Analysis
-
max time kernel
144s -
max time network
151s -
platform
windows10-1703_x64 -
resource
win10-20230220-en -
resource tags
-
submitted
01-04-2023 12:49
General
-
Target
http://sakpot.com/evon-executor/
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 7 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in Windows directory 5 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 48 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 62 IoCs
-
Suspicious use of SendNotifyMessage 51 IoCs
-
Suspicious use of SetWindowsHookEx 8 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://sakpot.com/evon-executor/1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4076 CREDAT:82945 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff8c0919758,0x7ff8c0919768,0x7ff8c09197782⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1848 --field-trial-handle=1772,i,12831343961566900734,7031450156225115517,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1588 --field-trial-handle=1772,i,12831343961566900734,7031450156225115517,131072 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1340 --field-trial-handle=1772,i,12831343961566900734,7031450156225115517,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1772,i,12831343961566900734,7031450156225115517,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3124 --field-trial-handle=1772,i,12831343961566900734,7031450156225115517,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4380 --field-trial-handle=1772,i,12831343961566900734,7031450156225115517,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4564 --field-trial-handle=1772,i,12831343961566900734,7031450156225115517,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4696 --field-trial-handle=1772,i,12831343961566900734,7031450156225115517,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4680 --field-trial-handle=1772,i,12831343961566900734,7031450156225115517,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 --field-trial-handle=1772,i,12831343961566900734,7031450156225115517,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5112 --field-trial-handle=1772,i,12831343961566900734,7031450156225115517,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3120 --field-trial-handle=1772,i,12831343961566900734,7031450156225115517,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4928 --field-trial-handle=1772,i,12831343961566900734,7031450156225115517,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5040 --field-trial-handle=1772,i,12831343961566900734,7031450156225115517,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2556 --field-trial-handle=1772,i,12831343961566900734,7031450156225115517,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 --field-trial-handle=1772,i,12831343961566900734,7031450156225115517,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.bat" "1⤵
-
C:\Windows\system32\cscript.execscript x.js2⤵
-
C:\Users\Admin\AppData\Roaming\MEMZ.exe"C:\Users\Admin\AppData\Roaming\MEMZ.exe"2⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\MEMZ.exe"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Roaming\MEMZ.exe"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Roaming\MEMZ.exe"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Roaming\MEMZ.exe"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /main3⤵
- Checks computer location settings
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\notepad.exe"C:\Windows\System32\notepad.exe" \note.txt4⤵
-
C:\Users\Admin\AppData\Roaming\MEMZ.exe"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Roaming\MEMZ.exe"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\browser_broker.exeC:\Windows\system32\browser_broker.exe -Embedding1⤵
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751Filesize
717B
MD5ec8ff3b1ded0246437b1472c69dd1811
SHA1d813e874c2524e3a7da6c466c67854ad16800326
SHA256e634c2d1ed20e0638c95597adf4c9d392ebab932d3353f18af1e4421f4bb9cab
SHA512e967b804cbf2d6da30a532cbc62557d09bd236807790040c6bee5584a482dc09d724fc1d9ac0de6aa5b4e8b1fff72c8ab3206222cc2c95a91035754ac1257552
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\56BB046832470467529600D19207D1D5Filesize
503B
MD5f3284e7073446ba705c4bdb39690ffe6
SHA1b6c184f3e79b843512c200d0b6aa791bd9f8ec6e
SHA25600d0034fd8be732d9db261a3cfefed2fed4c729703b89118fb249e77435b0d9d
SHA5125f2517c6024ec588fb13ce5d52541c2b56c6cec9cab4db50ff9981a0525e4510cd1a4222a46668694c7b365faf1971ed91434dc791bb6b9824e5b61922bc465a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751Filesize
192B
MD561d1395bc054f713e59300eb6bd2986a
SHA16603680c5834c516203bb3cbe84a98f50b0bdee8
SHA256c03fc0f968040a6979532059d4286011ec79ae8b9a4c73bfb4fae1d833608f7e
SHA512685a63a4ee8fcccc06c34e2447f94736c23257393b94bf2e5306e80cc3b7aabb261a6fb2d8666ee99e547158045cee272d4a6da1fb6e146bc2f60ec31e5ed5ec
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\56BB046832470467529600D19207D1D5Filesize
548B
MD55bf0e0f8574d181aedd79d05750606c9
SHA1087d46122c1f89ff1dff63159cfb63c3bed5eb08
SHA25655ebded12ca698a289f20ed1482c240a680cfbc56a78ae662a320f43993ea599
SHA51282f3d38d9861efb31d802b6d3c0231ecd5a23988134576fadcb16ad0ec4e8981c779fa0f97efa89e7ed476ccab471c6880bbd7dbd8949d22a8102b3f29572a84
-
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.icoFilesize
4KB
MD5da597791be3b6e732f0bc8b20e38ee62
SHA11125c45d285c360542027d7554a5c442288974de
SHA2565b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07
SHA512d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
1KB
MD5780084c152fd352939583e88172d8c4b
SHA11f05c9bf1f19d40e592bcb8e93754358c5eab87a
SHA256ca35f0a96515036bf13f541ca386f05646eda09a8178c048fb807da9d53746fd
SHA512898f2f7b4e0d5c44ca4daee5302118cfce485d89fcd801dae1c4e9d59977ed98127ad6d1b2f381170114562493b6b873f3c929db908035997f4bf5262c61f518
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1Filesize
264KB
MD57a0a312e0eef5801209e8a8ed3cfaa78
SHA11188b43e1b12a6b48dd1b3c26eac3261ac269d75
SHA256ddcfa81a23140f898d4f17252419f624be5769db238e203a6c202b6db079dbbf
SHA5124296a0ac6901d03b205a35ea30d805a56d7ad33fe07c222c8df9b258652000e487c160f9e7e99003c3329f243fb2e2e67b499db3c0928c236995c39a3c8a5648
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\1f207e8c-0333-4742-918f-b3fb22d9721e.tmpFilesize
371B
MD5e707c2b6e556d857037047f5d72122b6
SHA111fc71960fa582303ce7f19e3da99eb2b7cff127
SHA25692c96dedabb219d5fbeb5f5ad047c7699e6117d4bd336353e84bdc7866a769dd
SHA51272e60e5bcf1e5ac0ead97a5ce79c5bccb9bed478b5209d1950adb19db522af2ce65fe4b285bfcbb47db5d860753422b79b45e9c618a9cc253e82211d37f2121a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
3KB
MD5e89f6b8423bd986ef7128a61a60944bc
SHA118dd56305655180e7547c60e20d6642f6fe398d2
SHA2563699af83da27a41b069153b827f12e2891e78c374628d1e19e7720df1abbcc2c
SHA512c7b50c1d82790ef8af25e56ca3316694093255969234668b2dfd280fca3a265f5b7ff5e2e839d0d5f4945c0392643aa256327b8cec0be77ca665aadf9dc43638
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD5f155e6f1aee56948b2451790c05c43e4
SHA1c271947e3862df85bf5d72ca24437b6d443d9147
SHA25638ee25c848bc38c4c94d14620752bbfc6cc41c638b8c481f1e8156afa8a2cc8e
SHA512a642d4ff15f8fce956fc9e492f1573f4ce8cf2123898d1ddf22943ae5deb9ff8282227f2254c4b7198ebf9e98d60f4901211b1ff65b7dea4e1850dae3cc7c330
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD51876d82de204f43273e36ba43bcd8e52
SHA1c1dc48693ccf17be158d118d0733375dfebe9163
SHA256a2813018c951326154058df21202d1612d1e56b826f4c9fc7917690f6691d01f
SHA512d4080be29f165566ca95ccee2283f60964259379be2cf6444b411151198b021db31f5763c04c02aabae37cb171c880814515709fec710c641aa2e8b472970c5a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD5fab889c553bb4ca6ddbf70f7b4082959
SHA1f475b829591fef1f77667cabaa5668984f49c554
SHA2566df02eb9da86f7d358e04771f1af4f1577d81e554d57de5baf5660f6d28f2da5
SHA5120354294de73f2a2d2e780b8d71d4b54a14815879cbcbb57b898c201935b2efb49071a95f62f974d00db2586feeca020e4af52dd7fd1abbcbf8cff074f4e04daf
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
5KB
MD52aa5196417db5d0b17fdfed9de78c07d
SHA1f494019897011511a3dbe96ef8dfaa34e2764e14
SHA2565cbc72e997f25c71d6edc2be1e26c70b24bb1b03639cf16e8de842715215c083
SHA51276f879015dd025e053a70e98e4f622d262d028a25c8b7afe2fef9290adc02422411b13756a847c5c875e7e8b9c58eb46d233923968edb7ab58271f406a438ec8
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD55e95a4b0f425d05a55b181a9ffad65e0
SHA19ce18bcc33f1cac602d75e5ba2902e8735f7acf8
SHA2564e61df1139aa987836c344c003ef0d9a15129314911f413c9133eb37d06b762a
SHA5129d11870ab4bb435936a76d2a677b14409b4173cd03be8807ee84aad3c1042530e5c154ad2b37cea2fdc242f94e171961384d879aaf3970d14e50f5aa90d357da
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txtFilesize
56B
MD5ae1bccd6831ebfe5ad03b482ee266e4f
SHA101f4179f48f1af383b275d7ee338dd160b6f558a
SHA2561b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649
SHA512baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe575573.TMPFilesize
120B
MD58ed18d4be8fe109a8aaf79f114ec9def
SHA1666980d85924d8823cbb73f12bac925c24ba4638
SHA2569785ae7c4c616e08e2f5a57a92e234f63f39193c0fb815cd09f205c9d6f62894
SHA512830543bf7d8d946b1c57f2d9df62231a8fe6b084781dbf41e14567b108f3af51e910d19bfa1cc12afbab8046349350576018a544a839e5f44982acfc871e134a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
173KB
MD5df69b8646c915d5ef6beaba052cdb9a2
SHA1d61e8db9d462c7e4b74f379de4402f8cf46a9db5
SHA256516b1e5515dd2ddf10db694df345ec76c2487a754b34f28910f2c7d1b0a7fb2e
SHA51293a624443e61218169ed17f97079208feef77b59d13ced94a29dc54612a5fc341eb1cb0d53a963bee2a87d9ab23431a1854ec485cad43910ef3f16955508158f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
173KB
MD5b0592b7cc9e9a18f81d3feba455ce01b
SHA17381a34f642e25558d7321125e787d152e939e04
SHA256cbc88def87933545e064190d469509abaa795967ee8f645ca2014301a7fde80d
SHA512320e5bd220c4ae44772ae7f7f74518aec98c1919bb301e16e3fd0d4522a200684ea0c9c75dcfa6cddf249f7d73b25ce000b561d2bf21264bed95f088bd100c48
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
173KB
MD5f34f7765a54840a5fb760fce90a2244c
SHA156e427552e1ed6e73e009844c22a462d429d20d4
SHA256133b6e6d8851eb19fabe8a0527069c192b0f07f81e8a3f6c951d67b6f5ff335e
SHA5128cab457fbaaf61ea67f2e13ac00f1ea0346bd464d7978453fffe64ae9c159c98535bd0648d31e26c3a2a98bd98e7194fc68f832eeb389b607966d7c5bda8a0ad
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info CacheFilesize
98KB
MD53ba303b49a1084543217941a8e241888
SHA158a1c6d2003e7484597dcad7b5bdacea5f360052
SHA25615fcbd8ed8f371a41a0d71930e545cce81960a223e3e0a176ce7485c25d32350
SHA5127499daef57f0f659a867024ba2f250bb1d20d597ff0099abebfaf62d9028c88423d58ce3193150883240f6f705ed277d9e3477ed7036a55f90921ab493055a92
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe576f44.TMPFilesize
93KB
MD5b14fa62505ea7532811790acdb01bf2c
SHA1032b6ce8a5238350d0a3e0567b81a12bd3cb80ba
SHA256cf9873e8bc40e87688937841e1854081569d7891673ffd3d342dd1dfb6b103f2
SHA512df5b55818ed41601a2e0b3f142d119dfc1f41151d13515aa80040e433f3de7e5ee7885c08830631a79dbdea12d4cf21a2597b3f491f70b6aba55fe938d85b701
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.jsonFilesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\O4HR65AL\pipe[2].htmFilesize
235KB
MD50c1218c21d5f03592d06789897947806
SHA1b6cfa8fbb964c3049de005a5d6db9b69b8dcc3f2
SHA2561e3521898a31ae290e25f2d4a2ab484a87e8478b3dddb1ee99591fcfaaa7d209
SHA51264feff90f58b6abaaee5fd4491d5ae2ebb087aa688eac0d86e6d6f87be94b5b3d334c80f1248c8e20d0060d1232d0cdcfd2dfafd74c2ae8f3f0afc470bd017d4
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\IP00JWL1.cookieFilesize
242B
MD5f000f12f1bd7ce8a0938c8014beef45d
SHA106aca04eb1c1cb8e4352da378bcedb40690d0c9c
SHA256668460fd31a193a80bbd0c5ecb79e0356f1f0b611aaf8803602213cac438b83a
SHA512c3b57e0141ca72f9651a7e784265d1350e0dbf32b5e30bb35a2c8fda0a21580295d82140ea56f4b5a6ae37df662dc72fdee973da840c654ecbd82e4383bad6ab
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\ADIRGC9S\favicon[1].icoFilesize
5KB
MD5f3418a443e7d841097c714d69ec4bcb8
SHA149263695f6b0cdd72f45cf1b775e660fdc36c606
SHA2566da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA51282d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563
-
C:\Users\Admin\AppData\Local\Temp\KnoAB77.tmpFilesize
88KB
MD5002d5646771d31d1e7c57990cc020150
SHA1a28ec731f9106c252f313cca349a68ef94ee3de9
SHA2561e2e25bf730ff20c89d57aa38f7f34be7690820e8279b20127d0014dd27b743f
SHA512689e90e7d83eef054a168b98ba2b8d05ab6ff8564e199d4089215ad3fe33440908e687aa9ad7d94468f9f57a4cc19842d53a9cd2f17758bdadf0503df63629c6
-
C:\Users\Admin\AppData\Local\Temp\~DFDC29EFB010F8CA6D.TMPFilesize
16KB
MD51310118a5bf65e2b20151dd1c0f957c5
SHA104e2ad3e7dbfdc3ab3a7290ac95b4dc7b0f71021
SHA25631f649ee0091fe4c6573cb542c72f96928f9429bba77e2a262d8fc765cc12276
SHA512941063d54febb733ae62f1702ebcc35b1087e14b0b559e74af3535839cce03b1e6f5e397662e28b8b40498df26a1c9aac2ff853849d4a16c8a1f718571c5db51
-
C:\Users\Admin\AppData\Roaming\MEMZ.exeFilesize
12KB
MD5a7bcf7ea8e9f3f36ebfb85b823e39d91
SHA1761168201520c199dba68add3a607922d8d4a86e
SHA2563ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42
SHA51289923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523
-
C:\Users\Admin\AppData\Roaming\MEMZ.exeFilesize
12KB
MD5a7bcf7ea8e9f3f36ebfb85b823e39d91
SHA1761168201520c199dba68add3a607922d8d4a86e
SHA2563ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42
SHA51289923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523
-
C:\Users\Admin\AppData\Roaming\MEMZ.exeFilesize
12KB
MD5a7bcf7ea8e9f3f36ebfb85b823e39d91
SHA1761168201520c199dba68add3a607922d8d4a86e
SHA2563ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42
SHA51289923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523
-
C:\Users\Admin\AppData\Roaming\MEMZ.exeFilesize
12KB
MD5a7bcf7ea8e9f3f36ebfb85b823e39d91
SHA1761168201520c199dba68add3a607922d8d4a86e
SHA2563ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42
SHA51289923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523
-
C:\Users\Admin\AppData\Roaming\MEMZ.exeFilesize
12KB
MD5a7bcf7ea8e9f3f36ebfb85b823e39d91
SHA1761168201520c199dba68add3a607922d8d4a86e
SHA2563ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42
SHA51289923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523
-
C:\Users\Admin\AppData\Roaming\MEMZ.exeFilesize
12KB
MD5a7bcf7ea8e9f3f36ebfb85b823e39d91
SHA1761168201520c199dba68add3a607922d8d4a86e
SHA2563ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42
SHA51289923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523
-
C:\Users\Admin\AppData\Roaming\MEMZ.exeFilesize
12KB
MD5a7bcf7ea8e9f3f36ebfb85b823e39d91
SHA1761168201520c199dba68add3a607922d8d4a86e
SHA2563ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42
SHA51289923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523
-
C:\Users\Admin\AppData\Roaming\MEMZ.exeFilesize
12KB
MD5a7bcf7ea8e9f3f36ebfb85b823e39d91
SHA1761168201520c199dba68add3a607922d8d4a86e
SHA2563ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42
SHA51289923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523
-
C:\Users\Admin\Downloads\MEMZ 3.0 (1).zipFilesize
15KB
MD5230d7dcb83b67deff379a563abbbd536
SHA1dc032d6a626f57b542613fde876715765e0b1a42
SHA256a9cd3d966d453afd424d9ac54df414b80073bb51d249f4089185976fb316e254
SHA5127dff68e3f9be9320872ccb105b2e87f15b23807af96ca195a38a249d868468632c3d5811d9a51295ec89fe702d821c9466f93994993951d1238f07f096fb7d77
-
C:\Users\Admin\Downloads\MEMZ 3.0 (1)\MEMZ 3.0\xFilesize
4KB
MD5c6e68ff1dc039af122429c3c5418630f
SHA1771938ab02aaf6714782ea1c70420794848b1d9c
SHA256b18e0bb23b9b78ca561b9499853ec5be84f67fcb7db5c7e207c6da1b89c17dbb
SHA512837b8b31d381030b79a1b85449238b8770999dde21dd705aec81a0205cfc40cb2f65fb7877de479bae9ca96c1233a62078332c93db764389bd6f26985b61c9b7
-
C:\Users\Admin\Downloads\MEMZ 3.0 (1)\MEMZ 3.0\xFilesize
10KB
MD5fc59b7d2eb1edbb9c8cb9eb08115a98e
SHA190a6479ce14f8548df54c434c0a524e25efd9d17
SHA256a05b9be9dd87492f265094146e18d628744c6b09c0e7efaabf228a9f1091a279
SHA5123392cfc0dbddb37932e76da5a49f4e010a49aaa863c882b85cccab676cd458cfc8f880d8a0e0dc7581175f447e6b0a002da1591ecd14756650bb74996eacd2b1
-
C:\Users\Admin\Downloads\MEMZ 3.0 (1)\MEMZ 3.0\x.jsFilesize
448B
MD58eec8704d2a7bc80b95b7460c06f4854
SHA11b34585c1fa7ec0bd0505478ac9dbb8b8d19f326
SHA256aa01b8864b43e92077a106ed3d4656a511f3ba1910fba40c78a32ee6a621d596
SHA512e274b92810e9a30627a65f87448d784967a2fcfbf49858cbe6ccb841f09e0f53fde253ecc1ea0c7de491d8cc56a6cf8c79d1b7c657e72928cfb0479d11035210
-
C:\Users\Admin\Downloads\MEMZ 3.0 (1)\MEMZ 3.0\z.zipFilesize
7KB
MD5cf0c19ef6909e5c1f10c8460ba9299d8
SHA1875b575c124acfc1a4a21c1e05acb9690e50b880
SHA256abb834ebd4b7d7f8ddf545976818f41b3cb51d2b895038a56457616d3a2c6776
SHA512d930a022a373c283f35d103e277487c2034a0b0814913b8f6ec695b45e20528667aa830eeab58e4483d523bd6a755a16a5379095cb137db6c91909a545a19a2f
-
C:\Users\Admin\Downloads\MEMZ 3.0 (1)\MEMZ 3.0\z.zipFilesize
7KB
MD5cf0c19ef6909e5c1f10c8460ba9299d8
SHA1875b575c124acfc1a4a21c1e05acb9690e50b880
SHA256abb834ebd4b7d7f8ddf545976818f41b3cb51d2b895038a56457616d3a2c6776
SHA512d930a022a373c283f35d103e277487c2034a0b0814913b8f6ec695b45e20528667aa830eeab58e4483d523bd6a755a16a5379095cb137db6c91909a545a19a2f
-
C:\note.txtFilesize
218B
MD5afa6955439b8d516721231029fb9ca1b
SHA1087a043cc123c0c0df2ffadcf8e71e3ac86bbae9
SHA2568e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270
SHA5125da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf
-
\??\pipe\crashpad_4928_CTKZCVJOWNRBWOFRMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/3328-848-0x000002B0732E0000-0x000002B0732E1000-memory.dmpFilesize
4KB
-
memory/3328-755-0x000002B06CF20000-0x000002B06CF30000-memory.dmpFilesize
64KB
-
memory/3328-773-0x000002B06D700000-0x000002B06D710000-memory.dmpFilesize
64KB
-
memory/3328-792-0x000002B06D510000-0x000002B06D511000-memory.dmpFilesize
4KB
-
memory/3328-794-0x000002B06D550000-0x000002B06D552000-memory.dmpFilesize
8KB
-
memory/3328-796-0x000002B0719E0000-0x000002B0719E2000-memory.dmpFilesize
8KB
-
memory/3328-797-0x000002B071A10000-0x000002B071A12000-memory.dmpFilesize
8KB
-
memory/3328-849-0x000002B0732F0000-0x000002B0732F1000-memory.dmpFilesize
4KB
-
memory/3572-821-0x00000233FD780000-0x00000233FD782000-memory.dmpFilesize
8KB
-
memory/3572-828-0x00000233FDA00000-0x00000233FDA02000-memory.dmpFilesize
8KB
-
memory/3572-830-0x00000233FDAC0000-0x00000233FDAC2000-memory.dmpFilesize
8KB
-
memory/3572-832-0x00000233FDF50000-0x00000233FDF52000-memory.dmpFilesize
8KB
-
memory/3572-835-0x00000233FDF70000-0x00000233FDF72000-memory.dmpFilesize
8KB
-
memory/3572-837-0x00000233FDF90000-0x00000233FDF92000-memory.dmpFilesize
8KB
-
memory/3572-826-0x00000233FD9E0000-0x00000233FD9E2000-memory.dmpFilesize
8KB
-
memory/3572-824-0x00000233FD7A0000-0x00000233FD7A2000-memory.dmpFilesize
8KB
-
memory/3572-819-0x00000233FD760000-0x00000233FD762000-memory.dmpFilesize
8KB