662d56478c8fa24fb43b71cba64af8d941ddb90659c2412144b46137e2cc4c36

Analysis

max time kernel
936s
max time network
1046s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
21-02-2024 18:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

koid.exe
Size

1.7MB
MD5

937bd53a5f505b8e9b00416590ad8d92
SHA1

5abece11f9d282ec009bf441f132676344f1ede2
SHA256

662d56478c8fa24fb43b71cba64af8d941ddb90659c2412144b46137e2cc4c36
SHA512

2027fe14eff8cc0edd67be7f159e0710d79376aef11a70d4c0ad94d501667fd178780fb3a8f0c4481d2da32a3f6fd698e45cef297aee628cda1ae164e0434dd5
SSDEEP

49152:MXi87ZaoNcK9mVrSPYO1M+BrgdhwmzJnU:yvycBr

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

MEMZ.exe

pid process

4516 MEMZ.exe

pid	process
4516	MEMZ.exe

Drops file in System32 directory 5 IoCs

Processes:

cmd.execscript.exe

description	ioc	process
File created	C:\Windows\System32\x.js	cmd.exe
File opened for modification	C:\Windows\System32\x.js	cmd.exe
File created	C:\Windows\System32\z.zip	cscript.exe
File created	C:\Windows\System32\x	cmd.exe
File opened for modification	C:\Windows\System32\x	cmd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

Processes:

msedge.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1414748551-1520717498-2956787782-1000\{2254ADE7-9813-46E7-BDA4-4AD639A86D11}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1414748551-1520717498-2956787782-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

Processes:

msedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exe

pid	process
4036	msedge.exe
4036	msedge.exe
4296	msedge.exe
4296	msedge.exe
5040	msedge.exe
5040	msedge.exe
2276	identity_helper.exe
2276	identity_helper.exe
1192	msedge.exe
1192	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

Processes:

msedge.exe

pid	process
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

AUDIODG.EXE

description pid process

Token: 33 2588 AUDIODG.EXE
Token: SeIncBasePriorityPrivilege 2588 AUDIODG.EXE

description	pid	process
Token: 33	2588	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2588	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 35 IoCs

Processes:

msedge.execscript.exeMEMZ.exe

pid	process
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
3588	cscript.exe
4516	MEMZ.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

msedge.exeMEMZ.exe

pid	process
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4296	msedge.exe
4516	MEMZ.exe
4516	MEMZ.exe
4516	MEMZ.exe
4516	MEMZ.exe
4516	MEMZ.exe
4516	MEMZ.exe
4516	MEMZ.exe
4516	MEMZ.exe
4516	MEMZ.exe
4516	MEMZ.exe
4516	MEMZ.exe
4516	MEMZ.exe
4516	MEMZ.exe
4516	MEMZ.exe
4516	MEMZ.exe
4516	MEMZ.exe
4516	MEMZ.exe
4516	MEMZ.exe
4516	MEMZ.exe
4516	MEMZ.exe
4516	MEMZ.exe
4516	MEMZ.exe
4516	MEMZ.exe
4516	MEMZ.exe
4516	MEMZ.exe
4516	MEMZ.exe
4516	MEMZ.exe
4516	MEMZ.exe
4516	MEMZ.exe
4516	MEMZ.exe
4516	MEMZ.exe
4516	MEMZ.exe
4516	MEMZ.exe
4516	MEMZ.exe
4516	MEMZ.exe
4516	MEMZ.exe
4516	MEMZ.exe
4516	MEMZ.exe
4516	MEMZ.exe
4516	MEMZ.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

MEMZ.exe

pid process

4516 MEMZ.exe
4516 MEMZ.exe
4516 MEMZ.exe

pid	process
4516	MEMZ.exe
4516	MEMZ.exe
4516	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4296 wrote to memory of 4856	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 4856	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 444	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 444	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 444	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 444	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 444	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 444	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 444	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 444	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 444	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 444	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 444	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 444	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 444	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 444	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 444	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 444	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 444	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 444	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 444	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 444	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 444	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 444	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 444	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 444	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 444	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 444	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 444	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 444	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 444	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 444	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 444	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 444	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 444	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 444	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 444	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 444	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 444	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 444	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 444	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 444	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 4036	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 4036	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 1320	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 1320	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 1320	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 1320	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 1320	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 1320	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 1320	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 1320	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 1320	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 1320	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 1320	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 1320	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 1320	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 1320	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 1320	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 1320	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 1320	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 1320	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 1320	4296	msedge.exe	msedge.exe
PID 4296 wrote to memory of 1320	4296	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\koid.exe
"C:\Users\Admin\AppData\Local\Temp\koid.exe"
1⤵
PID:2952

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4296

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa934846f8,0x7ffa93484708,0x7ffa93484718
2⤵
PID:4856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,14829078341637648621,8513555830005873091,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
2⤵
PID:444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,14829078341637648621,8513555830005873091,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,14829078341637648621,8513555830005873091,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
2⤵
PID:1320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14829078341637648621,8513555830005873091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
2⤵
PID:1912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14829078341637648621,8513555830005873091,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
2⤵
PID:3496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14829078341637648621,8513555830005873091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
2⤵
PID:3596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14829078341637648621,8513555830005873091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4288 /prefetch:1
2⤵
PID:1896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14829078341637648621,8513555830005873091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4360 /prefetch:1
2⤵
PID:2788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14829078341637648621,8513555830005873091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4324 /prefetch:1
2⤵
PID:4104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2148,14829078341637648621,8513555830005873091,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5332 /prefetch:8
2⤵
PID:3788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2148,14829078341637648621,8513555830005873091,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5200 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:5040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14829078341637648621,8513555830005873091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
2⤵
PID:3144

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,14829078341637648621,8513555830005873091,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6084 /prefetch:8
2⤵
PID:3444

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,14829078341637648621,8513555830005873091,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6084 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2276

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,14829078341637648621,8513555830005873091,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6124 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1192

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14829078341637648621,8513555830005873091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
2⤵
PID:3620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2148,14829078341637648621,8513555830005873091,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4332 /prefetch:8
2⤵
PID:1860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14829078341637648621,8513555830005873091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
2⤵
PID:572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14829078341637648621,8513555830005873091,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
2⤵
PID:4696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14829078341637648621,8513555830005873091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1780 /prefetch:1
2⤵
PID:3344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14829078341637648621,8513555830005873091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
2⤵
PID:184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14829078341637648621,8513555830005873091,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4268 /prefetch:1
2⤵
PID:2008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14829078341637648621,8513555830005873091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2680 /prefetch:1
2⤵
PID:2332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14829078341637648621,8513555830005873091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3856 /prefetch:1
2⤵
PID:4408

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,14829078341637648621,8513555830005873091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4228 /prefetch:1
2⤵
PID:3648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,14829078341637648621,8513555830005873091,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6724 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2656

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4364

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3792

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.4.0.Clean.zip\MEMZ 4.0 Clean\MEMZ-Clean.bat" "
1⤵
- Drops file in System32 directory
PID:4820

C:\Windows\system32\cscript.exe
cscript x.js
2⤵
- Drops file in System32 directory
- Suspicious use of FindShellTrayWindow
PID:3588

C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe"
2⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself
3⤵
PID:1776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ffa934846f8,0x7ffa93484708,0x7ffa93484718
4⤵
PID:3900

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x498 0x2f4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2588

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1f6d41bf10dc1ec1ca4e14d350bbc0b1

SHA1
7a62b23dc3c19e16930b5108d209c4ec937d7dfb

SHA256
35947f71e9cd4bda79e78d028d025dff5fe99c07ea9c767e487ca45d33a5c770

SHA512
046d6c2193a89f4b1b7f932730a0fc72e9fc95fbdb5514435a3e2a73415a105e4f6fa7d536ae6b24638a6aa97beb5c8777e03f597bb4bc928fa8b364b7192a13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4254f7a8438af12de575e00b22651d6c

SHA1
a3c7bde09221129451a7bb42c1707f64b178e573

SHA256
7f55f63c6b77511999eee973415c1f313f81bc0533a36b041820dd4e84f9879b

SHA512
e6a3244139cd6e09cef7dab531bff674847c7ca77218bd1f971aa9bf733a253ac311571b8d6a3fe13e13da4f506fec413f3b345a3429e09d7ceb821a7017ec70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020
Filesize
194KB

MD5
ac84f1282f8542dee07f8a1af421f2a7

SHA1
261885284826281a99ff982428a765be30de9029

SHA256
193b8f571f3fd65b98dc39601431ff6e91ade5f90ee7790bfc1fba8f7580a4b0

SHA512
9f4f58ab43ddadad903cea3454d79b99a750f05e4d850de5f25371d5bec16fc312015a875b8f418154f1124c400ae1c82e2efd862870cd35c3f0961426c8cd82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
Filesize
3KB

MD5
b49d5ed3bb937b88052cc4a0528ffa24

SHA1
ae82e3f64f170ba8682edf95dc04f72ef36a8c08

SHA256
8b47d29e3b663ff218cff5f32836b6a9a4c89752696d9a1b7ac35b7174e48749

SHA512
7a2db982974d94835e1b913f46813dce2722693be9f40f433590edbd96fd27bca8a6e6bee14de02dfc45b1a495d4773f21d0ab3395183f76512fb2c7cb0e8e34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
f2a3d223e1dfcf10424709fdfe10e921

SHA1
75f902010b2819a21fa3a55a0e92c904eb31ad29

SHA256
bfe5013419f62c47bb7fef589f964f666d77f0bd46d9601d08bf35ced0882066

SHA512
8654f6960cbf412285ad029ac4718380eae7b09ae5c0182f6012b27b216b6ad0b2b408598343c1f47b71b028a09785030118278b14ce2954d470f1f557af3e85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
17e57497246d2852711b5240ae201361

SHA1
434ae502a835c2651d509b8cf7aaa9910ef5dd49

SHA256
4ccb35b2ca1c61a8c4efd9344d3c68404d75c8ec6e4550d4c5ccc22485d24abd

SHA512
6b3d77d1aabf42012dd29076db4ef7504cbd8e225e6d144c6196824f131698ed7b757055a9ae3e92bace75316895c0047032f38d734edcd634eda09fb8dc90ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
889aad427236a1c58f75d55fb4d94208

SHA1
feaa56b59663cb3b96fcf7ca3675c3ba69b02ecb

SHA256
3fd2097c5d08370bb5122d806f2f3a61aa6d7a6da93071d50b58050604bbf49e

SHA512
aef5c42d56ebcc49c945054d014648d60520c0b779fbb6c7d14c2b789edfb257a2180541862cca4251e7b49b690c8618c9ead40e52692b5086567452c27f8ea4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
8ab627714570503869015d34b4c236ee

SHA1
743ea925b2e2ca45bf5bbe311833f31c3a8225f7

SHA256
899483a7c57aa82daa3f3179d8550181c7d874748cc2eebc92fce33d6cc64ef8

SHA512
7907a2bbf01f4b2317b72d74902400e4df49bcd1f173f91cdcbfd81ce3c06a750fbd19e63d4b2b4f9d09039c89402eb8fb535845325151a1aa81651177ab60e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
853B

MD5
1f6819e62db535666bf94f4ec1daa532

SHA1
6316e855fd9c2c0aff665b05b6d20d77f7f0223a

SHA256
11bea6250230d1e1648a15a59be49b6f320a5438ea8b1bdb324b358fbab1d063

SHA512
09274e57ba80174aeda17123f153f578be35e09857bbd535705641595606bedb435ad755ceebf52af89735232c61531e7100f10891c626a7a2452418b2e3d819

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
0b35cc2619326e595179f73c7dcb971a

SHA1
9ff0156bcb469fbe4e96c0d13aee8f1efe5a45ac

SHA256
920ecebb01d88bf21d77db8cb57972bd987c4c5d8c7ff8b35b9044b094d43ec2

SHA512
48ae9d992f891b5a92d915bebaeb3976681dd1867f802bf1df1bc39071faa49905b73ad7554ff1d3a6fc47377cdd3ab5a22cfa26f964354d32634dc751171e9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
6c5f8f7796844e74363cf044aeedcfb7

SHA1
597f786aec452bad5311e59fcdd595bb5f89e064

SHA256
89d89db4f1fbf0c18623d6e81937dcf5b5b51f9f0586aebb6b565f953f467076

SHA512
7d4cced8ac99b8eb9c5a964e4897bedf00c156214ffb027b14c9a958570ce6750875e6488da72a9628902d9bf14e0f8fc98f540522171808a558632369e5d4ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
5dc32126ea68c0b4592bafacac232be6

SHA1
7aec2388c6c3b0080daea3d7b19186a622dae317

SHA256
c4eccc17decccd9de832ce0d95e767cbd40d81cf3c88a452e8fbbae4081ceba6

SHA512
936ff5dcd7281730aabef53e74ea9ee321521e51c322e797070c0820174764dbf2193de6442d25189209aecd6c7d4720c7d2b0788f8bc1e3d52aa59951e6700c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
82e5aa413430bd757263407aff27ec99

SHA1
83929f1b5ace49b1b971bd4a37b36945e853fc86

SHA256
cc30d946eba28ce72ef6c33787cfb29a5790a5ba686c4e4ab45b0884116f0089

SHA512
8542e95fe468f6acb5bef97b411375baa618f50a29495d2acee65409a15d6526b69cb916cb339c503f1d952c84e69242c47c066c3c3b578a430f4307b10623db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
acb69d34e1e9a3727f48f8fc553d32c0

SHA1
94efb727b50b02234b74f5757bd213cbb9e080eb

SHA256
ea7964c5e7e1cd757d7fe4292178c92aa3494369945585a2910bc44b4160ea9c

SHA512
b41ac3380d33211376e2d6287c1c3e59d8297adee95cac3c491bf16584b22382b310ceb2ed4ce41d0e9381481020ee83726e9bffc5963ca3709f5ebf6425591b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
83d76d8cddc22ab9d6a0e7f3a60dc211

SHA1
86b480ce13ab7bcfea40fd98f779bc6906494012

SHA256
6bc6946d48024557fa562b44086afe83079199854d16bb1b023c7d46ab9ad23c

SHA512
8a0618d30d52308b2eb3bf54d80d1f5577e14d10db80113e0bbc43928d28d8e5b8c389ebbb3ce495418dfe442202609d0240927d09df8cf31c9bcaffa2dd9678

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
36a45479a902dafc1c751e447558198d

SHA1
1db2c75750f60c351fb097a4ee6e0b46fa426a0d

SHA256
3994fca9e127e1cca26613fac756971ed0c3c38699b290eaa485eee60daee9cc

SHA512
f0c1fd0f306562da5f9c8c6ef5f16ec4dc5fdf596d8ce584feebf5f44685406bd454611bce04e7e377d0805b0b1a3a2958fc08c16793f01409d1c823696a7f52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
4c58c85e87dab3515295fbb6cb8adf08

SHA1
18a6bf0eccdefa05b00f6eb2c5ddfd1f638da912

SHA256
2b3d91f31467a1179717e85037379207264dc5692440915e237255bf210f2d6c

SHA512
d026fdeb7ede882e96131aeabb2070ed792856ef76aa714e9de80aa2e397f69398eb2c609e4d90b1740b5372b42f022e16533588b3223668f864dbb6349fc095

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
cf702e7d6c703962a33a8a4d6a8c26b3

SHA1
073fb1c0bd1174d348508e852a2e1fcc7a20583f

SHA256
a6af1d4fe14d836575897c3069ccc5ba1073b81f2f88ca8cc8afcf1a1a380c37

SHA512
98020d8f5d259be5ad40a746c8a4952dc06e07d3f1a31cff3df7fdf0893b3f4fd37c433204462df0436255a357f9ceab167f9f96d0be9a3d01555dd51b6bdcd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5ed426.TMP
Filesize
1KB

MD5
83162d879a479585c6a196aa04ac80f4

SHA1
31ba99368eb3898a6388a60449582f3ef533d8df

SHA256
c08aed85e4ca509c11851dd3de4e207687a31c98cb3d5f5b2e4bed3633e3954e

SHA512
0c44b03289c72ec9ea19a6b4e88323d454a17ee676472f0615dd35fca3037a3a43a23908a4489854794a7c65ee2e4823292b57d144a8f78d522f51813393ddf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
656cb7ddba5e8036267ba10d6f7c116f

SHA1
d74ad9e1e80e823c659398dcf62a966911f246e0

SHA256
cead8a149a1ebc0f6a512665ccc4c32b552ae95ae86882c77cd8567b05eea21a

SHA512
c551010417ca07b6b9b1238c7d902f94dd4d7158b7641e6431af37bd1921d7f0231704675a0ecf43c68dfcecd2372a7754c62d1cdf8a0ae3457e1dcbc90f2bc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
c0eb17faf1a33c6ba4b05ae6802ea971

SHA1
d1e9c8738fcdf374e811df904f4c785a8e3d3d76

SHA256
71f00cfbc7782b97bf3f1bf36b66bb371be9d6ddad3334595546a6c5b88b3454

SHA512
0b25cfb6f62ffbb2ac0d32b62596cae6c1c683988f8336b5f26025b4a841cd15364b144fc28b4967cb8c8630561ca831e56b015187c938bfc9c425f5c4bcf573

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
23313b0ff6c91c1fcedf9fd6456950c5

SHA1
e12eb0c1d1345f78b5147662249ea55157c943ca

SHA256
7a7545e954c2c4b808d17b20d5c702964a073a28eb9f3aa9b96a3a702d41ede9

SHA512
06229cf7d7ea53eb31d6a134ce0e6f2b1b93c4bc1877d166db689774573ca3670cbcc9d07212525157a2d8586e84c2e5011d0f726188f99c48d625061b05e9b4

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe
Filesize
12KB

MD5
9c642c5b111ee85a6bccffc7af896a51

SHA1
eca8571b994fd40e2018f48c214fab6472a98bab

SHA256
4bbf7589615ebdb6c769d6d2e7bdcb26072bac0cda6e225a4133ba8819e688d5

SHA512
23cc74b5a7bdf70ba789d1730a0009414cfb9c780544e3d8d841be58782b9a9a089969c4295a0da25d07285505992386486d6ff0524e75605b96bb99cd3aaa1c

Download Submit
C:\Users\Admin\Downloads\MEMZ.4.0.Clean.zip
Filesize
12KB

MD5
8ce8fc61248ec439225bdd3a71ad4be9

SHA1
881d4c3f400b74fdde172df440a2eddb22eb90f6

SHA256
15ef265d305f4a1eac11fc0e65515b94b115cf6cbb498597125fa3a8a1af44f5

SHA512
fe66db34bde67304091281872510354c8381f2d1cf053b91dcd2ff16839e6e58969b2c4cb8f70544f5ddef2e7898af18aaaacb074fb2d51883687034ec18cdd9

Download Submit
C:\Windows\System32\x
Filesize
4KB

MD5
20e335859ff991575cf1ddf538e5817c

SHA1
1e81b804d67d6c0e22c0cef7e1cb9f86ce0ef5ee

SHA256
88339750431112ed60cdf9bdb7697434ba9b38e2d15ad604c4462705bc1bdfcf

SHA512
012251b342722cf35ebec2c7d071db505a992d81fc4b3492cd87640b5c955dc084825fc5e72edc821f4c481867183f21d26cd904fe7f0373d1156332f87b031d

Download Submit
C:\Windows\System32\z.zip
Filesize
5KB

MD5
d2ea024b943caa1361833885b832d20b

SHA1
1e17c27a3260862645bdaff5cf82c44172d4df9a

SHA256
39df3364a3af6f7d360aa7e1345e27befc4be960e0e7e7e060b20f3389b80e76

SHA512
7b7cfb5e689feed6a52eedf36b89a7b5cc411191571c0af5e5d704b5f24bfa04afa62d1daab159a7e5702d80e56f3946bf32db0551d256419ca12cd3c57dcecb

Download Submit
C:\Windows\system32\x
Filesize
8KB

MD5
5ce1a2162bf5e16485f5e263b3cc5cf5

SHA1
e9ec3e06bef08fcf29be35c6a4b2217a8328133c

SHA256
0557ea4c5e309b16458ca32ac617b76d1a55f5f0103e368d05c0f0386b7a0a43

SHA512
ceb5e270bdbcab5be645e50705e3111a5c4751a7a865580d53fa86580025201264a49dd0ea9135b10cff28d7bb21b767ac5d4aff40e880a866ab35df273b5de1

Download Submit
C:\Windows\system32\x.js
Filesize
448B

MD5
8eec8704d2a7bc80b95b7460c06f4854

SHA1
1b34585c1fa7ec0bd0505478ac9dbb8b8d19f326

SHA256
aa01b8864b43e92077a106ed3d4656a511f3ba1910fba40c78a32ee6a621d596

SHA512
e274b92810e9a30627a65f87448d784967a2fcfbf49858cbe6ccb841f09e0f53fde253ecc1ea0c7de491d8cc56a6cf8c79d1b7c657e72928cfb0479d11035210

Download Submit
\??\pipe\LOCAL\crashpad_4296_HSLSGZIOKCZPEBAO
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit