hxxps://github[.]com/pankoza2-pl/malwaredatabase-old

Resubmissions

03/03/2025, 18:11

250303-wsrsyavlz9 3

03/03/2025, 18:09

03/03/2025, 18:07

03/03/2025, 18:04

03/03/2025, 18:02

Analysis

max time kernel
91s
max time network
92s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
03/03/2025, 18:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/pankoza2-pl/malwaredatabase-old

Score

7^/10

discovery execution

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2412	MEMZ.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
65	raw.githubusercontent.com
66	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133854988640574949"	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2404	chrome.exe
2404	chrome.exe
3280	msedge.exe
3280	msedge.exe
244	msedge.exe
244	msedge.exe
6140	identity_helper.exe
6140	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
2404	chrome.exe
2404	chrome.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe
Token: SeShutdownPrivilege	2404	chrome.exe
Token: SeCreatePagefilePrivilege	2404	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe

Suspicious use of SendNotifyMessage 56 IoCs

pid	Process
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe
2404	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2412	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2404 wrote to memory of 4600	2404	chrome.exe	89
PID 2404 wrote to memory of 4600	2404	chrome.exe	89
PID 2404 wrote to memory of 4744	2404	chrome.exe	90
PID 2404 wrote to memory of 4744	2404	chrome.exe	90
PID 2404 wrote to memory of 4744	2404	chrome.exe	90
PID 2404 wrote to memory of 4744	2404	chrome.exe	90
PID 2404 wrote to memory of 4744	2404	chrome.exe	90
PID 2404 wrote to memory of 4744	2404	chrome.exe	90
PID 2404 wrote to memory of 4744	2404	chrome.exe	90
PID 2404 wrote to memory of 4744	2404	chrome.exe	90
PID 2404 wrote to memory of 4744	2404	chrome.exe	90
PID 2404 wrote to memory of 4744	2404	chrome.exe	90
PID 2404 wrote to memory of 4744	2404	chrome.exe	90
PID 2404 wrote to memory of 4744	2404	chrome.exe	90
PID 2404 wrote to memory of 4744	2404	chrome.exe	90
PID 2404 wrote to memory of 4744	2404	chrome.exe	90
PID 2404 wrote to memory of 4744	2404	chrome.exe	90
PID 2404 wrote to memory of 4744	2404	chrome.exe	90
PID 2404 wrote to memory of 4744	2404	chrome.exe	90
PID 2404 wrote to memory of 4744	2404	chrome.exe	90
PID 2404 wrote to memory of 4744	2404	chrome.exe	90
PID 2404 wrote to memory of 4744	2404	chrome.exe	90
PID 2404 wrote to memory of 4744	2404	chrome.exe	90
PID 2404 wrote to memory of 4744	2404	chrome.exe	90
PID 2404 wrote to memory of 4744	2404	chrome.exe	90
PID 2404 wrote to memory of 4744	2404	chrome.exe	90
PID 2404 wrote to memory of 4744	2404	chrome.exe	90
PID 2404 wrote to memory of 4744	2404	chrome.exe	90
PID 2404 wrote to memory of 4744	2404	chrome.exe	90
PID 2404 wrote to memory of 4744	2404	chrome.exe	90
PID 2404 wrote to memory of 4744	2404	chrome.exe	90
PID 2404 wrote to memory of 4744	2404	chrome.exe	90
PID 2404 wrote to memory of 1236	2404	chrome.exe	91
PID 2404 wrote to memory of 1236	2404	chrome.exe	91
PID 2404 wrote to memory of 3152	2404	chrome.exe	92
PID 2404 wrote to memory of 3152	2404	chrome.exe	92
PID 2404 wrote to memory of 3152	2404	chrome.exe	92
PID 2404 wrote to memory of 3152	2404	chrome.exe	92
PID 2404 wrote to memory of 3152	2404	chrome.exe	92
PID 2404 wrote to memory of 3152	2404	chrome.exe	92
PID 2404 wrote to memory of 3152	2404	chrome.exe	92
PID 2404 wrote to memory of 3152	2404	chrome.exe	92
PID 2404 wrote to memory of 3152	2404	chrome.exe	92
PID 2404 wrote to memory of 3152	2404	chrome.exe	92
PID 2404 wrote to memory of 3152	2404	chrome.exe	92
PID 2404 wrote to memory of 3152	2404	chrome.exe	92
PID 2404 wrote to memory of 3152	2404	chrome.exe	92
PID 2404 wrote to memory of 3152	2404	chrome.exe	92
PID 2404 wrote to memory of 3152	2404	chrome.exe	92
PID 2404 wrote to memory of 3152	2404	chrome.exe	92
PID 2404 wrote to memory of 3152	2404	chrome.exe	92
PID 2404 wrote to memory of 3152	2404	chrome.exe	92
PID 2404 wrote to memory of 3152	2404	chrome.exe	92
PID 2404 wrote to memory of 3152	2404	chrome.exe	92
PID 2404 wrote to memory of 3152	2404	chrome.exe	92
PID 2404 wrote to memory of 3152	2404	chrome.exe	92
PID 2404 wrote to memory of 3152	2404	chrome.exe	92
PID 2404 wrote to memory of 3152	2404	chrome.exe	92
PID 2404 wrote to memory of 3152	2404	chrome.exe	92
PID 2404 wrote to memory of 3152	2404	chrome.exe	92
PID 2404 wrote to memory of 3152	2404	chrome.exe	92
PID 2404 wrote to memory of 3152	2404	chrome.exe	92
PID 2404 wrote to memory of 3152	2404	chrome.exe	92
PID 2404 wrote to memory of 3152	2404	chrome.exe	92

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/pankoza2-pl/malwaredatabase-old
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa6344cc40,0x7ffa6344cc4c,0x7ffa6344cc58
  2⤵
  PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1916,i,11385000822477444867,2364909044306077546,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:4744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2156,i,11385000822477444867,2364909044306077546,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  PID:1236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2220,i,11385000822477444867,2364909044306077546,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2456 /prefetch:8
  2⤵
  PID:3152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,11385000822477444867,2364909044306077546,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:4216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3124,i,11385000822477444867,2364909044306077546,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:1080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4612,i,11385000822477444867,2364909044306077546,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4620 /prefetch:8
  2⤵
  PID:3240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5140,i,11385000822477444867,2364909044306077546,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4784 /prefetch:8
  2⤵
  PID:1184
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\MEMZ.bat" "
  2⤵
  PID:2340
- - C:\Windows\system32\cscript.exe
    cscript x.js
    3⤵
    PID:2052
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    "C:\Users\Admin\AppData\Roaming\MEMZ.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2412
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi
      4⤵
      Enumerates system info in registry
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      PID:244
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa4ead46f8,0x7ffa4ead4708,0x7ffa4ead4718
        5⤵
        
        PID:4348
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,14247046630313423931,8073858235662675453,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
        5⤵
        
        PID:5108
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,14247046630313423931,8073858235662675453,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3280
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,14247046630313423931,8073858235662675453,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2988 /prefetch:8
        5⤵
        
        PID:5144
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,14247046630313423931,8073858235662675453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3080 /prefetch:1
        5⤵
        
        PID:5176
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,14247046630313423931,8073858235662675453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3116 /prefetch:1
        5⤵
        
        PID:5184
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,14247046630313423931,8073858235662675453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
        5⤵
        
        PID:5684
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,14247046630313423931,8073858235662675453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3644 /prefetch:1
        5⤵
        
        PID:5820
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,14247046630313423931,8073858235662675453,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:8
        5⤵
        
        PID:6012
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,14247046630313423931,8073858235662675453,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:8
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:6140
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,14247046630313423931,8073858235662675453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
        5⤵
        
        PID:5560
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,14247046630313423931,8073858235662675453,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
        5⤵
        
        PID:5580
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,14247046630313423931,8073858235662675453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
        5⤵
        
        PID:5980
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,14247046630313423931,8073858235662675453,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
        5⤵
        
        PID:6000
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,14247046630313423931,8073858235662675453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
        5⤵
        
        PID:5372
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,14247046630313423931,8073858235662675453,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:1
        5⤵
        
        PID:4696
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=what+happens+if+you+delete+system32
      4⤵
      PID:212
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa4ead46f8,0x7ffa4ead4708,0x7ffa4ead4718
        5⤵
        
        PID:876

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2136

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5420

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5480

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x34c 0x428
1⤵
PID:5964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
96b2ab161a5d964c73fb983a1b53e59b

SHA1
e0243885d825702b1b04abce055eefc335e3f291

SHA256
fa8e2f6cc0635084ad5542592eaf22c57bb5a36e2337612c7fc47f3a96948b88

SHA512
a8b2d28c2e18600c52f8a734d87396ca15022cd413264e4f8f6c1e8d358dcb8b64b73171b0d4e784568652ed8014bd7ff4790f66c304543bdc3413105eba4822

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
72d8ca19ead6fff17694f01f9c211ee4

SHA1
1a6d686a57338601cd768669563e56f6affe3646

SHA256
4d8af320cc1fc385d6c6571895778d1deb9af5f189592f572a1bc76909e4536b

SHA512
7524c5c387206f306c1e1e1b8193062b55f8270449fdc594e93cf736e798fd6c366162e906c0eb46a5ff33f54fefa4c396324577825dee6dfcd4afe2ffcc0ca3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
f2e2e918386092f4ad3c598be75e8bfb

SHA1
ff2d956fb2ad85fbba2262bacded7a9f96460849

SHA256
6b5f733cb7363285107478e41cc01b1d0bcb8df2321af56ac037b9e4227b9293

SHA512
fb84b122e84726d258b2143f9e9f45b7450551e286461d263812ebfcbeceb1eff236fadf1ac14db9a6cfc2beb3e6b8ae8938a30256a9b09e738c0b93de61d038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a4429139e2839c671ffb4137b728659c

SHA1
9a3626ac9b4bf4a7f94717d6931e90f3e15a275b

SHA256
a06e951343948a57a26a0c66540ec8e59ab719a5585b9e24e85fe2d51cd8d2bd

SHA512
452de0b403e285ff8f256096dd8ca50a6af22e0e7f8de41d0aaf0be78cfaff35b16372910c02f64732a03d8dc186c6c09685d58f27f7163df181e2a0e7c631f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
58ddf5ae77782a4b5e940e50d95a30c1

SHA1
3ed2b40c4a64ddbf5929c882a2ff0c8a9ba42dff

SHA256
fe42f2eaae29a0ccf4d70d16436fb1015cbab42327e5fdb6926b62c12640a98d

SHA512
e4fa527cceaf5c231e2e8e51687df6f62fd8def3d71bebe0b255d5818817d4c2b4fe688de1197290f8dfc25af56439404bc91146353d5befe0d4e4696138b04f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c6c72850b0e9c5cd85066fed35e77f78

SHA1
273f1d0e7ef5ebc9ff4ae56e1bed763add50ecb1

SHA256
61eff3e879bdc22635d1cd0a63da695bc6aca1b4c2b3eb47e6cd13dd3fff11c8

SHA512
8adc0b5de3da0a6d0f056b7e957e000e42ae0be715b5f6aadae3cdd6db1633690999ea557ec55867894d27e2d9c6445a2002836300302c0637e86677b57d657e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d19be207a0f4f335bdd10d5769704b7e

SHA1
04e3c51c97b1b9958d383e37558b13f770419313

SHA256
c23d58741782f9d12740342f39495c2b5251518f61b4f320a3dcbb977c895657

SHA512
04cc415e42ed4a301ac6659b7752339f2f88575810fe20863248d5aa65a4df46e891b070e746e82b1c378d4c4d9eb49ce0c610946bfcc559d3c1aaa1f2f4989c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
44fc0538b44c3332a292a86904b6627d

SHA1
8d7eb01b84a3267e8f767f52fad93e44d19f1d21

SHA256
d395c7b0828120356150de76831dc7fd923dfc25038ee2af7394c15837a71bb2

SHA512
722e6e9d3144bcd03b73f3a1b5ad9a7d2a71974b8b5587d1c0cb0a1b20f4d87b52773fa04a9bed89a1b06789ffb055f41dabd5794c0ac13ed887e80a42974ee0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
21a3b675c1e0b02df2df5ca79f0056d1

SHA1
d9b6ebb067d5173e2d0552832e6f7e2aba790585

SHA256
c0530c579ec6869f4ebc45658c8cf927757f3bcc25e828efe2db60cc94bfe718

SHA512
64db3f802694052770cee2789e9ff425488c8d6a9364c9c3abd9e12e11ce0070b35756ab9bb4562c43ced470c4563cf6d01a14239be14068a8d49aa6be420548

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
284bfc23a03d87117c6c9286ef3de276

SHA1
19dd8206180227c6022044ebe918de57a8e89529

SHA256
9e1ee2b53771f8d51926200b0a1976f9a787c78a65039d5493c213c3395c5eb4

SHA512
f88381977b73a3f49b3bf676f2508c0e3124b7ad18f4216598379c786fca4ec5e7bfdfef83cf09671dad9423478f84a1a4d2d35a3851caeda5be7b89f705f5fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5c72a45cb89c1e8739aa4ee489e905e0

SHA1
eecb44c045c7a97b13abe6a5f07df03ebbb8ebd1

SHA256
2d2d30aa19f929b0aa16388a0e5a76ac91c3d72f5a9c03c815c094c5956e96d2

SHA512
cd6e33a29adec30a61d779bc5eedb5fa8eab8c421b9d520d92445f35a67ea8839226dc7d6c59493fb7e1af98c903292053643e660c0cfcaf1453f381068370a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c69c2cdd4f7c1c7e7fd0a5b6a0030768

SHA1
1a06e697af7ce59094888242403263b941889a0b

SHA256
cb5873547508b90265b0242392840d563d13c56ff03c2eb592eec8b94055b551

SHA512
8d2bb0bb46e37c847968d7eb6e151819b3b15995a98922d2cd9b549e92fe2f7dbcfeaea0724d7834eda88457e0db725a2f2d58beeddd7cfe64de9e30f731e2e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
123KB

MD5
0e78925665f18d52b53310eed5513895

SHA1
383915808c4f7b92fa9eb0b79efb70723e2249cf

SHA256
6b442911c66a6478cc9f40826109e8ce3cba0145382c5a8bde4e48caa76b5c8e

SHA512
c69567007ed19d6e9b1b23884099ed3d0b30ee7e748baaf7e30f89197268099d9f6da5748846038429339b97b0ec4932c6c52cb38c9c3b9516f50898b758b7d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
123KB

MD5
3622b33e9662a65c221538d98862e198

SHA1
b4f8e7608a2e115cd3f0f4a6509fe4696ae25343

SHA256
f383d724a7931cb461e83726d50a2e87bafd2e8a6139dc6da0c6d1e0ad9cc48e

SHA512
cb328d4510349e18023e813e7a342376e0c776f74b0d5fd32e67797b7c288e2cc9bdc5ea52f7522290bf24569161126c9d668841cf5a3048173dc543b4593fc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f2b08db3d95297f259f5aabbc4c36579

SHA1
f5160d14e7046d541aee0c51c310b671e199f634

SHA256
a43c97e4f52c27219be115d0d63f8ff38f98fc60f8aab81136e068ba82929869

SHA512
3256d03196afe4fbe81ae359526e686684f5ef8ef03ce500c64a3a8a79c72b779deff71cf64c0ece7d21737ffc67062ec8114c3de5cafd7e8313bb0d08684c75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6cdd2d2aae57f38e1f6033a490d08b79

SHA1
a54cb1af38c825e74602b18fb1280371c8865871

SHA256
56e7dc53fb8968feac9775fc4e2f5474bab2d10d5f1a5db8037435694062fbff

SHA512
6cf1ccd4bc6ef53d91c64f152e90f2756f34999a9b9036dc3c4423ec33e0dcee840e754d5efac6715411751facbe78acc6229a2c849877589755f7f578ef949a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
214KB

MD5
94b1e1418589b493473f77781adb4ddd

SHA1
a2646cdd1d0346e5bac8ca77de50729ccae0aefc

SHA256
b8cc7e5a5d6e29746aa50ac146ecd880481a0e336145d7d5056281d88b91c2d8

SHA512
25840fa762cede5dfed9d4feee5b5f6c8ef4c2305dd20e8faefbd2c1cfe7ed2a31aec046ef7c34817dbd42fcd7ff532149b9ecd931c2f4fbe2ec070fcf9b3c63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
31067cd97300bd57bd04011b241285a6

SHA1
b710e7474c83b350349f081c8786b012d36c6b93

SHA256
3f987c2a6b71121e60c080edff40902f05b4664bfda8de3d4c1bc0fc364e0fa3

SHA512
0a498314a8c3c8aab25c2623304361e4827d57dca176e2b6c6491b0a7631f1aead7494c15d437a35ecd698c379ab7ba5bd935786f01ff63a205be4ea3892a56b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
424d1b5b5e2fab210e013bba4345a61a

SHA1
60a5d627f3c8435508111c55b9f236c0cc0ea947

SHA256
96a3eecaf449204fbce52103be2fc2cb9716d0eb647d219a3b7b773dfbd869ec

SHA512
0afc4b38005ef549bd6ec31f87adc7379e5d1df32b20958431f517a9d96ead140912744644aab7fbe5acc99edab8a48f7805e9f3cadcd48bdfed72d73894b6fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4018bc292dda50e88a17787a7a639124

SHA1
9d234900c6c1c25d9923787808b196183f4a88ef

SHA256
8b8110e5a3d697bc888d6c4581a250bc3571545a19c0296e8d14089c46d51ca5

SHA512
aeddf17a3705322b8575aab2b634f7dc00327ce79c8ad622c382f02f3afa391eaab18e5f6236fbc2ba0ca7cbe8432af44387d464da5d721c5ab437c6261b330d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
53c01407a31394742a1a77102e4859d9

SHA1
317116d8da7f408d9853579b84717cdf176f3758

SHA256
dd3e7d0a91d4f770287d3ef0bddcc7fe5071fe02dc77ff1a273e66af5a7d128d

SHA512
67f189862a1543400a326c2120702315fc3531cd9645716899f455ac855340305289be0f3d1c845977abb81bfe9263a6c727648171e1a691bce998969f8083f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bbe6be9becf7b3ea4c354038723d61ae

SHA1
cc8010ccf9d162550e92306f95ee1ce8e1663ac3

SHA256
94f7c98f37b9899ee01b96feffaf15ed18fb4890ba7e599851e324509f93063b

SHA512
2e90eccfac85a31907bab41ff1368d0a1860dc7c8fe5dd14cb4cc66e31f310696dfe942f0e8741c1c33bcf28b735edf540c31e484d38fc5880ddadb3596292d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a56ac42f0b6aadcfcc524c072ed651f0

SHA1
6dd31142d57495a5a7b0b4922eb4d8a322f3bb84

SHA256
2a96f0bb55a38d695dbbf19fa09aaa5fc66dbfe63e489da02c3d16e7c8d2a731

SHA512
ac05991e91d16df831b5ad0be42ebdc1978f3a558affa7a812b0dd02d43db6dceb2876ca2e7ff6a3616766afe00f1944948e9cf806d175f01e3a5a97831c80c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
eb929c99744b575a231eac0e6f6d7669

SHA1
f375228d82279874dc51d1672f0f3a50da538d9a

SHA256
0ca4d3a4bc8c8e95d6cb93c1212d57078e7d281593116028ece9c0a7935865fe

SHA512
2ae94e0a8c6abe52d031f68e8d0f5a57207fdbc092e7427b72776a26446621918d42ebee4c0589f21966d5a7fa6067143365d882e80691f93b9c92fab5bd1c4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
78faf7f7f8cd4bbc268bbeb41e657922

SHA1
2f02c75446ca2c319111cb78ce9e96c0d79c034b

SHA256
6c20a79288d6e86295212f7c130c0ab10c4381941f7e8334a20833d9449f6d6d

SHA512
792f0a6de2a4c448a595f63fbc398f77e1ca744d3cec4400f5a3d8f2ae3524bfab67b8712d7acf2ad31cda387dd2e787c8c0216fc623f3098f91910fa6a8dd12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f4704dd2a3ca2ce3ab0559d982f7b10f

SHA1
c89e8ee83b24558cc940629c01793ccc5756856b

SHA256
ae3b90e538747f74b7d4e32472f6dc281e7310c7130dae488c5257be208a8c64

SHA512
e7f82382ebe573387e3fcc4a642fb40273a571a5e1552ba400782b6bdc60bac5af89fc9ab1b97fa89dd01eb49051a9dc264dc827ad67bf572b5fd89ee36d369e

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe

Filesize
13KB

MD5
d1f882da71d058bde723deb56f1d912b

SHA1
b40e3a31de3e21f53596c12f473ff40fe3d59c53

SHA256
ba100a74c6603dfcd4fe0e7ded04fca6fabe7f6610b6f5ad4566e85c1203995e

SHA512
f80af087e3ff584b8f0ee37aee85bc220cd59daf59b8767fe2b0547e5df6c806a17638e0627698625b1ba0c3231744f97167d786ef4f77dcee3d44a88037b57f

Download Submit
C:\Users\Admin\Downloads\MEMZ.bat

Filesize
9KB

MD5
1c33f99e8498b7ddc1a5d2a194b72230

SHA1
3e93d36f70568e5899652ab6e24bec9f75584dc7

SHA256
fb5582429ded721b4853f64f75c157b5e6e3f30a52c9b7b946190dccd52b03de

SHA512
466dbb123cfb21461a5f94aae4898a537f1bd22a0c5112bb79d5462a9c7ce0409c0511aeadbf0ef5ba522703e0bad18dd68d2fdbb1690776b7e69de12608a404

Download Submit
C:\Users\Admin\Downloads\x

Filesize
4KB

MD5
73dfd82f3f6aa94e1379e52c449af63b

SHA1
b542f559a9a22d8771516a4a702e5290fbbaaebe

SHA256
de7c2f358de3bebe188b5c002eca2dbc8a536aaa3f46e41175923a6d3c775efb

SHA512
9a33afae7badeef330ec1a36c949c30d746122b89ffdb014000432280ad734c0f75dfd91905c2a098867ad09ca1daefdf6a26fa2104e1415c82b3c642bebfc1d

Download Submit
C:\Users\Admin\Downloads\x

Filesize
8KB

MD5
b605def4bc2ee976559ba26ab6de2ea8

SHA1
024073431e82308c0d2d60268d34e6c000af42ed

SHA256
5c296bd9c5216781c3414ec17704155d4b31fa72604a2a320668f5fe74c7eded

SHA512
a41f597e10eba9fbf7d1384fd2de87a05648d9244b95b8c7111bc65162717087c536c3b1787f682acd0f3ce2284c0e67f26d4423e73afe38e261fbddc0f3b07b

Download Submit
C:\Users\Admin\Downloads\x.js

Filesize
448B

MD5
8eec8704d2a7bc80b95b7460c06f4854

SHA1
1b34585c1fa7ec0bd0505478ac9dbb8b8d19f326

SHA256
aa01b8864b43e92077a106ed3d4656a511f3ba1910fba40c78a32ee6a621d596

SHA512
e274b92810e9a30627a65f87448d784967a2fcfbf49858cbe6ccb841f09e0f53fde253ecc1ea0c7de491d8cc56a6cf8c79d1b7c657e72928cfb0479d11035210

Download Submit
C:\Users\Admin\Downloads\z.zip

Filesize
6KB

MD5
b299bd2ea62a3798465208b7153946bb

SHA1
341a96f1c79fbc6571d73f61b43a7554a72709c7

SHA256
e19b4a5672907931803f20f76445441f9d73a149ecdb43d40d6815dffa401aec

SHA512
9f187b738ccf2890adaa8bb6284ae86ac915ef99c9545e91fded4bdcd0d7dae51be743bd76dda63c11e212cdb516333241770c48911c80df1c048d604e92ef1d

Download Submit