hxxps://drive[.]google[.]com/file/d/1h03oDqKxddEXZmsOXZznyB2MdmlJ5lsG/view?usp=sharing

Analysis

max time kernel
100s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
07-01-2025 19:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1h03oDqKxddEXZmsOXZznyB2MdmlJ5lsG/view?usp=sharing

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
5836	PiS.exe

Loads dropped DLL 11 IoCs

pid	Process
5836	PiS.exe
5836	PiS.exe
5836	PiS.exe
5836	PiS.exe
5836	PiS.exe
5836	PiS.exe
5836	PiS.exe
5836	PiS.exe
5836	PiS.exe
5836	PiS.exe
5836	PiS.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
5	drive.google.com
7	drive.google.com

Drops file in Program Files directory 5 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\PiS\Uninstall.$$A	JEM KEBABA.exe
File created	C:\Program Files (x86)\PiS\PiS.$$A	JEM KEBABA.exe
File created	C:\Program Files (x86)\PiS\poparcie.$$A	JEM KEBABA.exe
File created	C:\Program Files (x86)\PiS\protest.$$A	JEM KEBABA.exe
File opened for modification	C:\Program Files (x86)\PiS\Uninstall.exe	JEM KEBABA.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JEM KEBABA.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PiS.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3304	msedge.exe
3304	msedge.exe
4988	msedge.exe
4988	msedge.exe
1624	identity_helper.exe
1624	identity_helper.exe
4252	msedge.exe
4252	msedge.exe
5836	PiS.exe
5836	PiS.exe
5836	PiS.exe
5836	PiS.exe
5836	PiS.exe
5836	PiS.exe
5836	PiS.exe
5836	PiS.exe
5836	PiS.exe
5836	PiS.exe
5836	PiS.exe
5836	PiS.exe
5836	PiS.exe
5836	PiS.exe
5836	PiS.exe
5836	PiS.exe
5836	PiS.exe
5836	PiS.exe
5836	PiS.exe
5836	PiS.exe
5836	PiS.exe
5836	PiS.exe
5836	PiS.exe
5836	PiS.exe
5836	PiS.exe
5836	PiS.exe
5836	PiS.exe
5836	PiS.exe
5836	PiS.exe
5836	PiS.exe
5836	PiS.exe
5836	PiS.exe
5836	PiS.exe
5836	PiS.exe
5836	PiS.exe
5836	PiS.exe
5836	PiS.exe
5836	PiS.exe
5836	PiS.exe
5836	PiS.exe
5836	PiS.exe
5836	PiS.exe
5836	PiS.exe
5836	PiS.exe
5836	PiS.exe
5836	PiS.exe
5836	PiS.exe
5836	PiS.exe
5836	PiS.exe
5836	PiS.exe
5836	PiS.exe
5836	PiS.exe
5836	PiS.exe
5836	PiS.exe
5836	PiS.exe
5836	PiS.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	6104	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	6104	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 40 IoCs

pid	Process
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
1124	JEM KEBABA.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1124	JEM KEBABA.exe
5836	PiS.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4988 wrote to memory of 3192	4988	msedge.exe	83
PID 4988 wrote to memory of 3192	4988	msedge.exe	83
PID 4988 wrote to memory of 3200	4988	msedge.exe	84
PID 4988 wrote to memory of 3200	4988	msedge.exe	84
PID 4988 wrote to memory of 3200	4988	msedge.exe	84
PID 4988 wrote to memory of 3200	4988	msedge.exe	84
PID 4988 wrote to memory of 3200	4988	msedge.exe	84
PID 4988 wrote to memory of 3200	4988	msedge.exe	84
PID 4988 wrote to memory of 3200	4988	msedge.exe	84
PID 4988 wrote to memory of 3200	4988	msedge.exe	84
PID 4988 wrote to memory of 3200	4988	msedge.exe	84
PID 4988 wrote to memory of 3200	4988	msedge.exe	84
PID 4988 wrote to memory of 3200	4988	msedge.exe	84
PID 4988 wrote to memory of 3200	4988	msedge.exe	84
PID 4988 wrote to memory of 3200	4988	msedge.exe	84
PID 4988 wrote to memory of 3200	4988	msedge.exe	84
PID 4988 wrote to memory of 3200	4988	msedge.exe	84
PID 4988 wrote to memory of 3200	4988	msedge.exe	84
PID 4988 wrote to memory of 3200	4988	msedge.exe	84
PID 4988 wrote to memory of 3200	4988	msedge.exe	84
PID 4988 wrote to memory of 3200	4988	msedge.exe	84
PID 4988 wrote to memory of 3200	4988	msedge.exe	84
PID 4988 wrote to memory of 3200	4988	msedge.exe	84
PID 4988 wrote to memory of 3200	4988	msedge.exe	84
PID 4988 wrote to memory of 3200	4988	msedge.exe	84
PID 4988 wrote to memory of 3200	4988	msedge.exe	84
PID 4988 wrote to memory of 3200	4988	msedge.exe	84
PID 4988 wrote to memory of 3200	4988	msedge.exe	84
PID 4988 wrote to memory of 3200	4988	msedge.exe	84
PID 4988 wrote to memory of 3200	4988	msedge.exe	84
PID 4988 wrote to memory of 3200	4988	msedge.exe	84
PID 4988 wrote to memory of 3200	4988	msedge.exe	84
PID 4988 wrote to memory of 3200	4988	msedge.exe	84
PID 4988 wrote to memory of 3200	4988	msedge.exe	84
PID 4988 wrote to memory of 3200	4988	msedge.exe	84
PID 4988 wrote to memory of 3200	4988	msedge.exe	84
PID 4988 wrote to memory of 3200	4988	msedge.exe	84
PID 4988 wrote to memory of 3200	4988	msedge.exe	84
PID 4988 wrote to memory of 3200	4988	msedge.exe	84
PID 4988 wrote to memory of 3200	4988	msedge.exe	84
PID 4988 wrote to memory of 3200	4988	msedge.exe	84
PID 4988 wrote to memory of 3200	4988	msedge.exe	84
PID 4988 wrote to memory of 3304	4988	msedge.exe	85
PID 4988 wrote to memory of 3304	4988	msedge.exe	85
PID 4988 wrote to memory of 4796	4988	msedge.exe	86
PID 4988 wrote to memory of 4796	4988	msedge.exe	86
PID 4988 wrote to memory of 4796	4988	msedge.exe	86
PID 4988 wrote to memory of 4796	4988	msedge.exe	86
PID 4988 wrote to memory of 4796	4988	msedge.exe	86
PID 4988 wrote to memory of 4796	4988	msedge.exe	86
PID 4988 wrote to memory of 4796	4988	msedge.exe	86
PID 4988 wrote to memory of 4796	4988	msedge.exe	86
PID 4988 wrote to memory of 4796	4988	msedge.exe	86
PID 4988 wrote to memory of 4796	4988	msedge.exe	86
PID 4988 wrote to memory of 4796	4988	msedge.exe	86
PID 4988 wrote to memory of 4796	4988	msedge.exe	86
PID 4988 wrote to memory of 4796	4988	msedge.exe	86
PID 4988 wrote to memory of 4796	4988	msedge.exe	86
PID 4988 wrote to memory of 4796	4988	msedge.exe	86
PID 4988 wrote to memory of 4796	4988	msedge.exe	86
PID 4988 wrote to memory of 4796	4988	msedge.exe	86
PID 4988 wrote to memory of 4796	4988	msedge.exe	86
PID 4988 wrote to memory of 4796	4988	msedge.exe	86
PID 4988 wrote to memory of 4796	4988	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1h03oDqKxddEXZmsOXZznyB2MdmlJ5lsG/view?usp=sharing
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8037e46f8,0x7ff8037e4708,0x7ff8037e4718
  2⤵
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,352875225519354292,14876982785377454040,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,352875225519354292,14876982785377454040,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,352875225519354292,14876982785377454040,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,352875225519354292,14876982785377454040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,352875225519354292,14876982785377454040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,352875225519354292,14876982785377454040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:908
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,352875225519354292,14876982785377454040,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:8
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,352875225519354292,14876982785377454040,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,352875225519354292,14876982785377454040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
  2⤵
  PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,352875225519354292,14876982785377454040,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,352875225519354292,14876982785377454040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,352875225519354292,14876982785377454040,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2060,352875225519354292,14876982785377454040,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5912 /prefetch:8
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,352875225519354292,14876982785377454040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2060,352875225519354292,14876982785377454040,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6116 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,352875225519354292,14876982785377454040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,352875225519354292,14876982785377454040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:3772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2060,352875225519354292,14876982785377454040,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5832 /prefetch:8
  2⤵
  PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,352875225519354292,14876982785377454040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,352875225519354292,14876982785377454040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:1
  2⤵
  PID:1100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,352875225519354292,14876982785377454040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6680 /prefetch:1
  2⤵
  PID:1472

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3528

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1180

C:\Users\Admin\AppData\Local\Temp\Temp1_JEM KEBABA.zip\JEM KEBABA.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_JEM KEBABA.zip\JEM KEBABA.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:1124

C:\Program Files (x86)\PiS\PiS.exe
"C:\Program Files (x86)\PiS\PiS.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5836
- C:\Program Files (x86)\PiS\protest.exe
  "C:\Program Files (x86)\PiS\protest.exe" hide
  2⤵
  PID:5340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://youtu.be/9OftFa5Ttvw
  2⤵
  PID:5508
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x100,0x128,0x7ff8037e46f8,0x7ff8037e4708,0x7ff8037e4718
    3⤵
    PID:5500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://youtu.be/9OftFa5Ttvw
  2⤵
  PID:5124
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8037e46f8,0x7ff8037e4708,0x7ff8037e4718
    3⤵
    PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://youtu.be/9OftFa5Ttvw
  2⤵
  PID:508
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8037e46f8,0x7ff8037e4708,0x7ff8037e4718
    3⤵
    PID:5008

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4b4 0x4fc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:6104

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:2352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\PiS\PiS.exe

Filesize
6.6MB

MD5
2fc86e2a5f3d0844c996356723cbb20e

SHA1
6948e7a1ae8a7943dee97138337598680c336ca3

SHA256
4f31069e1e43d4b830c820fca9c543f92e4916c87ed75f211e9eebe60b360e02

SHA512
b3991af7bb47b1f7d0c6fc642015ce3901dc787eebaf86f9333366a1ecf9f7e6e4e964e80b61bfd05b416465d980b53816b89386cbc0843ca15e85da33ea4880

Download Submit
C:\Program Files (x86)\PiS\protest.$$A

Filesize
4.6MB

MD5
b4518edd8bc4adbc29303e7cfd6496ac

SHA1
e6e69c4898eea0723cf1be61b2345f7c398c63c5

SHA256
cf84386dbfe0e86cebdad49a744cc1bb8706e3473e135131922284cccdc3bbb3

SHA512
8396b476be9cfeca30cf9cf2e7cef2e40b316648a36d0e917108092d4f1ae4fc128e8979afedc5c529fef113dd41d662a3ec55a2fded0901072df3c08cec3c6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e55832d7cd7e868a2c087c4c73678018

SHA1
ed7a2f6d6437e907218ffba9128802eaf414a0eb

SHA256
a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574

SHA512
897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c2d9eeb3fdd75834f0ac3f9767de8d6f

SHA1
4d16a7e82190f8490a00008bd53d85fb92e379b0

SHA256
1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66

SHA512
d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
49KB

MD5
7ca090d5f0c1a9e7d42edb60ad4ec5e8

SHA1
7278dcacb472ec8a27af7fbc6f8212b21e191042

SHA256
4039fef5575ba88350a109b2c8d9aa107f583acb6cbe2ac8e609071567c4cc76

SHA512
c4f2d23eacf74f87de8dea6e4532b120253bb9ad356341532f5e1aaf2ce90d137f46b50df7de5250bce4eca1fbfb74da088accd7c626fa853dc524abad7bfe8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
7263bfcfd7f3438dcba4214bde5f854a

SHA1
7e550794e83c3859b79216b0dcbb87ccc880c2a0

SHA256
2ffeca342d26b697ced2501ded9e78dc64c23568326176963c8cc859a8d279f6

SHA512
9b12bea3bd9250a862a2601548b7d8b86030a4544fc77f3308fb0b4fad506412e2ee670b48e5e6fd939de897169ae71cabcb05f3f2717ac06051ea5634af976a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a9389817e9c5d8f121644e8ae9287eb3

SHA1
ff3d5e8b092618f9f783f3b6bf127fdafea3f734

SHA256
16084508bf0f2882d14ee7bdbf69a9bc7525563ee7cc977d6f75a830b286f133

SHA512
8b9adaed13fa087621e22fd8804b12b4031b26f0bd0afc7fb8d9640323ffb265ff68c6dc73cfc8a3dea8ebb91210167f65ec1cab26c3a63171fbc46e08f9994b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
30fbbc2ee25095fd7c15a73ca5017874

SHA1
25c3580878f72070ff7e9a5d30834ab854b0d33d

SHA256
195430ea19f80766bf1b32abb2cf6c04830e42a76a9d38bfb9d7176fcc8de80d

SHA512
7171014da3bdf0ffbb261afa0fd37652a1684d7a82d634c968395ac6054bef324b76b441765812aeb8b35cd4d9757b04412b283761cdafe7ce03ab00284861b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a457301ba0d627fadf7a402969ed5f22

SHA1
e3f95374f5920809879c85eb1904239441affd30

SHA256
5700c8468ba04495dc664244d8548fef2e7945bad5c18da87773bf48566cd2bc

SHA512
7070f6b981ae5871e45408ebbc27ced1188d1b0bf3e2611d2916dc2396416286ef25cc8b65279a8f0418a5c201bb6ecd48ec75acb4adf6bf672506f85d37f85e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
38aa02b3d874b2210d85493402b0951e

SHA1
debb69d14a434f48c671d44cd750ea99a9dfa3df

SHA256
bca0dd66ac59b44e0bf8706e44681409f3af9772b6a4b910bcf249d94295d8c7

SHA512
1fc1c8a3e785c078e795e8f7ca304b8ed8650f7a810fb4b68d0a765c5910d5b319f2e04e29e64789c6b39631ceb63cdd1c19199a9a2b41e58b38ed58accc367c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5f5e2b2da2e49a0cb81cd5b0b31029d9

SHA1
c973ec70ccdcb5f84b25afa9ce7ffc8fa9f9337a

SHA256
6a3cff474ba964b1d692b2ed828975a3eb3c09b22027c34d4423779454cb912f

SHA512
3dcb1f3b4baa8630f0ddc30fb4275b578c973d2b9c8b3d946671a0f1b2dbf014115fe45786aa6e5efdb0695ec5398a26dfcf15784238233d5581694bca1e9c02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
429d9525bb4507c171e14350fdbcded5

SHA1
6dfb391bc1691d8e2dbb80e90101a144086efca9

SHA256
e9ea4c30e4ed9db8bddc420a2a7da8ad9dafab7689a702025971c8521aa43c9b

SHA512
4b2282054ca8cb0e52f182368cc53494b62e2bf2c1315a7e3eebdf192233ad67104737bb895d0f5444ac5017bd9fa734155f43f2928fdd8a950e7e3bdccc2060

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
c8d204d40ccf5d9780c30ccd4216a2c7

SHA1
32eb914fbc6e34707e007dfb77c59601caa5a2e2

SHA256
d6c4c696ac06f25de0d7e48b9a6052e86753f39af12cc5969afad8f615e7fb12

SHA512
875f1fdafcde40207048ada326cd4347656c8ed3492ecfdeb34802744de4c78f643b54f7f7033299ca66224e7c41357539377c932eee65cbcc757fc9cf45bb20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
d17d3b25336137119ea254549c4ed92a

SHA1
7baf5e987b2da6c6568d8a5b0f4af27746a2bf29

SHA256
80690ce67021600539fe44c5a0030b5149193f191f18e95c3c2878cc04d87ef0

SHA512
25f2b11288ab200ad4d0e61f7ee954d4763cae0935ead908a95163ce651e0a3d50fdb8bb0924a8e8682abca93a9b551ad6840d8aba87413f4113519d99f572ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
f0d065f6125f6419ff24ef5e9bf3ec5b

SHA1
9ae0ba6bb4b882427621f0842661d7536c75ea4c

SHA256
3e53ef5c0a2685503a9b5e07de784e5f2eeb5ef25840c53da31475658e2f182d

SHA512
5bc0157023616b396357601ba1a0ca0aa989ce511d37f652b6b0f37398e439e7494789aaf921b8191ba7f49071e738260397a7f74d8052550210c2a0b2e0d605

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58d906.TMP

Filesize
89B

MD5
43f52c23babe8e6cf9f78f69507d192f

SHA1
7cf62f0f40e8d3f8d08a7c1048a951d1a5ffffbc

SHA256
17643d804c06ad00c856130828349bd71963fa24b9e05e80699922e5eda93fbe

SHA512
f47ea7d0e288a7387394a41aefb1f4a1710661f84063d8dd62b8b5f842189437994f3a8191283cccbfd1cc2180eb46efd67ab9103dd0073ef01f24ac630130f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d8adb171c656e250244214877390b986

SHA1
b4f6dab19fec4530d9c979557be26089b2018306

SHA256
db2b9ffdfbfa28892d7d83d62b02e4b05bb4571594dc0b6ec9fb6a830f1c5b5d

SHA512
cb56967673957ce1022328607b62cb2f0af3e2a110752897d7bf352f275d05e0004f9a00bf13bf41fc7957b4f32ef9dfa64f078739bf9b7c46c52809f5d8da3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe591090.TMP

Filesize
1KB

MD5
0b04289536e882c0fbf756b3c88ecf0f

SHA1
983ddb5ca5dfc17977bf77753f0f7ba7dc42be5c

SHA256
097cbfe6190d1124c1fd88c6f12a5e6fe8eb2f15fa8a43218c02762a010c59da

SHA512
d43c5c4eb7b7693bf64fa6dbdfe63423b2ca263a91f8f3a0e905c53300d2a9f50392183b416ef805b430680f83606034e9373a4066ea3ebf69ea11a271bf9bd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2e904ac998de4c08c916122a28a60305

SHA1
3524ab282a402c5cdcb9c6b0d21e873548470c7f

SHA256
5af262c5d36780daa64fc487a560560ad2f91e9dde3457b601d4adfe80dc09a1

SHA512
8783e0e19d657f823f9fdbc71f96598424bc6d5b4b4ad53509a4c64fd2ecc9c5cbc4efa39923dc9ad189da6dc3a221e6b067df467e754e18f302489b569ded7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f5e2f7c19afbc0650236ffa0ffae817a

SHA1
0f8d920c75184551be37edec2f5d39a94ae3e035

SHA256
acf38f4dd2ac57ac67d68c4780c75e5d2dd631384ebccc33906ffbd624833538

SHA512
997aef3072401984cdfbf988da4b62b1127e754ff3389449d63a593ea9e89dbf6f1eb86e446a89baf60b3326bef49e640ca75a0f6581d45930130ef3ab1198db

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt9D74.tmp\DlgBox.mfx

Filesize
68KB

MD5
295ca479b2c1fd9115fc59a4d144d1b8

SHA1
c741f80e860704206f8e2844e12b2abf69375cb8

SHA256
1fc2ba30d7f321c05927a34d8cfa4d047ecf66075bb93f7f23d102dd221fda09

SHA512
a9f1b2d1524f54a788e6408d6b28232548db6373a3ed81ea316f70cf34cc2bb18c89dd8bb981164e199dd2aad6f393dac76799caf63a566867a5cc9ce6e1a92e

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt9D74.tmp\GetSetMasterVolume.mfx

Filesize
115KB

MD5
95bd1478d106476c63ed50dee89716cb

SHA1
e0f2ce64fdbd11bfe29792612761a137d61b3d6f

SHA256
5f83e1e1dca0b5937ede1c92db92493172e17f762abd9c5ab38f7072b73c17e0

SHA512
44550c7443166cc5f0d65a69d6d2e39522e4f5226a5801e00053294091e715877243e2927ad7f741e62c5f99998a9f89713854092a6fbcd2e0d1f3c0eae96507

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt9D74.tmp\HTML5.mfx

Filesize
28KB

MD5
94ba2e93d991571751af1d5d2686e247

SHA1
dfc1aa2eb5741094ff46e14f2a5f2d5b4b7a3a66

SHA256
80f73982c7162d04e95621b11d6a9ecfe0b79f6f678c3f09598d4d7fac72d839

SHA512
57c667b412b2320fb53ecc871de30895ca28f66ad7cdfa2a41d7daa635bf3474b81a1965f277710c824c3491bdca4fd20a8defb99f34eaea053e313a83c1228a

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt9D74.tmp\bigbox.mfx

Filesize
84KB

MD5
ad6530e01a4827fba383291847e33036

SHA1
6ec72ed182478c050807c0e3270974bf34304aaa

SHA256
a427377e56a804f82a5bcf07b7d5afae920f8bbda2dc5f52ce6a7f84448a8bb1

SHA512
33cccc49302f3c257a3ed3b9d3bf0b2dbb347ccba3b6196a01ac317f83c2bd47c5cb9bf47fb677374b95590d62f5626aaf246a318999a4b07c5ee60c4c4ac863

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt9D74.tmp\kcfile.mfx

Filesize
36KB

MD5
55d486fc27c48ca0fdc5884e88b03328

SHA1
fa60040768ab771e4278e4a618d33200a1089a6d

SHA256
078791005076d62c0bd25678577045ef9f67b683b84f942eb9c6af09a4738c46

SHA512
7bac2e151bce223adfe810e8fd409545c8b169711add24c6d5a4c5c2d58caef2f196ca4aaedeb80dcbfa8307d79e85c43601e8c18d318a34283457946671b573

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt9D74.tmp\kcwctrl.mfx

Filesize
12KB

MD5
14e1d33e5c9db83a0dc3101f712b2802

SHA1
37eb0cfc5336681275b9c4e0badc7e25018336bb

SHA256
2f0f00f42917792c0c3ae4640009dedee3c96408173211e44cbbdd6a04f4afad

SHA512
0c0524b2a2b4f64592bd96486cac5f080adbe8971c8d84d6d240656420c01bcb53d12044a8fab220ab5ec34d3978a81e1d2cc76306153a176a57e88a035372a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt9D74.tmp\mmf2d3d9.dll

Filesize
1.1MB

MD5
22284d6bb382967ff72363f828050e13

SHA1
5c98e25d24aacafffded9353c9526be0128c6dbd

SHA256
9eaa342059785bd584df956574c637e6d0e6016a099221a56e0397f8c86cd93f

SHA512
2e5a5bf115b1d2a07d0647b6f4925ab84301ca6354e3f3beb8d44f51900ff21b06b97b23128160fd94dfd33116d03094ca47c49143ae98473eaaed441f9705b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt9D74.tmp\mmfs2.dll

Filesize
459KB

MD5
4cf7bb74d8104280b7e986f4df21109d

SHA1
edc21a43136afddbf4786593e84b934d40591b74

SHA256
c0d56cefb509e5600ac6b430adcaf53b81881d3fff4e62b7ede158d66d826622

SHA512
2bbac48354657659795697e67508d777ee595348e1fb3d4b6c65d8618c346b3be0052b1e2e2fe669dcca19c3c00d59d1833acc21d88a97efbde2694935e3c292

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt9D74.tmp\mp3flt.sft

Filesize
24KB

MD5
7beafd3ec0c36a1422387c43c49f68ff

SHA1
240e7d8534ed25dffb902a969826f4300a88dde6

SHA256
cd5bd7cc59eaf42bc0edf418ce6f077f9db369d5e3c414107b82492a877a6176

SHA512
44101803bd757bb7a84577aa1c087472a619da732dcdb3947b683cd7a7df30931e4c9973e06532859f9654c4ad3635db205e41fc7214a0f52537be91e87b2734

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrtBD5F.tmp\AdvTray.mfx

Filesize
98KB

MD5
d9fb3b5fc60d04f33fadd47837075f6b

SHA1
be072dfc05ae9bf0e5f55d967b7b6cfb9c973fc6

SHA256
eab82ab6dae40b99d5170a003d7b406c3e362ca1372fc3567a716c1f2c0807a5

SHA512
bb206d30b22f81eaa4329a26cbf673c66153a79ce497e87b035eb872822105e2466857f83fea193ad1980e2e2852ea892f302a0083842caf54812d5ad41af82d

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 151716.crdownload

Filesize
20.0MB

MD5
5e80d767843d3b8eb353130c2c2ae8c2

SHA1
4723fbf64489fcc0619d95b1201993d1ecd366e5

SHA256
b53e39feda707fc487e520b980a69a5413b37ab902e58b455f6e01d17bc1dc61

SHA512
a08c02e4d5596300caa6ee500de664b4af80d9f7dbd9bb28dd47c081564715dfd971f39b13de90da50176d023550bf151cef68d8dacc4e1f8e112b2e5565515f

Download Submit
memory/5340-274-0x0000000001460000-0x000000000147D000-memory.dmp

Filesize
116KB

Download
memory/5836-212-0x0000000000E50000-0x0000000000E73000-memory.dmp

Filesize
140KB

Download