2ca4803498d7d375a61bfab2a3a4cf7e0eec41d116e50a838791a55b164e0f8c

Resubmissions

13/02/2025, 01:26

250213-btppra1pcz 10

17/01/2025, 20:14

17/01/2025, 20:12

17/01/2025, 17:25

17/01/2025, 17:21

17/01/2025, 14:16

17/01/2025, 14:12

16/01/2025, 12:52

Analysis

max time kernel
141s
max time network
147s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250113-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
17/01/2025, 20:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Malware-1-master/MEMZ-Clean.bat
Size

9KB
MD5

bbae81b88416d8fba76dd3145a831d19
SHA1

42fa0e1b90ad49f66d4ab96c8cca02f81248da8b
SHA256

5c3fde60c178ed0306dd3e396032acdc9bc55c690e27a926923dd18238bbd64c
SHA512

f03ac63bbb504cb53dc896c2bec8666257034b1c4a5827a4ad75c434af05f1cd631a814cc8689e60210e4ca757e61390db8d222f05bf9f3a0fa7026bdf8c4368
SSDEEP

192:XBOTDzoOgdlf7MAdTyQuHq2b1vXei2SLca5icrLJlz3:ss/tDyQuHZddL5Jlz3

Score

7^/10

discovery execution

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
704	MEMZ.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\751c4bc0-8b98-4de0-a749-8c58cb0013f0.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20250117201740.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4708	msedge.exe
4708	msedge.exe
5052	msedge.exe
5052	msedge.exe
2956	identity_helper.exe
2956	identity_helper.exe
1392	msedge.exe
1392	msedge.exe
3864	msedge.exe
3864	msedge.exe
2336	identity_helper.exe
2336	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe

Suspicious use of FindShellTrayWindow 37 IoCs

pid	Process
388	cscript.exe
704	MEMZ.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2792 wrote to memory of 388	2792	cmd.exe	81
PID 2792 wrote to memory of 388	2792	cmd.exe	81
PID 2792 wrote to memory of 704	2792	cmd.exe	82
PID 2792 wrote to memory of 704	2792	cmd.exe	82
PID 2792 wrote to memory of 704	2792	cmd.exe	82
PID 704 wrote to memory of 5052	704	MEMZ.exe	85
PID 704 wrote to memory of 5052	704	MEMZ.exe	85
PID 5052 wrote to memory of 4148	5052	msedge.exe	86
PID 5052 wrote to memory of 4148	5052	msedge.exe	86
PID 5052 wrote to memory of 2960	5052	msedge.exe	87
PID 5052 wrote to memory of 2960	5052	msedge.exe	87
PID 5052 wrote to memory of 2960	5052	msedge.exe	87
PID 5052 wrote to memory of 2960	5052	msedge.exe	87
PID 5052 wrote to memory of 2960	5052	msedge.exe	87
PID 5052 wrote to memory of 2960	5052	msedge.exe	87
PID 5052 wrote to memory of 2960	5052	msedge.exe	87
PID 5052 wrote to memory of 2960	5052	msedge.exe	87
PID 5052 wrote to memory of 2960	5052	msedge.exe	87
PID 5052 wrote to memory of 2960	5052	msedge.exe	87
PID 5052 wrote to memory of 2960	5052	msedge.exe	87
PID 5052 wrote to memory of 2960	5052	msedge.exe	87
PID 5052 wrote to memory of 2960	5052	msedge.exe	87
PID 5052 wrote to memory of 2960	5052	msedge.exe	87
PID 5052 wrote to memory of 2960	5052	msedge.exe	87
PID 5052 wrote to memory of 2960	5052	msedge.exe	87
PID 5052 wrote to memory of 2960	5052	msedge.exe	87
PID 5052 wrote to memory of 2960	5052	msedge.exe	87
PID 5052 wrote to memory of 2960	5052	msedge.exe	87
PID 5052 wrote to memory of 2960	5052	msedge.exe	87
PID 5052 wrote to memory of 2960	5052	msedge.exe	87
PID 5052 wrote to memory of 2960	5052	msedge.exe	87
PID 5052 wrote to memory of 2960	5052	msedge.exe	87
PID 5052 wrote to memory of 2960	5052	msedge.exe	87
PID 5052 wrote to memory of 2960	5052	msedge.exe	87
PID 5052 wrote to memory of 2960	5052	msedge.exe	87
PID 5052 wrote to memory of 2960	5052	msedge.exe	87
PID 5052 wrote to memory of 2960	5052	msedge.exe	87
PID 5052 wrote to memory of 2960	5052	msedge.exe	87
PID 5052 wrote to memory of 2960	5052	msedge.exe	87
PID 5052 wrote to memory of 2960	5052	msedge.exe	87
PID 5052 wrote to memory of 2960	5052	msedge.exe	87
PID 5052 wrote to memory of 2960	5052	msedge.exe	87
PID 5052 wrote to memory of 2960	5052	msedge.exe	87
PID 5052 wrote to memory of 2960	5052	msedge.exe	87
PID 5052 wrote to memory of 2960	5052	msedge.exe	87
PID 5052 wrote to memory of 2960	5052	msedge.exe	87
PID 5052 wrote to memory of 2960	5052	msedge.exe	87
PID 5052 wrote to memory of 2960	5052	msedge.exe	87
PID 5052 wrote to memory of 2960	5052	msedge.exe	87
PID 5052 wrote to memory of 4708	5052	msedge.exe	88
PID 5052 wrote to memory of 4708	5052	msedge.exe	88
PID 5052 wrote to memory of 1084	5052	msedge.exe	89
PID 5052 wrote to memory of 1084	5052	msedge.exe	89
PID 5052 wrote to memory of 1084	5052	msedge.exe	89
PID 5052 wrote to memory of 1084	5052	msedge.exe	89
PID 5052 wrote to memory of 1084	5052	msedge.exe	89
PID 5052 wrote to memory of 1084	5052	msedge.exe	89
PID 5052 wrote to memory of 1084	5052	msedge.exe	89
PID 5052 wrote to memory of 1084	5052	msedge.exe	89
PID 5052 wrote to memory of 1084	5052	msedge.exe	89
PID 5052 wrote to memory of 1084	5052	msedge.exe	89
PID 5052 wrote to memory of 1084	5052	msedge.exe	89
PID 5052 wrote to memory of 1084	5052	msedge.exe	89
PID 5052 wrote to memory of 1084	5052	msedge.exe	89

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Clean.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2792
- C:\Windows\system32\cscript.exe
  cscript x.js
  2⤵
  - Suspicious use of FindShellTrayWindow
  PID:388
- C:\Users\Admin\AppData\Roaming\MEMZ.exe
  "C:\Users\Admin\AppData\Roaming\MEMZ.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:704
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:5052
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7fff614e46f8,0x7fff614e4708,0x7fff614e4718
      4⤵
      PID:4148
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,14192821165491997149,1806182753654965673,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
      4⤵
      PID:2960
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,14192821165491997149,1806182753654965673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4708
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,14192821165491997149,1806182753654965673,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
      4⤵
      PID:1084
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14192821165491997149,1806182753654965673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
      4⤵
      PID:5004
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14192821165491997149,1806182753654965673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
      4⤵
      PID:4764
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14192821165491997149,1806182753654965673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
      4⤵
      PID:1336
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14192821165491997149,1806182753654965673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
      4⤵
      PID:1972
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,14192821165491997149,1806182753654965673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5820 /prefetch:8
      4⤵
      PID:1724
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
      4⤵
      Drops file in Program Files directory
      PID:752
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff675585460,0x7ff675585470,0x7ff675585480
        5⤵
        
        PID:2568
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,14192821165491997149,1806182753654965673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5820 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2956
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2136,14192821165491997149,1806182753654965673,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3896 /prefetch:8
      4⤵
      PID:4416
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14192821165491997149,1806182753654965673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
      4⤵
      PID:4268
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14192821165491997149,1806182753654965673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
      4⤵
      PID:2328
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14192821165491997149,1806182753654965673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
      4⤵
      PID:1412
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14192821165491997149,1806182753654965673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1
      4⤵
      PID:3204
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,14192821165491997149,1806182753654965673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:1
      4⤵
      PID:4716
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+2016
    3⤵
    PID:1348
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7fff614e46f8,0x7fff614e4708,0x7fff614e4718
      4⤵
      PID:1912

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3204

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7fff614e46f8,0x7fff614e4708,0x7fff614e4718
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,8607926584669410251,1406970812539374637,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2
  2⤵
  PID:328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,8607926584669410251,1406970812539374637,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,8607926584669410251,1406970812539374637,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3076 /prefetch:8
  2⤵
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,8607926584669410251,1406970812539374637,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,8607926584669410251,1406970812539374637,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2208,8607926584669410251,1406970812539374637,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4496 /prefetch:8
  2⤵
  PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,8607926584669410251,1406970812539374637,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,8607926584669410251,1406970812539374637,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,8607926584669410251,1406970812539374637,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,8607926584669410251,1406970812539374637,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,8607926584669410251,1406970812539374637,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3628 /prefetch:8
  2⤵
  PID:856
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,8607926584669410251,1406970812539374637,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3628 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,8607926584669410251,1406970812539374637,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3660 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,8607926584669410251,1406970812539374637,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,8607926584669410251,1406970812539374637,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,8607926584669410251,1406970812539374637,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:5144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,8607926584669410251,1406970812539374637,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:5152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,8607926584669410251,1406970812539374637,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1
  2⤵
  PID:5332

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:940

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
20ce33649b0aa2e62230849d9203743c

SHA1
0a13c95b6bfec75d3dd58a57bdb07eb44d8d6561

SHA256
482bd738c304fb1f7fafcf92f313f1faccf57164c944c38ae8d6d4727164d72c

SHA512
332cf2a0a7fe494643b00ca829d0f49e9f0835f158dbc37ada16564a55eb60ccb1cee20e91f1caffa0a0229b85e43da41f508a356c36d9109cd8c3beae2a5620

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
78789c91e16d10f550331b6172ea4751

SHA1
aee25d6d200d75e8a0f753f888d19545278999c6

SHA256
b91a0fcd45635ad28ba63d3c214d22a8c58f33965a8fff5aa72bff0bbe65fb24

SHA512
ba1c51d05f1165e2044b94edf8520af3c20bde4eac62b730714da8a484ca691fddaa2f436debf78f60c4e60aab2f4cb2ced8448531b3bf2731d206af4863f815

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c8291b39b8a1ad15fdcbab5adec0e13b

SHA1
b49166de523962be4206c0fa79e50c891d299976

SHA256
1d163b3072151f3d999ef02e4650d3326f292fcf418777be50954bc88b290044

SHA512
363dd77628689ef6e100365e4af75a41ab572e174fe37cc984aa36c613a0b8a5879fd005b8677cc798f44efa0ebf7c9917b63ec4463c324d9330039fc12f94d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
66006e791e16c811cb5438515d2001e7

SHA1
0fa6bb2e6a10d494aaf8930e92ce564a2da9ca95

SHA256
b98a85928faa45d03809fd4d9410f8ad4c50c2e5917ec01ce6c1c52e1f99f150

SHA512
463cdd5f6325fcc1e963dd1ced63bd11652b31613b3b09b6934aa63df61c0eb841d3e2107270c54d3816079d6bbf09841a50a0008f89664d76f612f16b226b68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9afded6f39432d038ececf0d9ea11ab4

SHA1
ebab96a90ff8c49657723535c848a71ed3f13c25

SHA256
8f556cee77226abeb2227342f6a4e67850b12be610b9107c370cfb78fe9292db

SHA512
8f52f4259aae83f32f49ad46c5d93b2586bc604ccfee6ee3b3aaa3c562fbaf7143f10340dd22a6de08903c5efb20e0368dd57f6f06bfac0d0df459297d37e31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
41KB

MD5
3bc2b6052ff1b9feff010ae9d919c002

SHA1
dd7da7b896641e71dca655640357522f8112c078

SHA256
483a3494759a05772019e091d3d8e5dc429d098c30007d430639926c3ffa16e5

SHA512
0b1632b73fd87e8e634922b730f83b7950e9a39697a46a3429f0bebb3f1ebd14c815a4651ee8f663a437d00ecbeb6ddaa47b2fcad719777edf1b1de8a7cad0f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
215KB

MD5
d474ec7f8d58a66420b6daa0893a4874

SHA1
4314642571493ba983748556d0e76ec6704da211

SHA256
553a19b6f44f125d9594c02231e4217e9d74d92b7065dc996d92f1e53f6bcb69

SHA512
344062d1be40db095abb7392b047b16f33ea3043158690cf66a2fa554aa2db79c4aa68de1308f1eddf6b9140b9ac5de70aad960b4e8e8b91f105213c4aace348

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0e3ad5a80ba7db88_0

Filesize
19KB

MD5
041c7546bf7a920396b8c084c0a4525e

SHA1
8ad03e39d31da2f85a26438fc40e6cbbdc1178af

SHA256
7bbdb2b5f5ed6935dd1696e9315a2fa2507e4da5ac10bc02051656a6fd20bc84

SHA512
d23991fbe34eedde62ccd151cb2d2b1171ee8682ade3d8920fc7946640d3a13b96e0922335c1455069e22dbba8005f4ac60ce72271b1aa5eb42c1647b9375869

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c0afe0d14969413a_0

Filesize
289B

MD5
c4f4b8daa9568d6fe14b063e5e22fae5

SHA1
01cc821d69f192b6a61cb4f9319bdc11f14f9a1e

SHA256
28bb38fad5d2d3fab0d3f834ab88dbbd0d8e76b50ea3b2b9b71300d1911f421b

SHA512
380ef857ad707999ec6db81d23f030ae6278d27371660326ac0665142f7b89ca5bc536f44d913193cd9d37fc9d2a281f9b68d071e9fae434f05e47fd5b5860e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d67bb0f86ea10030_0

Filesize
616KB

MD5
3dacd039e576bc5fcfbf3514c24db74b

SHA1
5f73330bee3970d9b420dcf9ac7b7f661f559a09

SHA256
fcb7705083f19b58ff43eb5b6b10fcfef37f16d039ca6edb56a3c8447d5d78ba

SHA512
9d69c622ea892c7d2a672a72b9419025a83685e3b230bc445d85ae089e863c08ac3ea32c6f183abb00e0844b20b58d7bb387e1d1e93868da8ef41f87f171cd13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
ac3c2e037e450d830e9acc4e895a83ab

SHA1
4e6c44e3cb739657241de616bd75c908bda7f7ff

SHA256
24ae8e403c881274dd14b262712be84f7ae040f6365bcc38328dabafd9abce85

SHA512
58d8c453ca3fd43bbaf6dee1ecb5267beb26269b82db96771cfbd82ace4cb4ad8e3330e5c740e0b4cd893f3ba169ae7871cd7bbb2223cc28e4df589d32617390

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
a2923f643ded6bf38c1e79a29d1a7718

SHA1
972c0e141df6728a4ada500ab3c7299974d483cb

SHA256
90013a617d8a23c1c7f771d06047fc5ea4f2282df68bcb13c28bb0cd31536e60

SHA512
2671593c7c1c15f2ca7cac0e0da987c1008d80592ae9a5e44fd971838d57fd77daf30acd7230a01c9047ed2882668b79826c4a8a4b7d7425a6d07210db555ece

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
a49c5f7d995baed493c6d5b724ce9f84

SHA1
cb54e2a870ff2fb98ef6685ec6f8365fa8875bad

SHA256
e6394b98a222914c66c91d1452b3ecda9d29b8acd8ed9fea399927d76c0f7701

SHA512
40456eddb8b799b4bf8cf5395721e212dc28f79378b8dd003c8ab91ff3a095555458dd32888cacb77c7f328c415f6a6b3fe1b8085b84cad3fa4ba1e1f352d281

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\index

Filesize
256KB

MD5
74fbb91f66e1e0a263e381d5f9a39ad0

SHA1
e115357e56424b3c364fa67b8386e23b42620b27

SHA256
1ad7f77314025bdb7f813bac63446d86036bf0a5cf8ee0b22c81a2ca9c4ee253

SHA512
f4ce91ca022489c70d5672daa8455a8db4c602305828146aa5ed5ac0ff2087288c6ae97c7465246fb77318e59b6d897b37f5bcd44be6cf2ba49a396087f4fc66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
f8d7ebb0bd1fcab8fe5f5c87f05a2cb0

SHA1
d6e11017a44e383b34a93264bb1c70b731b70d7a

SHA256
55397ff26f5e05fc3f1e3b7535b5e86980323a322fede3876471b5da46a6ab02

SHA512
420fb75ad5f6a05aff626f9dddefa763ddc1bebc69da408d1fcc0607f4e04016f49b54116add7773b679bcc943d3652a16225f857be71a335f066726d67a46d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
484B

MD5
5ef37038fce235fa7caa69e0215e228c

SHA1
a9aae64be06d1ebf4489d2c612212aacdaa1f928

SHA256
5a7464bb78b43f6f1ebc5db31d66be236a90df5a227bad7ddbf938c42aa97d5d

SHA512
fcb06cb8156e9014a19c06ce176d38c13144cf25c9deac78d1e44ec84e615d4186ab1b496ac2e71cedc3f7866917111380ba61f79136aed99174778851cd20c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
293B

MD5
d73b0ec1c9652c62bc16e4dfd79139b4

SHA1
8cc108b87ae82631b4381076253481365ff0eca2

SHA256
e194adce39ae02b25d88eef2bc5fe2087f94945c71cd72bafcbaf5576cd4c285

SHA512
4ef19aa5d7a519e19dbf844e9d76b9d797e0b5fb59822dca074a8572aed69fddc762d47c6e3af250a28deb7f3b0dcc55e319c43b0b362e5b4a3c30a99cf6fa3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
846B

MD5
1466b0b1a34306e00c76c4592ce20636

SHA1
a4534a8da1430a0033258af6ee747dacfed380a4

SHA256
386026a284d7d5ca3e30aeba7704962e4d211f23f0f040321e355c135f57ea14

SHA512
6628697f72f8744f51cc0ff2fb849794084e2906c06635d09ed6a4e433762a8332f3e41a63d0466891665d770a804912f2c7e01a851feb8365b4ae26f39c4e14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
15d9117c3d0082969a14bc9bbb317268

SHA1
ea6888982ed6ac5a1949f74fe949987015955f8d

SHA256
c25f52ea485df080d42c8c4949a7ebd1191ec30b75da17479c37872deb5405a3

SHA512
1e9ba4f0eb5a8e819585dc21576456a3c74e5d9ba8434e7c4beb474ac3db0e4dd3213bd9b4bee6b6c2a912699eb129a6c6cf1c17ee1415948d73f28b1fb275bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f5ebd18d6979b28af87ad73330761170

SHA1
4c3ba1fc706911867261dba3eed4354c955c535c

SHA256
4d32ba27c7f8a7ef6ceb9aa064e59f2b15cd530fa23f1cb68c89d668c622c095

SHA512
376b3faadc037b6283baf64888017a5e3ccb2da0dcb3ee096778ed58328cc7d76f9f18c9ffc321846079c91fa4d00c0ad882a52b476395be23bcc8369ee276e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
febd9549f3e225057b09d43b74a91b05

SHA1
ce5a59d8d7dd370432a99f862f0733d34706f4bc

SHA256
ff01fbdbd6644a99d99605dbed51d0e6f7f6212715b0c63e5b4267db7492bbda

SHA512
3b0bd8fd2486dae8b0d6b9e1f1b73685e13e666105417d77d192254293c219eba685e496f1a5a8b4204ce934331168f0ea09bd00a82e7c81450a99148cdb0d91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8e0ef19fe847a2281f164c04951c743b

SHA1
97130dc9c13aab28c61e5c78c1683c3b599e0c8e

SHA256
e7a30d4909761bdb2162e55fef70dc89d655f6c9040baf78137d47ffbcf5078d

SHA512
b962652a40dc57f734ebd48825395b876ef583ef8ebb0a501ac3f9a234bcee451513ece917553802caffed92c7c53757325b49050dc076ceeb038bf199b61ef2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
185080eb3d5b0a66db58e0095f8c331f

SHA1
bff8dcc035b163b0c9ec6e4407733b86affef965

SHA256
113641bc7ae03411b69562ecb967139fd6193ce3f49251ec79449317ace9d331

SHA512
75ff3e926bb1a6bcbb6cca5b735511a0e3d203e7fb90416c3cdb0b03aafc9db16ce824e0f018ecf721166f589ff8d5fad6cfcb9287418716d50256348572a790

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
ed5208c1f808bc3060ee268b37756402

SHA1
034686621c966a7ffbd112d425fa6fd600d0c664

SHA256
f1101bcaf7c09312f161e9ee88255a6869fef1a8ff3dc11a8a46b425d444e710

SHA512
beb4d264aed90cdd73646f674b9a9d7c659b0c11994401a96ade73e807ebf04b8166471d35aedb0e41acec52576c3ca7baf2c0b20782f1e7fbee57ba701804f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
bdb9c70863cf1ffbddcb6814aba83c7d

SHA1
c4bf4a635db75cef24d82238400810e3da7746e2

SHA256
3c11a1619eabcd8ae8cb0034501ec1bba652a40d6f79682ea0682d296587220d

SHA512
8d02d22a62c87efe9735340e14d9dab4676612e0866be8577718fbbde30494f2175e9a4a65b4199e4b2c27e8387e13b541597485e0c4818cd52f9678582a4618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13381618673451898

Filesize
2KB

MD5
561637e46b97f4456692ac92a9b70c1a

SHA1
7c6e422524afa3e0ad0c93cd9e63cbe99fee7f11

SHA256
375e94ee930c1aa2c8118774f4ee41f3a9a8570de6a5d3d8eb6303ab07945cf5

SHA512
a9f7b313e8b0f33ed65fa84e382189f2f3694ddc3d41c39e4923df488cf32c98a8b8233431b2615d22e846f149e940307e0f5815a233c09d823b7aecf4426b51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
e1774f12ce066da524f9ea2c2dd025db

SHA1
46a25a63f0fd9c4d1bf44311cd17763acf1aec6f

SHA256
77c5ddaee26b7e9e3274dccf6e0d5e19172d3b0396d43f6d497c5ac599d09db9

SHA512
480d04fb02003f31b337d97ce53e8c77a2296e660eeb399ceedd50f5bd69ec33701093f376daa30c05e1549bf18426429ad1baa7ede58b439390e5b1ad3cb9be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
722e2d21a5dc3b114b17a38d2b262c95

SHA1
7c12d87026e1c94bc7879c2053acabd3cff5c447

SHA256
f398e64efda965d3b85d00d28443b65e3c9a8a97761add1ef31925b04442456c

SHA512
120585d1061d1150fbe92da870d19fed8071a69047f4ce3b0f48082126df6e47d64c6463e673055f94cc9ca04c5784d9b31cf8b7f676e3e917aef8ff234322b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
12173967ca60c53fafc22d8eaaa7121e

SHA1
25a912f51eea7686c2b96ae3249f1cbd832cdcac

SHA256
1f01350b9b969b01b4874dbf4eadbbb7d6d106850187b39cef7553c0e7cb1a3b

SHA512
f78c5c5af023af2fdd13e694cee3b7362b5d2b96818c7e15353731ef56bf6f9bd3fcc73d1ba57c7c47bf89b2f3ab6437eacce6c46f8ba967aee7c8090ce28349

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites

Filesize
20KB

MD5
f44dc73f9788d3313e3e25140002587c

SHA1
5aec4edc356bc673cba64ff31148b934a41d44c4

SHA256
2002c1e5693dd638d840bb9fb04d765482d06ba3106623ce90f6e8e42067a983

SHA512
e556e3c32c0bc142b08e5c479bf31b6101c9200896dd7fcd74fdd39b2daeac8f6dc9ba4f09f3c6715998015af7317211082d9c811e5f9e32493c9ecd888875d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
bda99ec9043c8d4f2b4feaeff4cf8538

SHA1
92012ed17bf4013437767533d7ff5d5a485b0d53

SHA256
2f50805d1cf80033dfc8fb369ddee85c346c5776d056aabded1cd6ac2ae16ee5

SHA512
26d26a5c8fc3a8809c742493c01311c5a6a8be9560678980d690f14895f93246e2afebfddcfdac8d18b69e7ff3aa4bf2ad7f0de078452ea81b7ba74b1038ccdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
f70aa3fa04f0536280f872ad17973c3d

SHA1
50a7b889329a92de1b272d0ecf5fce87395d3123

SHA256
8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8

SHA512
30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
69794f51d46634881ee355f33e79c6c5

SHA1
8adbc8a625c76468b8d3cca7b646bcbe4b810d28

SHA256
7929db18d93652f97d6e4858671bf9678830ab7d281376782baf16d3a839dc74

SHA512
0fdb8fb10b74208cc59362e1f1fa8da9211f5eeed27205210852638dc6d94970dc272d2bd54c126ea125609ac45b3c2cacfa954845a1d474b620ef67c69c95ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
279B

MD5
6cd29ec55f931f7c042d9a820fe21462

SHA1
3a9c415b42821138adc8ab17d7189a7296ff4470

SHA256
0ec3d66d370d62624400354f528587480bf215dbb9f1fcc5bc3c69c096e809c7

SHA512
d90d36e6b909fd16a4f091318a77c3b8759a0d03572da0bbcb8eea50b5f0f8f713dc969cff98f04b5b1456b6754dd07d654f8655ee861ec2d44ccf75deec04e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
531B

MD5
b1e00a33119a1d0175591309e141c61b

SHA1
066592f2ed32f5ac4089aeed8911412055d67049

SHA256
2a12e9ad3fa9511251802bd554ce7a5afceb1983fb0d3d87ca4613e3be8be203

SHA512
2e37e9a73d2282a52292f63076f4562af6935f0ca9f2ca9ed667d6b325e9f90e81e0ccb5bf97760ae3479bdae14e89d13a34c832c766bc5dc1a35cfa40a47861

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
297B

MD5
369afa1b57b921ab7b18e1e74ed3393b

SHA1
9f6cc57673555bd111425c4e8ac8aa9261745927

SHA256
abcb85ac64688b96f3d4bb27b40e5bcf95fc63704bbacaad08481f9d51430c76

SHA512
f9a785e8a440ed398415c708419940cb13aef4ebd66d8c9de207a3b7123b4ebcb4aac49d69d9f44dd2bb35858fb3986959c63e06bdcd0664d53074ea610ea866

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
aedcc006e6272f1ff33b2863f556b346

SHA1
3bcde2550a9d50ea159e0caccabee3a48bba1376

SHA256
92e0edcdf73cae6388fa235fdfdc9506db8102d676bc6874f2aa75b54175370c

SHA512
4a4e790af3fb8c1ebdb98a875dd08a31ad87f379bc4f11a6df5f5e864c6851fe9a199a82f42857b5577160f4e780d83c6d41f3214c088df86e400afc002c8542

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
e72f1bb828e1ddc9c1f7ca23a4bd0f5e

SHA1
b73d9bd5f93ae2b07758978f08de964b7a593174

SHA256
bab7bdb214d0e4a6b252eeb843c2b8dae4f67bb3c2b589d7c5341120af102c4f

SHA512
2eb3684adcb1de37308670fd116be4d0179706a27902e59ebfd0d11e204fc3414b9db6df6bfe6af1648b817545a1e38c8048b7a8fddffd47b980c896be5e7f99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
25cb586c1f950376907e55e46814a19e

SHA1
cd0f7a9a6215e5b034ac6b456deb235095bad1a5

SHA256
39427be6dd1a1bc221c3a473a1f6f3ca66af47b0e2e2c8105d3190509a1bcff5

SHA512
d99590d37724aeccc1775a4b4a5abf5cab9396c4112885415a5b50367930949286dd4b5f1e63b3565261fcf74e5433692f0d13b420342d7c2efb5e94197aafcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings

Filesize
81B

MD5
f222079e71469c4d129b335b7c91355e

SHA1
0056c3003874efef229a5875742559c8c59887dc

SHA256
e713c1b13a849d759ebaa6256773f4f1d6dfc0c6a4247edaa726e0206ecacb00

SHA512
e5a49275e056b6628709cf6509a5f33f8d1d1e93125eaa6ec1c7f51be589fd3d8ea7a59b9639db586d76a994ad3dc452c7826e4ac0c8c689dd67ff90e33f0b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings_2.0-2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1

Filesize
126KB

MD5
6698422bea0359f6d385a4d059c47301

SHA1
b1107d1f8cc1ef600531ed87cea1c41b7be474f6

SHA256
2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1

SHA512
d0cdb3fa21e03f950dbe732832e0939a4c57edc3b82adb7a556ebd3a81d219431a440357654dfea94d415ba00fd7dcbd76f49287d85978d12c224cbfa8c1ad8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris

Filesize
40B

MD5
6a3a60a3f78299444aacaa89710a64b6

SHA1
2a052bf5cf54f980475085eef459d94c3ce5ef55

SHA256
61597278d681774efd8eb92f5836eb6362975a74cef807ce548e50a7ec38e11f

SHA512
c5d0419869a43d712b29a5a11dc590690b5876d1d95c1f1380c2f773ca0cb07b173474ee16fe66a6af633b04cc84e58924a62f00dcc171b2656d554864bf57a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris_638343870221005468

Filesize
57B

MD5
3a05eaea94307f8c57bac69c3df64e59

SHA1
9b852b902b72b9d5f7b9158e306e1a2c5f6112c8

SHA256
a8ef112df7dad4b09aaa48c3e53272a2eec139e86590fd80e2b7cbd23d14c09e

SHA512
6080aef2339031fafdcfb00d3179285e09b707a846fd2ea03921467df5930b3f9c629d37400d625a8571b900bc46021047770bac238f6bac544b48fb3d522fb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic

Filesize
29B

MD5
52e2839549e67ce774547c9f07740500

SHA1
b172e16d7756483df0ca0a8d4f7640dd5d557201

SHA256
f81b7b9ce24f5a2b94182e817037b5f1089dc764bc7e55a9b0a6227a7e121f32

SHA512
d80e7351e4d83463255c002d3fdce7e5274177c24c4c728d7b7932d0be3ebcfeb68e1e65697ed5e162e1b423bb8cdfa0864981c4b466d6ad8b5e724d84b4203b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic_638004170464094982

Filesize
450KB

MD5
e9c502db957cdb977e7f5745b34c32e6

SHA1
dbd72b0d3f46fa35a9fe2527c25271aec08e3933

SHA256
5a6b49358772db0b5c682575f02e8630083568542b984d6d00727740506569d4

SHA512
b846e682427cf144a440619258f5aa5c94caee7612127a60e4bd3c712f8ff614da232d9a488e27fc2b0d53fd6acf05409958aea3b21ea2c1127821bd8e87a5ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Malware-1-master\x

Filesize
8KB

MD5
5ce1a2162bf5e16485f5e263b3cc5cf5

SHA1
e9ec3e06bef08fcf29be35c6a4b2217a8328133c

SHA256
0557ea4c5e309b16458ca32ac617b76d1a55f5f0103e368d05c0f0386b7a0a43

SHA512
ceb5e270bdbcab5be645e50705e3111a5c4751a7a865580d53fa86580025201264a49dd0ea9135b10cff28d7bb21b767ac5d4aff40e880a866ab35df273b5de1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Malware-1-master\x

Filesize
4KB

MD5
20e335859ff991575cf1ddf538e5817c

SHA1
1e81b804d67d6c0e22c0cef7e1cb9f86ce0ef5ee

SHA256
88339750431112ed60cdf9bdb7697434ba9b38e2d15ad604c4462705bc1bdfcf

SHA512
012251b342722cf35ebec2c7d071db505a992d81fc4b3492cd87640b5c955dc084825fc5e72edc821f4c481867183f21d26cd904fe7f0373d1156332f87b031d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Malware-1-master\x.js

Filesize
448B

MD5
8eec8704d2a7bc80b95b7460c06f4854

SHA1
1b34585c1fa7ec0bd0505478ac9dbb8b8d19f326

SHA256
aa01b8864b43e92077a106ed3d4656a511f3ba1910fba40c78a32ee6a621d596

SHA512
e274b92810e9a30627a65f87448d784967a2fcfbf49858cbe6ccb841f09e0f53fde253ecc1ea0c7de491d8cc56a6cf8c79d1b7c657e72928cfb0479d11035210

Download Submit
C:\Users\Admin\AppData\Local\Temp\Malware-1-master\z.zip

Filesize
5KB

MD5
d2ea024b943caa1361833885b832d20b

SHA1
1e17c27a3260862645bdaff5cf82c44172d4df9a

SHA256
39df3364a3af6f7d360aa7e1345e27befc4be960e0e7e7e060b20f3389b80e76

SHA512
7b7cfb5e689feed6a52eedf36b89a7b5cc411191571c0af5e5d704b5f24bfa04afa62d1daab159a7e5702d80e56f3946bf32db0551d256419ca12cd3c57dcecb

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe

Filesize
12KB

MD5
9c642c5b111ee85a6bccffc7af896a51

SHA1
eca8571b994fd40e2018f48c214fab6472a98bab

SHA256
4bbf7589615ebdb6c769d6d2e7bdcb26072bac0cda6e225a4133ba8819e688d5

SHA512
23cc74b5a7bdf70ba789d1730a0009414cfb9c780544e3d8d841be58782b9a9a089969c4295a0da25d07285505992386486d6ff0524e75605b96bb99cd3aaa1c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
d48c72190ed1461b532b774a0d1b9662

SHA1
4b2d3d9ff332d86d25754bfd9589d557e4cb530b

SHA256
dfe6de31cf6acac93643b8517b788c3cab4f380720862c5e466e4f643a1d544f

SHA512
d43a2622668a93e3a40481053994c1d11ec167e3154c0956853dcacad7b185fc162b9eca25b6ceb4de32986481f2a501a3ad10059c96db777fece61f0fb3795b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
d5f107534336a60ce9f17e8a7c32a274

SHA1
f66f7c9f5e3824ceff4cf1b350741e0b27653bdf

SHA256
6205cce323abfe953fb72cc4632036d8fd93c7c9b07fb7ef6fd2fa6bc9c4f62b

SHA512
b57bbe8df7c78d2d1e45b89069ef60ec79ca67b9b1bf44547b40f02f787eef8a9c74c224b176914eb985036f37e291bdd9096efab193bf9ee7056521a4e4d0f3

Download Submit