994d6a3c00f42e919b596a6234346a095521ce84013474aa462570aa49b0e3da

Analysis

max time kernel
854s
max time network
861s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
16/01/2025, 13:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Malware-1-master/MEMZ-Clean.bat
Size

9KB
MD5

bbae81b88416d8fba76dd3145a831d19
SHA1

42fa0e1b90ad49f66d4ab96c8cca02f81248da8b
SHA256

5c3fde60c178ed0306dd3e396032acdc9bc55c690e27a926923dd18238bbd64c
SHA512

f03ac63bbb504cb53dc896c2bec8666257034b1c4a5827a4ad75c434af05f1cd631a814cc8689e60210e4ca757e61390db8d222f05bf9f3a0fa7026bdf8c4368
SSDEEP

192:XBOTDzoOgdlf7MAdTyQuHq2b1vXei2SLca5icrLJlz3:ss/tDyQuHZddL5Jlz3

Score

7^/10

discovery execution

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
980	MEMZ.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
788	msedge.exe
788	msedge.exe
2092	msedge.exe
2092	msedge.exe
4660	msedge.exe
4660	msedge.exe
2156	identity_helper.exe
2156	identity_helper.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4404 wrote to memory of 3276	4404	cmd.exe	78
PID 4404 wrote to memory of 3276	4404	cmd.exe	78
PID 4404 wrote to memory of 980	4404	cmd.exe	79
PID 4404 wrote to memory of 980	4404	cmd.exe	79
PID 4404 wrote to memory of 980	4404	cmd.exe	79
PID 980 wrote to memory of 2092	980	MEMZ.exe	80
PID 980 wrote to memory of 2092	980	MEMZ.exe	80
PID 2092 wrote to memory of 1448	2092	msedge.exe	81
PID 2092 wrote to memory of 1448	2092	msedge.exe	81
PID 2092 wrote to memory of 4524	2092	msedge.exe	82
PID 2092 wrote to memory of 4524	2092	msedge.exe	82
PID 2092 wrote to memory of 4524	2092	msedge.exe	82
PID 2092 wrote to memory of 4524	2092	msedge.exe	82
PID 2092 wrote to memory of 4524	2092	msedge.exe	82
PID 2092 wrote to memory of 4524	2092	msedge.exe	82
PID 2092 wrote to memory of 4524	2092	msedge.exe	82
PID 2092 wrote to memory of 4524	2092	msedge.exe	82
PID 2092 wrote to memory of 4524	2092	msedge.exe	82
PID 2092 wrote to memory of 4524	2092	msedge.exe	82
PID 2092 wrote to memory of 4524	2092	msedge.exe	82
PID 2092 wrote to memory of 4524	2092	msedge.exe	82
PID 2092 wrote to memory of 4524	2092	msedge.exe	82
PID 2092 wrote to memory of 4524	2092	msedge.exe	82
PID 2092 wrote to memory of 4524	2092	msedge.exe	82
PID 2092 wrote to memory of 4524	2092	msedge.exe	82
PID 2092 wrote to memory of 4524	2092	msedge.exe	82
PID 2092 wrote to memory of 4524	2092	msedge.exe	82
PID 2092 wrote to memory of 4524	2092	msedge.exe	82
PID 2092 wrote to memory of 4524	2092	msedge.exe	82
PID 2092 wrote to memory of 4524	2092	msedge.exe	82
PID 2092 wrote to memory of 4524	2092	msedge.exe	82
PID 2092 wrote to memory of 4524	2092	msedge.exe	82
PID 2092 wrote to memory of 4524	2092	msedge.exe	82
PID 2092 wrote to memory of 4524	2092	msedge.exe	82
PID 2092 wrote to memory of 4524	2092	msedge.exe	82
PID 2092 wrote to memory of 4524	2092	msedge.exe	82
PID 2092 wrote to memory of 4524	2092	msedge.exe	82
PID 2092 wrote to memory of 4524	2092	msedge.exe	82
PID 2092 wrote to memory of 4524	2092	msedge.exe	82
PID 2092 wrote to memory of 4524	2092	msedge.exe	82
PID 2092 wrote to memory of 4524	2092	msedge.exe	82
PID 2092 wrote to memory of 4524	2092	msedge.exe	82
PID 2092 wrote to memory of 4524	2092	msedge.exe	82
PID 2092 wrote to memory of 4524	2092	msedge.exe	82
PID 2092 wrote to memory of 4524	2092	msedge.exe	82
PID 2092 wrote to memory of 4524	2092	msedge.exe	82
PID 2092 wrote to memory of 4524	2092	msedge.exe	82
PID 2092 wrote to memory of 4524	2092	msedge.exe	82
PID 2092 wrote to memory of 4524	2092	msedge.exe	82
PID 2092 wrote to memory of 788	2092	msedge.exe	83
PID 2092 wrote to memory of 788	2092	msedge.exe	83
PID 2092 wrote to memory of 4308	2092	msedge.exe	84
PID 2092 wrote to memory of 4308	2092	msedge.exe	84
PID 2092 wrote to memory of 4308	2092	msedge.exe	84
PID 2092 wrote to memory of 4308	2092	msedge.exe	84
PID 2092 wrote to memory of 4308	2092	msedge.exe	84
PID 2092 wrote to memory of 4308	2092	msedge.exe	84
PID 2092 wrote to memory of 4308	2092	msedge.exe	84
PID 2092 wrote to memory of 4308	2092	msedge.exe	84
PID 2092 wrote to memory of 4308	2092	msedge.exe	84
PID 2092 wrote to memory of 4308	2092	msedge.exe	84
PID 2092 wrote to memory of 4308	2092	msedge.exe	84
PID 2092 wrote to memory of 4308	2092	msedge.exe	84
PID 2092 wrote to memory of 4308	2092	msedge.exe	84

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Clean.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:4404
- C:\Windows\system32\cscript.exe
  cscript x.js
  2⤵
  PID:3276
- C:\Users\Admin\AppData\Roaming\MEMZ.exe
  "C:\Users\Admin\AppData\Roaming\MEMZ.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:980
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+get+money
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:2092
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffda8f13cb8,0x7ffda8f13cc8,0x7ffda8f13cd8
      4⤵
      PID:1448
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1808,3027082800911738076,8131781581136854977,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1840 /prefetch:2
      4⤵
      PID:4524
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1808,3027082800911738076,8131781581136854977,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:788
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1808,3027082800911738076,8131781581136854977,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
      4⤵
      PID:4308
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,3027082800911738076,8131781581136854977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:1
      4⤵
      PID:904
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,3027082800911738076,8131781581136854977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
      4⤵
      PID:3356
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,3027082800911738076,8131781581136854977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
      4⤵
      PID:4120
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,3027082800911738076,8131781581136854977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
      4⤵
      PID:4604
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,3027082800911738076,8131781581136854977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
      4⤵
      PID:3620
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,3027082800911738076,8131781581136854977,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
      4⤵
      PID:780
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,3027082800911738076,8131781581136854977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:1
      4⤵
      PID:4432
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,3027082800911738076,8131781581136854977,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
      4⤵
      PID:4896
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1808,3027082800911738076,8131781581136854977,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4660
  - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1808,3027082800911738076,8131781581136854977,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6160 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2156
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,3027082800911738076,8131781581136854977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1924 /prefetch:1
      4⤵
      PID:4612
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1808,3027082800911738076,8131781581136854977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
      4⤵
      PID:3884
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1808,3027082800911738076,8131781581136854977,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4904 /prefetch:2
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4768
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=batch+virus+download
    3⤵
    PID:2684
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffda8f13cb8,0x7ffda8f13cc8,0x7ffda8f13cd8
      4⤵
      PID:3376

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1fc959921446fa3ab5813f75ca4d0235

SHA1
0aeef3ba7ba2aa1f725fca09432d384b06995e2a

SHA256
1b1e89d3b2f3da84cc8494d07cf0babc472c426ccb1c4ae13398243360c9d02c

SHA512
899d1e1b0feece25ac97527daddcaaeb069cb428532477849eba43a627502c590261f2c26fef31e4e20efd3d7eb0815336a784c4d2888e05afcf5477af872b06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e9a2c784e6d797d91d4b8612e14d51bd

SHA1
25e2b07c396ee82e4404af09424f747fc05f04c2

SHA256
18ddbb93c981d8006071f9d26924ce3357cad212cbb65f48812d4a474c197ce6

SHA512
fc35688ae3cd448ed6b2069d39ce1219612c54f5bb0dd7b707c9e6f39450fe9fb1338cf5bd0b82a45207fac2fbab1e0eae77e5c9e6488371390eab45f76a5df1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
215KB

MD5
d474ec7f8d58a66420b6daa0893a4874

SHA1
4314642571493ba983748556d0e76ec6704da211

SHA256
553a19b6f44f125d9594c02231e4217e9d74d92b7065dc996d92f1e53f6bcb69

SHA512
344062d1be40db095abb7392b047b16f33ea3043158690cf66a2fa554aa2db79c4aa68de1308f1eddf6b9140b9ac5de70aad960b4e8e8b91f105213c4aace348

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
9e3fdff46d802262b68534794377d4c9

SHA1
1ed40bc6d084356d441071351b1f1a6f321fdbaf

SHA256
0af6a6fd568913e6ef710abd939204d14155fcda79901bac4677b85bdeb9b7ba

SHA512
1c8cc23d889bde8e9bb8bb9c632ed1ade6205eef1f6e5e4328b71c2c66e6c1078a28708e77f2f3e13b56b3b7048577536ceb7479827b8970729631a8cd0ea8a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
eafe9ba4d6c32c09020753d1ffea9ffe

SHA1
ea2a2839022704caa8954d055e996e2930b028e6

SHA256
6d6f823e64d87171775bd0f81e8d1773466b36a17dc14318d28bc5f93e24aaad

SHA512
bbf048f892cc9e39048301eb435c68737ad554a1384cd580892b59db7b59542a0a25ead7c289b4c19aedf501cd4f06977b89d796629f384acd87025822bfc8d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
815B

MD5
e809e0ee7b6f058d03fb122d602bf02b

SHA1
a6383d25c412651743336ec15c678b547d1a7c8e

SHA256
8b225d0c1dc042e9539492930183c37303839322067bbd6e378d89efcec20fbb

SHA512
f60f623b9965298ebf8377bbaaf8ccbf3c35a493a7ac9ae70bff9ea6733629ec0cbcacb223c8625468c16c8c613382e6a67c347ee96552ba709a2cb2fae32a03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
815B

MD5
3238bcad307808895a0178ea31427c33

SHA1
ef48ba25dc1d1ffe9d1eadb1f4420db11e9867c8

SHA256
4fa3c17b08e15713b73e7106269808a0ffc73b406012d85da2da549d45b8a0a3

SHA512
2663d73c3142702b5356998481c1d03e3e60f513c15836d22d37fd3a004d864f505a63edc4af963206de1f8a27abe0e0180edb5643a7ee5ae27122ec3443fcaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9f5036b78f4395420283f3603a8940d4

SHA1
fa996e68653a7a714d4b14800ad236d467c58396

SHA256
504646c6f96bb6c7cda6ef216d20857a080323ca3fcc44fc8ac2991c44170aef

SHA512
abfb7dcf70a721a94d0b016c3d02cb1f8359cec90c2fa7704ec47768d49cb87a52f2c026c20bc9d5767e2d21c40da283f724cb8b382ed332822c9f05766a41a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
13d9b3ae7cb6b6c2cce09ae83a3db3ff

SHA1
a7371a0835a61b146c2ded6e2335ca98abd5896f

SHA256
7a80fcdca3375c76d58ea18a003c5ea45acda32778560f62b733d3d9eb9b6638

SHA512
0a69e5be5b6078174943c9d7f9892f335402decb0144c6b74b72ae1fab05721a29038ad914eef4734d6c35b75d9e946992bad9fd20309cd7d29fc2bbe7c6b96c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b9dd89e4c4c6ccdc13c940bee3da3680

SHA1
82692c1ebecf231a82863a90bb4f5957a558f2e6

SHA256
e3b40c42f5fdb49c64054020138e7a659818320eaffb1b0894f9a73abd37251b

SHA512
a01de26a24b049bbe4871b9cd00164a57c15e8a8d14b2bbd3f78b62cc756b58690d43993e5ae72a000ca2c7c547f06b3e2dd5c49a4fa5536d048ccacb474c528

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
baf6f80042232640247e3b98f4a9ca9a

SHA1
f7823af27473149430139f3da16e6d31f3480586

SHA256
4f854b7cf7eb9bc8d774ec9c7c4c246b8d2649398abb683bf3ec13d0182aa086

SHA512
c3f44e19e4af57fb6b8a33af1b01f89dd4147d58c0cf99de9a5a6de7e39fd1e1989f6671c6f0157fe17070e4a833f0c9a29b6411d18278d42dcac8bf815494fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
636d4e5f7a2f0dbfb56531751531aeb3

SHA1
1e046dbe55d79b740ab512fe694699bf4864dae0

SHA256
d51d149dc8dcb8359c80e3426bc18a1f4bab377cfe7fde6e32ceada7b8a5edc6

SHA512
07259d23479c991c53bd92a710d6519d6e420f944ad83d65f236f2e4cdcfcb4b2e4e8f36776d30f5495ffbbbaf7110defa42ed2666793025ff6329f81c89b11e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
19e3de2dda464f6a5557caea711b0dcb

SHA1
10d3b3238d91083a988eac1dc72d93c291bcb339

SHA256
a7b82fd4748cfa608026a5cd1580642c832e74853da340a7cd381ea7b44a7281

SHA512
1e427b9c945cda2bdfaebbfda3921c21530d7ab247140d191bfedc5cb24e5adfaa6f0f9f50d5dac65a13800a5571d1543562d5884b8d30774d2564adc3dc694e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Malware-1-master\x

Filesize
8KB

MD5
5ce1a2162bf5e16485f5e263b3cc5cf5

SHA1
e9ec3e06bef08fcf29be35c6a4b2217a8328133c

SHA256
0557ea4c5e309b16458ca32ac617b76d1a55f5f0103e368d05c0f0386b7a0a43

SHA512
ceb5e270bdbcab5be645e50705e3111a5c4751a7a865580d53fa86580025201264a49dd0ea9135b10cff28d7bb21b767ac5d4aff40e880a866ab35df273b5de1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Malware-1-master\x

Filesize
4KB

MD5
20e335859ff991575cf1ddf538e5817c

SHA1
1e81b804d67d6c0e22c0cef7e1cb9f86ce0ef5ee

SHA256
88339750431112ed60cdf9bdb7697434ba9b38e2d15ad604c4462705bc1bdfcf

SHA512
012251b342722cf35ebec2c7d071db505a992d81fc4b3492cd87640b5c955dc084825fc5e72edc821f4c481867183f21d26cd904fe7f0373d1156332f87b031d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Malware-1-master\x.js

Filesize
448B

MD5
8eec8704d2a7bc80b95b7460c06f4854

SHA1
1b34585c1fa7ec0bd0505478ac9dbb8b8d19f326

SHA256
aa01b8864b43e92077a106ed3d4656a511f3ba1910fba40c78a32ee6a621d596

SHA512
e274b92810e9a30627a65f87448d784967a2fcfbf49858cbe6ccb841f09e0f53fde253ecc1ea0c7de491d8cc56a6cf8c79d1b7c657e72928cfb0479d11035210

Download Submit
C:\Users\Admin\AppData\Local\Temp\Malware-1-master\z.zip

Filesize
5KB

MD5
d2ea024b943caa1361833885b832d20b

SHA1
1e17c27a3260862645bdaff5cf82c44172d4df9a

SHA256
39df3364a3af6f7d360aa7e1345e27befc4be960e0e7e7e060b20f3389b80e76

SHA512
7b7cfb5e689feed6a52eedf36b89a7b5cc411191571c0af5e5d704b5f24bfa04afa62d1daab159a7e5702d80e56f3946bf32db0551d256419ca12cd3c57dcecb

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe

Filesize
12KB

MD5
9c642c5b111ee85a6bccffc7af896a51

SHA1
eca8571b994fd40e2018f48c214fab6472a98bab

SHA256
4bbf7589615ebdb6c769d6d2e7bdcb26072bac0cda6e225a4133ba8819e688d5

SHA512
23cc74b5a7bdf70ba789d1730a0009414cfb9c780544e3d8d841be58782b9a9a089969c4295a0da25d07285505992386486d6ff0524e75605b96bb99cd3aaa1c

Download Submit