	MEMZ.exe
936	MEMZ.exe
4112	MEMZ.exe
1640	MEMZ.exe
4180	MEMZ.exe
748	MEMZ.exe
4112	MEMZ.exe
936	MEMZ.exe
748	MEMZ.exe
1640	MEMZ.exe
4180	MEMZ.exe
936	MEMZ.exe
4112	MEMZ.exe
1640	MEMZ.exe
748	MEMZ.exe
4180	MEMZ.exe
4112	MEMZ.exe
936	MEMZ.exe
936	MEMZ.exe
4112	MEMZ.exe
748	MEMZ.exe
4180	MEMZ.exe
1640	MEMZ.exe
1640	MEMZ.exe
748	MEMZ.exe
4112	MEMZ.exe
4180	MEMZ.exe
936	MEMZ.exe
936	MEMZ.exe
4112	MEMZ.exe
4180	MEMZ.exe
1640	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4132 wrote to memory of 1624	4132	chrome.exe	chrome.exe
PID 4132 wrote to memory of 1624	4132	chrome.exe	chrome.exe
PID 4132 wrote to memory of 4100	4132	chrome.exe	chrome.exe
PID 4132 wrote to memory of 4100	4132	chrome.exe	chrome.exe
PID 4132 wrote to memory of 4100	4132	chrome.exe	chrome.exe
PID 4132 wrote to memory of 4100	4132	chrome.exe	chrome.exe
PID 4132 wrote to memory of 4100	4132	chrome.exe	chrome.exe
PID 4132 wrote to memory of 4100	4132	chrome.exe	chrome.exe
PID 4132 wrote to memory of 4100	4132	chrome.exe	chrome.exe
PID 4132 wrote to memory of 4100	4132	chrome.exe	chrome.exe
PID 4132 wrote to memory of 4100	4132	chrome.exe	chrome.exe
PID 4132 wrote to memory of 4100	4132	chrome.exe	chrome.exe
PID 4132 wrote to memory of 4100	4132	chrome.exe	chrome.exe
PID 4132 wrote to memory of 4100	4132	chrome.exe	chrome.exe
PID 4132 wrote to memory of 4100	4132	chrome.exe	chrome.exe
PID 4132 wrote to memory of 4100	4132	chrome.exe	chrome.exe
PID 4132 wrote to memory of 4100	4132	chrome.exe	chrome.exe
PID 4132 wrote to memory of 4100	4132	chrome.exe	chrome.exe
PID 4132 wrote to memory of 4100	4132	chrome.exe	chrome.exe
PID 4132 wrote to memory of 4100	4132	chrome.exe	chrome.exe
PID 4132 wrote to memory of 4100	4132	chrome.exe	chrome.exe
PID 4132 wrote to memory of 4100	4132	chrome.exe	chrome.exe
PID 4132 wrote to memory of 4100	4132	chrome.exe	chrome.exe
PID 4132 wrote to memory of 4100	4132	chrome.exe	chrome.exe
PID 4132 wrote to memory of 4100	4132	chrome.exe	chrome.exe
PID 4132 wrote to memory of 4100	4132	chrome.exe	chrome.exe
PID 4132 wrote to memory of 4100	4132	chrome.exe	chrome.exe
PID 4132 wrote to memory of 4100	4132	chrome.exe	chrome.exe
PID 4132 wrote to memory of 4100	4132	chrome.exe	chrome.exe
PID 4132 wrote to memory of 4100	4132	chrome.exe	chrome.exe
PID 4132 wrote to memory of 4100	4132	chrome.exe	chrome.exe
PID 4132 wrote to memory of 4100	4132	chrome.exe	chrome.exe
PID 4132 wrote to memory of 4100	4132	chrome.exe	chrome.exe
PID 4132 wrote to memory of 1612	4132	chrome.exe	chrome.exe
PID 4132 wrote to memory of 1612	4132	chrome.exe	chrome.exe
PID 4132 wrote to memory of 2888	4132	chrome.exe	chrome.exe
PID 4132 wrote to memory of 2888	4132	chrome.exe	chrome.exe
PID 4132 wrote to memory of 2888	4132	chrome.exe	chrome.exe
PID 4132 wrote to memory of 2888	4132	chrome.exe	chrome.exe
PID 4132 wrote to memory of 2888	4132	chrome.exe	chrome.exe
PID 4132 wrote to memory of 2888	4132	chrome.exe	chrome.exe
PID 4132 wrote to memory of 2888	4132	chrome.exe	chrome.exe
PID 4132 wrote to memory of 2888	4132	chrome.exe	chrome.exe
PID 4132 wrote to memory of 2888	4132	chrome.exe	chrome.exe
PID 4132 wrote to memory of 2888	4132	chrome.exe	chrome.exe
PID 4132 wrote to memory of 2888	4132	chrome.exe	chrome.exe
PID 4132 wrote to memory of 2888	4132	chrome.exe	chrome.exe
PID 4132 wrote to memory of 2888	4132	chrome.exe	chrome.exe
PID 4132 wrote to memory of 2888	4132	chrome.exe	chrome.exe
PID 4132 wrote to memory of 2888	4132	chrome.exe	chrome.exe
PID 4132 wrote to memory of 2888	4132	chrome.exe	chrome.exe
PID 4132 wrote to memory of 2888	4132	chrome.exe	chrome.exe
PID 4132 wrote to memory of 2888	4132	chrome.exe	chrome.exe
PID 4132 wrote to memory of 2888	4132	chrome.exe	chrome.exe
PID 4132 wrote to memory of 2888	4132	chrome.exe	chrome.exe
PID 4132 wrote to memory of 2888	4132	chrome.exe	chrome.exe
PID 4132 wrote to memory of 2888	4132	chrome.exe	chrome.exe
PID 4132 wrote to memory of 2888	4132	chrome.exe	chrome.exe
PID 4132 wrote to memory of 2888	4132	chrome.exe	chrome.exe
PID 4132 wrote to memory of 2888	4132	chrome.exe	chrome.exe
PID 4132 wrote to memory of 2888	4132	chrome.exe	chrome.exe
PID 4132 wrote to memory of 2888	4132	chrome.exe	chrome.exe
PID 4132 wrote to memory of 2888	4132	chrome.exe	chrome.exe
PID 4132 wrote to memory of 2888	4132	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\hwid-spoofer.exe
"C:\Users\Admin\AppData\Local\Temp\hwid-spoofer.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4620 -s 1872
2⤵
- Program crash
PID:4028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4620 -ip 4620
1⤵
PID:1064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffbf6cdab58,0x7ffbf6cdab68,0x7ffbf6cdab78
2⤵
PID:1624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1956,i,7885988122520984520,373450408848855689,131072 /prefetch:2
2⤵
PID:4100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1948 --field-trial-handle=1956,i,7885988122520984520,373450408848855689,131072 /prefetch:8
2⤵
PID:1612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2288 --field-trial-handle=1956,i,7885988122520984520,373450408848855689,131072 /prefetch:8
2⤵
PID:2888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2980 --field-trial-handle=1956,i,7885988122520984520,373450408848855689,131072 /prefetch:1
2⤵
PID:1652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2988 --field-trial-handle=1956,i,7885988122520984520,373450408848855689,131072 /prefetch:1
2⤵
PID:1420

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4320 --field-trial-handle=1956,i,7885988122520984520,373450408848855689,131072 /prefetch:1
2⤵
PID:3880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4508 --field-trial-handle=1956,i,7885988122520984520,373450408848855689,131072 /prefetch:8
2⤵
PID:1528

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4640 --field-trial-handle=1956,i,7885988122520984520,373450408848855689,131072 /prefetch:8
2⤵
PID:1536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4524 --field-trial-handle=1956,i,7885988122520984520,373450408848855689,131072 /prefetch:1
2⤵
PID:956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3508 --field-trial-handle=1956,i,7885988122520984520,373450408848855689,131072 /prefetch:8
2⤵
PID:4468

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2280 --field-trial-handle=1956,i,7885988122520984520,373450408848855689,131072 /prefetch:8
2⤵
PID:4036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3416 --field-trial-handle=1956,i,7885988122520984520,373450408848855689,131072 /prefetch:8
2⤵
PID:5064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3496 --field-trial-handle=1956,i,7885988122520984520,373450408848855689,131072 /prefetch:1
2⤵
PID:4528

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4812 --field-trial-handle=1956,i,7885988122520984520,373450408848855689,131072 /prefetch:1
2⤵
PID:640

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4988 --field-trial-handle=1956,i,7885988122520984520,373450408848855689,131072 /prefetch:8
2⤵
PID:4008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5008 --field-trial-handle=1956,i,7885988122520984520,373450408848855689,131072 /prefetch:8
2⤵
PID:2384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5164 --field-trial-handle=1956,i,7885988122520984520,373450408848855689,131072 /prefetch:1
2⤵
PID:372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4768 --field-trial-handle=1956,i,7885988122520984520,373450408848855689,131072 /prefetch:1
2⤵
PID:668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5060 --field-trial-handle=1956,i,7885988122520984520,373450408848855689,131072 /prefetch:8
2⤵
PID:3452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4496 --field-trial-handle=1956,i,7885988122520984520,373450408848855689,131072 /prefetch:8
2⤵
PID:4772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 --field-trial-handle=1956,i,7885988122520984520,373450408848855689,131072 /prefetch:8
2⤵
PID:4272

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 --field-trial-handle=1956,i,7885988122520984520,373450408848855689,131072 /prefetch:8
2⤵
PID:2464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4496 --field-trial-handle=1956,i,7885988122520984520,373450408848855689,131072 /prefetch:8
2⤵
PID:1244

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4492 --field-trial-handle=1956,i,7885988122520984520,373450408848855689,131072 /prefetch:8
2⤵
PID:3132

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
PID:4524

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1640

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4112

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4180

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:936

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:748

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /main
3⤵
- Checks computer location settings
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:3504

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
4⤵
PID:2408

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+remove+memz+trojan+virus
4⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffbf69b46f8,0x7ffbf69b4708,0x7ffbf69b4718
5⤵
PID:1588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,8193443215199931615,7960147207603021639,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
5⤵
PID:2520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,8193443215199931615,7960147207603021639,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
5⤵
PID:4892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,8193443215199931615,7960147207603021639,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
5⤵
PID:4576

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8193443215199931615,7960147207603021639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
5⤵
PID:4000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8193443215199931615,7960147207603021639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
5⤵
PID:4972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8193443215199931615,7960147207603021639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
5⤵
PID:5092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8193443215199931615,7960147207603021639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
5⤵
PID:4848

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,8193443215199931615,7960147207603021639,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 /prefetch:8
5⤵
PID:2356

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,8193443215199931615,7960147207603021639,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 /prefetch:8
5⤵
PID:624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8193443215199931615,7960147207603021639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
5⤵
PID:3548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8193443215199931615,7960147207603021639,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
5⤵
PID:1004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8193443215199931615,7960147207603021639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3652 /prefetch:1
5⤵
PID:540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8193443215199931615,7960147207603021639,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
5⤵
PID:2012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=what+happens+if+you+delete+system32
4⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:5048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffbf69b46f8,0x7ffbf69b4708,0x7ffbf69b4718
5⤵
PID:1752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1824,3605527646104166151,3896737129706236812,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
5⤵
PID:448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1824,3605527646104166151,3896737129706236812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 /prefetch:3
5⤵
PID:2556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1824,3605527646104166151,3896737129706236812,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3008 /prefetch:8
5⤵
PID:1628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,3605527646104166151,3896737129706236812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
5⤵
PID:1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,3605527646104166151,3896737129706236812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
5⤵
PID:3260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,3605527646104166151,3896737129706236812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
5⤵
PID:3268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,3605527646104166151,3896737129706236812,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1
5⤵
PID:116

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1824,3605527646104166151,3896737129706236812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
5⤵
PID:2060

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1824,3605527646104166151,3896737129706236812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
5⤵
PID:4668

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3600

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:224

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2072

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2960

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2444

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1144

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
PID:2992

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
cfc1f75ccde27760f1599771dd8b5f0a

SHA1
a5a6acdbf75daceff033c0fb3a462231c5b50a2c

SHA256
8b54343acaac51c58b7faeadf0647b22028b2999ac109ba35689a5feaedb4079

SHA512
66068a1873d5ac68f96b783fca30cbabbc9418c7ccfbe6a61ef831dea50eda593e2f08b4f8822dc0c2dce16c3a8ca307e2fdb7a925bbecee2ddbfbe3ec242bb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
56b6f913817884f4d1eb54261748b8f7

SHA1
75051b0ce685de3e82218bd4f494f8899382d2fd

SHA256
25b2aeaadbc33e1025d21674b3c97ed84e59cc0370992efffd543d4150de1098

SHA512
5bbde3f26f566f64e721d8966a3e32ce610c80f802fb03cb1e149bb38276812dbc1deb1e39eee234568b92fc4a6f4a96c8a90cdc494cc492adf60d3cd22d37a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\6db3a7a8-b214-4647-93b9-8891db6d106c.tmp
Filesize
1KB

MD5
21105d96a7737f6d5c2ee5096d917b68

SHA1
64e48bb7eac7ab299ecc1975021cbe30d55008fe

SHA256
aad69ba6fa82fec401b3c21207dc56949ab0d5e80855c26abdd7d77115dfc975

SHA512
9d924350a235f93238970b14d342041acb77c3e863d744a5913b7082dae83c0788cfc63fa356cd8ecee12d61919866ebd5cacaecae125a1acd3451b22cabb99c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
ff15135f993f3c388930e128aad1ffd5

SHA1
1de30b0563d2f3887ec7b9ad60e9fd650e42ebbc

SHA256
47a7b4a22394ebf35e4fb8f62f93691af4584123898ca4c75e95a598de2291a9

SHA512
46051e46ca1a72bb88680154a86a0af02a5536e6ef7cd4dd129e8ceabb86f52d1f861f5cd418f4863a3add2fb0c25d98404c3716100216cdfc98eb99f9f75f2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
27241bb0e10a8f85543735eeeb1a4b56

SHA1
5d67efa311584a12aa838894bb07a575b947f2cd

SHA256
dcf2ae20def86483b90f83a84cd5ada54f351ab0e450d9d66f457fb668d7e6f1

SHA512
302555b663d1f2d2a6b9e0017d6293d848491e0a52e30124972716c9ddb0c0bd0e93691262ab7b86ca036e94ad6376d981f1fef90d8c642582852a944108d879

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
95bc9323d027db8fb424e0712146f08a

SHA1
62ad09fce3709146d69d771bdf6872e598f1cf62

SHA256
bd4c4657c59479302d2533b829faa1532b04d81600e77bb51f814eaeb6738925

SHA512
6e34c57bd7383ee0aa90f6d26499abb1ba5b771fa53ce78898299fbcb650d3c5efd7a6ea9449afc1180f01da132b7237f09de3734502c3069de34c7aa94e3ea7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
71275a79d1d4d00da96e91b0d0d0714d

SHA1
5399fd7dc9f7ed7cc80a77509cc8a852122ada78

SHA256
7cce6a3a50a70ea4de1728f45e370edb52ca61090fd6d9a9e39e5165a04aab95

SHA512
2edf02a84572f89202a0f70f3a7fa4424736e583f0f04bcb3414be4e769624fc7d86aa00464e3c4f696ca97343bd661f5fde7203351e662cffa41ae60a210c24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
1ea99ada84ed8771fd38809658d5df71

SHA1
aa318dfd0d1b8e12df44da1cd774d91cd8648097

SHA256
cb86f76a94d9dd076bfcd945315a51d4c79491fb0b42fdb4806bf61116ce18fa

SHA512
a44f2a1a87ae844bf785958b515ff9427edb2ebc84ce3fad28c4515b5ce26d70f3c9f75461d2f43f28fa0823ed4b127ddbebfe29bb56cb03186682c14419b349

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
3ae1ddcb3ac913c516c00f1e131ba4dd

SHA1
75bd88b7b18d17e41e4016491b8d036f5c9c4fe0

SHA256
aa2db9dc9def49fb0cc0dbc4b90778595e92df95fc1aa88c34287939a79fd006

SHA512
1fe5bbf1cf388ed5d7110e1a86ac05d95fac4e1e66b13a677defd92393ba16e096124bfd13e28e8f7bb0f530399d82e9f05ccd6ac9ddc3674bcbe5d2e7ca136b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
4bafad88a3b2197ec854e10ac7150668

SHA1
2450cf58087d17d28a1d724a2e53df7340865fb9

SHA256
c8ddd1574e40c7c460f0828415633736d49e81458198c0a268f25ee90fecdbab

SHA512
74db5e7d66297fc54f61522974663ba732ec99016b0660c933b0dffbe6dc7c7f6ae940bf5d73582d6208eb22d172df2cbb8ef3417beaadfe4931ee086da030b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\f4f9ee69-ff58-4041-975d-8d789d63117c.tmp
Filesize
16KB

MD5
6331cdc2779bac34c3c5f38524fcd125

SHA1
ed403ffa247082de4b7682ef29b2b00b18bfed84

SHA256
c322d2d5bfc9363262a4816a1fefc518e6b4baea80c56580a9cd9b3370b2e640

SHA512
d38eb9a03bdd7219a0eae269c1705db0397fd98286bb5ae794ec4482d5628131dbb9349918b059d67aa755a4b9df18f78fffe628ab7f275c23de40ba13185d6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
269KB

MD5
2fa73db3a5f303ba3961c1f2fbac3678

SHA1
2b3898887a3f020a3e97e2141407b5d6aa37b3e9

SHA256
3afdab6e5c096c54bc9672d0d99cba37adc7466862b1db247977c724cb4783d6

SHA512
37402b0921d484b79059ce23fb7be989cbc1458a26f620e0a726865caef6cb7652f74742939046b7fa67a5dc0aad5e9a608f636e794ae1a8a6ba9ece3cc1e839

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
269KB

MD5
580edfc33b61e513b4e0f0adce82062b

SHA1
293d7c83095d21cda8586d48069d2598eadcde7d

SHA256
137690e872f15f145c16a72c9975746464a6ec573f1a6654b0b6723cb760502b

SHA512
6d50c6ff0804cd05bf2f787ab49613f124b23b1f944694f40050b10bea2172695cfe721a9efbbfa023710cbb06721dac8875e859a8c7fe75cb5b50f31163faae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
269KB

MD5
52aaacf8c3c50bf5fc93d4b1630214ee

SHA1
8bd6597a4b09c8754d57c7d389cc9d96f9bbb25e

SHA256
0998452106db565b99da2730f2063dfe79977e65082375dc05f45a16d155c52a

SHA512
82a2acba01b203a50ab9c50689b74f4d70555ae1ccd84b9219f35d2581b05ebc473ac307099810fc8e074a9f7a17799c6cf72d67dfe601e5b80aab638d5f7942

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
101KB

MD5
54f45e6f31f54f9f8c9b0340846c23e8

SHA1
a9d903698fc4d7ad1722d948f83afe241602da29

SHA256
d660aeb2d8cda2ff713190a09aa61c5104d2213378baa0dd1999e742739b3dfa

SHA512
351294023a8bd41c66550ebe7772c0c958095c7f6ebe93c150cc6e4f626a862208f012f89dd0ad4f7a791f622390b37deccf977cde2effebceda403fd35fd2d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe590814.TMP
Filesize
89KB

MD5
d3fc66ace05b43855c8cf5d23a851ce1

SHA1
1fe10c92806eb8b38697fa6bb4f40d00a6a47096

SHA256
a3b1d1a06766aa773e77006682c0562fc97c334c329045368e43d053639402ed

SHA512
0cfe70cf665c3a21a09bb3b8382635dece571c55c38e98cd52fdaea19e4c36c92c2c1456d3a49220d1760f251977b7c4d48bbabba23ddcd0232e0d0a59e9cf85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
eaa3db555ab5bc0cb364826204aad3f0

SHA1
a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

SHA256
ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

SHA512
e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4b4f91fa1b362ba5341ecb2836438dea

SHA1
9561f5aabed742404d455da735259a2c6781fa07

SHA256
d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

SHA512
fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
d8e654dfee4d3f3ce1bd76f574194e5c

SHA1
e38cdfda4d431006b88dbe46694fd078f46cda7f

SHA256
02448bd9c1944def216e1a6fc2cfe05fac60f34d478fa8c2ce30e01db9785aae

SHA512
db934f26485f90e577fd3ae3fd2120b772b04f152d6f2dda1c3f53af2c35ac07c61e2410ba0742e17ccba2334e64fdeb3c30514a6f761f18fb2aaada118ec3b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
b14cbaa2293aa42ab4c998f547b149f8

SHA1
675ac4c5603685522425b06382ecb1a53b24abfb

SHA256
d7af08eb80ac1571aba0a7d19b735f848443bddc102ebb8a407743b61248dfe8

SHA512
a230534f60a6ed5fedb9f211df44d63ae4722be7b0d03cdedc54bd7a3af927e89335cd7aceedbe8d55224572d5d7761edd9a2c3c862ab156397e5415450ffd51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7c338866-8090-4e8a-8849-bc7ac78d3855.tmp
Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
bff36b1bf6772c99f362c04dc3c42a14

SHA1
8d4d19c733f5a8f35d398158a1bf26d9e5e6fbf2

SHA256
3f47a49378f9f3e2f2e28b4852248216c00e4a92b16344fbb03e6d95c186c6c8

SHA512
3c37e5ba50c02321be359edb1b73d5d57675d8c4ea8927f0e97c0a926cd8d8c9f9dcb1ee844734e58a116b96b674b2abb75ff69cb4dfcc85ed1272f484f6edf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
144B

MD5
2c61d9649dc700cfbfb0cff3c7269bc7

SHA1
b361134aa231140236e8c3e826f4878afcf572ad

SHA256
a350232d0359731e4968a8495a15c74644360626c71e2270726dbf3f344fcc85

SHA512
66013ab834ed8ef61dab4c6231c7fda663937e5ee0fc88ee7a8c2b7ded91c705b7966396b5e519a71cb97eff528ec01d5031b809451e5c5355ed1710c099af07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
Filesize
20KB

MD5
662fe25d57184fae41a254d565c60b3d

SHA1
fe73fe087995b7ee64027b5004ed0289d801a709

SHA256
d843f8213851863dba8702a6c94446c489d9351823172666501b4e5e26ca8cd5

SHA512
199a1e6b51957bc44669104a1774e3277895a19e2faf77be6bd03db2c9f652c26d251534d5e6d82daac67c4b2e61d3679627dbaeb34a190c22c1565b0a23e467

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
Filesize
124KB

MD5
ad7da54bd24aac66551747dc49e2a686

SHA1
4052b58b8d5ccdf8089c0a0be42f754b28162823

SHA256
5f7e0fbc163b164bbbbb1d34b4c1e02cc2eeb241ede06ed0401990f9d07cfa6f

SHA512
796a040603342d21bc0182c12f11d8bdda921ad5fcbbd0a688b5f2b6c74abf464ea3e8cc800949807a352582f08ed2a418eca2a0dc37445e2fde1895e976bc43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
Filesize
334B

MD5
0e0c5b6e8ab3ed1bfc426158cc9e7383

SHA1
e776a0fb604e8e5ed6e9e8acd80cb15107a4c4c7

SHA256
a35960d9d0644d715bf610761bbc0a099b17ab47a3f0430870043e59ff848c22

SHA512
0bbea5b2a86b7f4f556d08f3bae6497bf73ffe1dc3e062646dfa4a7a8ca8750d0421f93d1fbc489f12560db7028af2cb9ba66ac90aba2a174ffded38baa1b4a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
814B

MD5
b5f1574f42139483a87516a897666ed0

SHA1
28c2fccf581b082a01267b82bf6e9bb84f9df5eb

SHA256
878dbc3736ae4488cc2fce62b6006bf2e4461331cd4d426da856846e02df7517

SHA512
a545f84f972f441cf81e1db877806b3634b2c65a76d2d9e69ac41f005afa933759a25734c95e4332c621c10e9d8dda3353b185e5818f1fd6df2d39b4ffed4293

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
ddb4f307b53e4afa70e0942b6270e6bc

SHA1
1f0b821be9725d3c36403d460ccda81b23d2d741

SHA256
e9c84813fa175d7edb639b0e7413842db31dc6e1ddddbbcbbaf71c40ea427fa9

SHA512
07fea60fa5f8529515a6ec9ccad19f0553ff63d0d0e0f9466a9a53041e5317ddd1c9c4028f34e3f5928ee7da171d32c3c601dada0ce5e744712a62846f5f534f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
c3310badafc8a92646a93525dbb2f8e1

SHA1
631b73d1f37c78d412d51ae118e02af127ac6aa1

SHA256
f1b1d0e17c1d9ae7a886d697f8315b76d5a2398b6754ab997a0fa85b9757bc89

SHA512
d107e7871eeb91019e794592a365fcf6c770e6c6924b257ee7e4769dde45a194e5d3710562908f30767da7d3dcaae56543330ac6db9b5b564cb2dd66337b5895

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
63563df5689b793af9bff835e9d904b1

SHA1
47314043815bb8be8e2a44fd8183dbbe8768221b

SHA256
f1078afe8b048887ca025d1c84bc65941c29161585319a89ee2f3d363ca80ba1

SHA512
71b81edc6748027259e097ee0f847240d4158362c489acd831d8d50812835d4d84fb8b21edff1f2e39393cad75245805cf74debe063e8436ddd0589fb8f17c14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
5a102b3bbe09cb1fbf207e1986bcce22

SHA1
adda86ef6bf0f1fce92f39110a6e2ef35712c887

SHA256
3313f48d35c519dc7cc1aff7bdad51c64cdbc030803ea9cc8415e3c9e440138e

SHA512
00c9aa2e6b906d51590f8e8c6cce34b61b96c18952ec00922d4c9fda601e5736c43431be71e157ad91c939f1820376982b69518390b4c917cccccff34a27d9a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
797171ca29a1400b9784fec5d8c832d6

SHA1
43353e166213518d3751e53968130a18886af927

SHA256
3e7c7ce967633a34cabf7b9f30701f084a9067d5846fb36c9dffb7d171fd7466

SHA512
d3d15ef5a837d590150754a2b63892408bbd683fcfad103b68501149113d533596e8096027d4fc961f27b0a666b9cf9b9545d3419f1c66d073daad2c72c9149c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
13aec2cc2077b9481f7dab0220337efb

SHA1
7cef27505fad58ecb7d3d610d0e43d9fadab4578

SHA256
11290ee6ae460dc481bf76f1ffa56ab77e67daff9f89b1792c0a3a5bd483a80a

SHA512
ac5d234d3459bea5c27560faff24fe8c914c7351b4d833987b56048c2f39a22ab527a646f905dc45bf7bf5dedf3f4b93404c31c05ba732239752f709a5d549c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13364311051840730
Filesize
2KB

MD5
a458ef09e7b7f9903a09c83302fc037e

SHA1
0e260ea32dc00c7b3607d9d9b3aaafff05a9f024

SHA256
3e99fce00160b8b5fb9b7ccf02a596f3856a6f7165b3026cfd90a28ad50c44b8

SHA512
39fe13312b3ea76db2ee5509a1103a5135db314ea164cc3a5ccb6c73f3d3ee471f8e991f2c8ae62a33b7c45c2cafba63db293645cc67daf53400ada4e3955433

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
Filesize
112B

MD5
5b7d4c0199fda3ae35534dbd35bc6745

SHA1
b05a00471302a1e7672412adf888cf782bcd15fe

SHA256
1d95be5e8de5697f0b5688429d06b49f5e3fd4b8c82350571f04616618b28e7b

SHA512
81379c9ffe20b0350f2d800022824f61fe385a8358b448fb368123e8bc468b5cef148a6de7fcd8360ddc972cd889866efa8d2c86b72188e25a240100feca96cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
Filesize
350B

MD5
43f3daef7eccc57f62a8ab86d473fea0

SHA1
f43c2fda5bb208a75e357fa36eb4ec4646bbd1d6

SHA256
e50b4f7f2b13ae5df5cc4047a273e1f243c6e8b79eae315c617eef49da759b3a

SHA512
8a8a2aac4c17b88d602361d4a75653191456a5435c0882ec27c088873b8aeedefa8f2494a2e4d05326f913215a0e741130ebb9e1c5eecc354b338d9b48459a56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
Filesize
326B

MD5
4f8d7267e63ee36ab4717f8269ca2aec

SHA1
72b412097384c54a79348e10504de0e14d57b9be

SHA256
2f639c3ce2fe5e71fbe1c6c3aaf1b59b2ee70898e7f0ca7e488dd4944261ac79

SHA512
80b0a045f43fd4e1c210da7067c39e0934c46b304659dfb3f773a97f769bf3dae9cd963520f3ef8b872db701467eb271f6175d975d14f84faedded9628f4ab91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
Filesize
128KB

MD5
9110cdbbaac8fd75c0355495a026b7d4

SHA1
54a6e46fc82cb9b99428073d8c51c2b1bc0c0875

SHA256
b126daf186d44f8a3a9d73a45078e19304211d3fd93e1fe5815155655d4a9d88

SHA512
0c278a2d5abb3ceb7779be16f42741af57123b0f33bf05f0e37ddefad1c1a7de3b8362a1fe7d79aabfa39ad26b67c0e5ea741840d31c3ac1e64fe990221f2e97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
Filesize
44KB

MD5
a57e8d2036482490c450af68198a5edf

SHA1
86894d3e6fac3516d6a23c7df6ba5dad8d1f0fb0

SHA256
7570ef3eaa7b2bc24a4f519074b54b4e51c072770fa4fb30e421747da0e3aba8

SHA512
677469ccabd57468f240df9268a04bbbc28d032e64b75a95a5baa6febfea35f646acc14b16d93cf564abd4ef1ef7d9212e14972efd6feffcb5b913b8dfd9e36c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
575ead3f15b33b5115c5898441990b71

SHA1
afc5a26d7f1ba456a3c703328a16c18cfe739bd1

SHA256
5e704f1d6c85f35b61b7a227d3f7b32c177e21c9b29e31587835dc81f8bbb3e8

SHA512
5b9844e17ec4cc0856d321dc26bcc43de7094422508fb445cf7de25688c2dfb0da0f29006a2b1ccba7067f068e2d1e037eb4cd4439414acd709d7813cba701b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
4bdbba070757473abd1e7d4c28637960

SHA1
85cad5f308b080e4d698972e34536dea0a41795f

SHA256
633a22c64094b61d8d0f41b95d1757d74599512409a28c7d12c4b14dc059d38c

SHA512
4ab8df39a458279c612e29ed87b43f723c2165a12b1c72f107ddc5871874ba82f3cf0ae7c5043c137182b296baa47f9e24706b411a9b109c117be0d033a572d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\f56e3e93-3e0f-4f06-8e13-04d8c027e9c6.tmp
Filesize
11KB

MD5
be61487c40d043456e93a977b2229277

SHA1
59229d17c0aa5f797e50b1691b1ea782081b1da6

SHA256
da05c4bbcf3f9db596cc093a7ad16d76b170a8c7a4c66011b56bd0aa0c4d4615

SHA512
f7d56f2643e98b4fbfebc090c56cbe4c78a255c5a2b99de27b634615c028cccec153093821facefd1a56e3fe689aaf2db18234cf1120464310cce17d1e3527b4

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe
Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\note.txt
Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
\??\pipe\crashpad_4132_NUVAOPGKDSOYBUFT
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/224-526-0x000001D4645C0000-0x000001D4645C1000-memory.dmp

Filesize
4KB

Download
memory/224-528-0x000001D4645C0000-0x000001D4645C1000-memory.dmp

Filesize
4KB

Download
memory/224-532-0x000001D4645C0000-0x000001D4645C1000-memory.dmp

Filesize
4KB

Download
memory/224-527-0x000001D4645C0000-0x000001D4645C1000-memory.dmp

Filesize
4KB

Download
memory/224-533-0x000001D4645C0000-0x000001D4645C1000-memory.dmp

Filesize
4KB

Download
memory/224-534-0x000001D4645C0000-0x000001D4645C1000-memory.dmp

Filesize
4KB

Download
memory/224-535-0x000001D4645C0000-0x000001D4645C1000-memory.dmp

Filesize
4KB

Download
memory/224-536-0x000001D4645C0000-0x000001D4645C1000-memory.dmp

Filesize
4KB

Download
memory/224-537-0x000001D4645C0000-0x000001D4645C1000-memory.dmp

Filesize
4KB

Download
memory/224-538-0x000001D4645C0000-0x000001D4645C1000-memory.dmp

Filesize
4KB

Download
memory/2992-866-0x0000026E38F70000-0x0000026E38F71000-memory.dmp

Filesize
4KB

Download
memory/2992-874-0x0000026E38F70000-0x0000026E38F71000-memory.dmp

Filesize
4KB

Download
memory/2992-869-0x0000026E38F70000-0x0000026E38F71000-memory.dmp

Filesize
4KB

Download
memory/2992-870-0x0000026E38F70000-0x0000026E38F71000-memory.dmp

Filesize
4KB

Download
memory/2992-871-0x0000026E38F70000-0x0000026E38F71000-memory.dmp

Filesize
4KB

Download
memory/2992-872-0x0000026E38F70000-0x0000026E38F71000-memory.dmp

Filesize
4KB

Download
memory/2992-867-0x0000026E38F70000-0x0000026E38F71000-memory.dmp

Filesize
4KB

Download
memory/2992-873-0x0000026E38F70000-0x0000026E38F71000-memory.dmp

Filesize
4KB

Download
memory/2992-865-0x0000026E38F70000-0x0000026E38F71000-memory.dmp

Filesize
4KB

Download
memory/4620-4-0x0000000075150000-0x0000000075900000-memory.dmp

Filesize
7.7MB

Download
memory/4620-3-0x0000000075150000-0x0000000075900000-memory.dmp

Filesize
7.7MB

Download
memory/4620-0-0x000000007515E000-0x000000007515F000-memory.dmp

Filesize
4KB

Download
memory/4620-1-0x0000000000080000-0x00000000000F4000-memory.dmp

Filesize
464KB

Download
memory/4620-2-0x0000000075150000-0x0000000075900000-memory.dmp

Filesize
7.7MB

Download
memory/4620-5-0x0000000075150000-0x0000000075900000-memory.dmp

Filesize
7.7MB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads