hxxp://steamunlocked[.]net

Analysis

max time kernel
149s
max time network
135s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
23/02/2024, 15:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://steamunlocked.net

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1712835645-2080934712-2142796781-1000\{B66B7C58-45D0-456D-95ED-DE6729B0D459}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
2368	msedge.exe
2368	msedge.exe
4304	msedge.exe
4304	msedge.exe
4368	identity_helper.exe
4368	identity_helper.exe
3656	msedge.exe
3656	msedge.exe
1356	msedge.exe
1356	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2032	MEMZ-Destructive.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4304 wrote to memory of 3084	4304	msedge.exe	17
PID 4304 wrote to memory of 3084	4304	msedge.exe	17
PID 4304 wrote to memory of 1168	4304	msedge.exe	43
PID 4304 wrote to memory of 1168	4304	msedge.exe	43
PID 4304 wrote to memory of 1168	4304	msedge.exe	43
PID 4304 wrote to memory of 1168	4304	msedge.exe	43
PID 4304 wrote to memory of 1168	4304	msedge.exe	43
PID 4304 wrote to memory of 1168	4304	msedge.exe	43
PID 4304 wrote to memory of 1168	4304	msedge.exe	43
PID 4304 wrote to memory of 1168	4304	msedge.exe	43
PID 4304 wrote to memory of 1168	4304	msedge.exe	43
PID 4304 wrote to memory of 1168	4304	msedge.exe	43
PID 4304 wrote to memory of 1168	4304	msedge.exe	43
PID 4304 wrote to memory of 1168	4304	msedge.exe	43
PID 4304 wrote to memory of 1168	4304	msedge.exe	43
PID 4304 wrote to memory of 1168	4304	msedge.exe	43
PID 4304 wrote to memory of 1168	4304	msedge.exe	43
PID 4304 wrote to memory of 1168	4304	msedge.exe	43
PID 4304 wrote to memory of 1168	4304	msedge.exe	43
PID 4304 wrote to memory of 1168	4304	msedge.exe	43
PID 4304 wrote to memory of 1168	4304	msedge.exe	43
PID 4304 wrote to memory of 1168	4304	msedge.exe	43
PID 4304 wrote to memory of 1168	4304	msedge.exe	43
PID 4304 wrote to memory of 1168	4304	msedge.exe	43
PID 4304 wrote to memory of 1168	4304	msedge.exe	43
PID 4304 wrote to memory of 1168	4304	msedge.exe	43
PID 4304 wrote to memory of 1168	4304	msedge.exe	43
PID 4304 wrote to memory of 1168	4304	msedge.exe	43
PID 4304 wrote to memory of 1168	4304	msedge.exe	43
PID 4304 wrote to memory of 1168	4304	msedge.exe	43
PID 4304 wrote to memory of 1168	4304	msedge.exe	43
PID 4304 wrote to memory of 1168	4304	msedge.exe	43
PID 4304 wrote to memory of 1168	4304	msedge.exe	43
PID 4304 wrote to memory of 1168	4304	msedge.exe	43
PID 4304 wrote to memory of 1168	4304	msedge.exe	43
PID 4304 wrote to memory of 1168	4304	msedge.exe	43
PID 4304 wrote to memory of 1168	4304	msedge.exe	43
PID 4304 wrote to memory of 1168	4304	msedge.exe	43
PID 4304 wrote to memory of 1168	4304	msedge.exe	43
PID 4304 wrote to memory of 1168	4304	msedge.exe	43
PID 4304 wrote to memory of 1168	4304	msedge.exe	43
PID 4304 wrote to memory of 1168	4304	msedge.exe	43
PID 4304 wrote to memory of 2368	4304	msedge.exe	42
PID 4304 wrote to memory of 2368	4304	msedge.exe	42
PID 4304 wrote to memory of 1112	4304	msedge.exe	44
PID 4304 wrote to memory of 1112	4304	msedge.exe	44
PID 4304 wrote to memory of 1112	4304	msedge.exe	44
PID 4304 wrote to memory of 1112	4304	msedge.exe	44
PID 4304 wrote to memory of 1112	4304	msedge.exe	44
PID 4304 wrote to memory of 1112	4304	msedge.exe	44
PID 4304 wrote to memory of 1112	4304	msedge.exe	44
PID 4304 wrote to memory of 1112	4304	msedge.exe	44
PID 4304 wrote to memory of 1112	4304	msedge.exe	44
PID 4304 wrote to memory of 1112	4304	msedge.exe	44
PID 4304 wrote to memory of 1112	4304	msedge.exe	44
PID 4304 wrote to memory of 1112	4304	msedge.exe	44
PID 4304 wrote to memory of 1112	4304	msedge.exe	44
PID 4304 wrote to memory of 1112	4304	msedge.exe	44
PID 4304 wrote to memory of 1112	4304	msedge.exe	44
PID 4304 wrote to memory of 1112	4304	msedge.exe	44
PID 4304 wrote to memory of 1112	4304	msedge.exe	44
PID 4304 wrote to memory of 1112	4304	msedge.exe	44
PID 4304 wrote to memory of 1112	4304	msedge.exe	44
PID 4304 wrote to memory of 1112	4304	msedge.exe	44

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://steamunlocked.net
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa5ea546f8,0x7ffa5ea54708,0x7ffa5ea54718
  2⤵
  PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,311701208735523994,11556118998280504794,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,311701208735523994,11556118998280504794,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,311701208735523994,11556118998280504794,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
  2⤵
  PID:1112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,311701208735523994,11556118998280504794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,311701208735523994,11556118998280504794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,311701208735523994,11556118998280504794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4076 /prefetch:1
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,311701208735523994,11556118998280504794,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3556 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,311701208735523994,11556118998280504794,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3556 /prefetch:8
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,311701208735523994,11556118998280504794,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,311701208735523994,11556118998280504794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,311701208735523994,11556118998280504794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,311701208735523994,11556118998280504794,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,311701208735523994,11556118998280504794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1948 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,311701208735523994,11556118998280504794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,311701208735523994,11556118998280504794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2056,311701208735523994,11556118998280504794,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6048 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2056,311701208735523994,11556118998280504794,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5648 /prefetch:8
  2⤵
  PID:980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,311701208735523994,11556118998280504794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,311701208735523994,11556118998280504794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,311701208735523994,11556118998280504794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2056,311701208735523994,11556118998280504794,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6420 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,311701208735523994,11556118998280504794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3632 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2056,311701208735523994,11556118998280504794,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5732 /prefetch:8
  2⤵
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,311701208735523994,11556118998280504794,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2000

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3196

C:\Users\Admin\AppData\Local\Temp\Temp1_memz-master.zip\MEMZ-master\MEMZ-Clean.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_memz-master.zip\MEMZ-master\MEMZ-Clean.exe"
1⤵
PID:1928

C:\Users\Admin\AppData\Local\Temp\Temp1_memz-master.zip\MEMZ-master\MEMZ-Destructive.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_memz-master.zip\MEMZ-master\MEMZ-Destructive.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e189354a800c436e6cec7c07e6c0feea

SHA1
5c84fbda33c9276736ff3cb01d30ff34b032f781

SHA256
826adca1e688de79a3ec5b91c75990927fb2a33ae717f474608c68336053f427

SHA512
ceb069a5e83a634503e253846fa17b8bf7aaa539c3353ce61251633d69068e24c5eadd1b496f43058790d2b513e65d2c0b0213730813d0b58bb82a00596e05e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9e3e150cfe464e9ebf0a6db1aa5e7a2

SHA1
3cb184e2781c07ac000661bf82e3857a83601813

SHA256
2325a6292907263d1fb089a09f22fbcc6bad56f4961d427efdef1abaef097bcc

SHA512
f5eb1e76eb9441cf5000d8d4db9296077b61714ead5012779c084b37f4bba07614055738f5dce69b13b25975d9b7c03eab049b7685eee09b23fd8d4a7d71a039

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
8937d889b376d09d839599ee53ce8b5f

SHA1
8c181f661eb910fffd9be9d606c0e5a697e8049b

SHA256
bd7ae56273f0a9760c9b1ec100f1e63c90fb3edc10cdef87ddd76afa8866723e

SHA512
2a2069a04297b0f6717887b5049a16a65e0b914f0937144f858537079272c9cad74564b5448238f2863c9fa6b75a3e6222b7ee03c9133d61c5ab41de0503726b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
a6b1fa28decbbf13bea57e72ee062119

SHA1
6c9363ebd902cb91f00076628529b0c67f727457

SHA256
4e0bfd4f60045e1db0d4168525c9a154ed4d4baee2fe5213a4f64e5fd2847b30

SHA512
fe0e4480f095c50c8d3f9585c3597b22811a90aae8bbc35e031681de0aa10b0784c6424d5891510318ae8bae22623119410250dc099db5277e04fb98ca16ab30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
a3adc9b6a04110de7dc9bec5dc4db900

SHA1
d7ded71c73a6b12e6d1542e4c932dd59d4bcb9b8

SHA256
54134fad42ad3c956e638c1037c714ca2a1954ac8c5b461d85e51806e0fdee8d

SHA512
66d46c87507f1a2aa1c1d7318085c2b7ab19b21cb51279f65c7e259821515070f7a58e7941425ff199ddcd9626b0c377ed1204638a954d3cb564262cc0ba557a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
2ba22983fdba1ff4a29c509b652db4b2

SHA1
3590a1676539fb9cb7d825850183b5fc00b4e8c0

SHA256
eaf70663cc32180013e2edd945d5ee8c74afcc961dc9ce1405a56556d7f90ce0

SHA512
59b5f65b12d279a371aea7a03f7d4a619b8cc9448b9ccf4b6a683b36fc323f824d94d59d60c0a62c3b228bec2a8dbc3b8222039fe4e2527e85f1607473cd40c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
4bff96c3c03373568db448637dc3914b

SHA1
9f500b5f828ed30645324597ba81c66c3a46e2a8

SHA256
6f00d5daa5ef4705d82105037cc4a48f4b85f8edbbcb02995f7f793df0c7fbe9

SHA512
0ef5012fd7c67154921306a1343be9137c2f0f7b5d5413aab68024c87ad191784d1a623466be3d684c4fcd6ea837d8e2553b7dfcb90030aa4cc1c19c5b68534b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
420f551502e71ab59958e84497f3e56b

SHA1
0fdff74b6239daac859905e3030e5a683d16c666

SHA256
a553dc158d6446bb94e65633e3dae5def6acaeffe4009c9f12aebf20980700b8

SHA512
37f92049143bb56a935bfced7a16d0a697669f1b43a43672734f4c0b87077d0c09f8640c5ca5f520ca2afe5f545c09bbe1bea8038aa376968fa42cb071d8b67c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
44134795e7989fc69cef789c17b14bdc

SHA1
43a21ea9db264d9b5081bd64577f6e5749398f06

SHA256
db5e28077217f2737f5178e4fab21b5784fe003b5b4ff8a0615345c06c8d4452

SHA512
8ec79cd89d0e8f0a25db280cea84272d0922545418d696087630c74d713af4808f6062618d139cda4f10f926617884cc71b9b88ccd461f0bddae0440757384ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
64ffc06ef6de3629140e9f630c5edcf8

SHA1
e41648e56d8da11e27f04eab8e04b9048328264b

SHA256
1ef4984380df57a05028050e1706e9b65b84671eeeea232717669a13481513b0

SHA512
ec59103e5b96ccb0918b6343b6906488ff769e918f20c29071346e4e7bed62a42555f4b5794f184899617cd19b7ba69b81a03a0d0f3af7f35c3179c127b2f4c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5c72c62bdb44b8c01f937ead3d4ee349

SHA1
437ecc2011397aefb8c7496adfac1a6a83ed6794

SHA256
04886ae4408ce0d110a3b2f854c4b0b0012ebb6aeaca7b6be4eb53608d1b58ab

SHA512
fea1d13b7e682a7605522ca90f9d3b2a27260fc94aa3a1376686da9881e7042050a45adcfffe31b8c1b51ce79e59f8d67c68de9971c27780f1ba3bbc9aa185e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e5017ed7cb1f9a4f7cfffcd55335760a

SHA1
e92f07e0f2916bfb9a0d41daf12381cd95e008aa

SHA256
f76089af5293d60c7b0c7478ee0e0e84b71aa4073769f24008a62a896af1d858

SHA512
7dc2cba4498fd397f31cb4f659b897598342604720753557524205f60629e6d88014d8a086f189d8be5baed9caa9e4c1a4d94319179f50e774eba49226d16bf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a044fa8be81b73af20edb1b7aa644e12

SHA1
908cd514635446540ad24bf6c179b1351c8f42b4

SHA256
57aca7a743d9307000a27b8b52d67259e7473f806062f8e5baacb7cad4a534bc

SHA512
a7d31f4465d4f9c8d6c968d4fa490f7f998a89d2117268ee82810efc6b69a89a5858d957686c009d9351879f8a330b8ca0f56eaac64e6bd70406c8d05194274c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
41f38b3e923fcfd762f066eb732ae228

SHA1
fd159523de158072ef86fc12d5817f3c53f0e943

SHA256
82b29637321c9062da4cf8f4f80d60c9d6f244e5bb213b674c54d3e907ca92cd

SHA512
907a1540d9c4d860cc75722aff1389443e27560d7d1865e7b5ea16d21b29f4806b078b7dbd7f02258589724a78bfa9f3beac0d44aed14018fe4df977666d71b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b4ce46117485a6d7814ae4ee12540efa

SHA1
db0ba3e9520336e1b2605ff21d5b691832dd4a2e

SHA256
838ceecd4e728051cccda556d926d4328aa7fb6f092feccb4ecc48b04795a881

SHA512
5d8eea46e49d0b5ee545430591d13abd8a875d63c09f17d1184effd71e28b34290b277c173586f24721ff772582e6afa57dd48cdcec009716a6b832299cb3ffe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580ec0.TMP

Filesize
371B

MD5
03ce3acc50f74b76fa1b210cd821bdf7

SHA1
7e5283bf2095eb586ce1250e945a5cb4abb10a9b

SHA256
cefa797f0da4184822180219280c25f92d529acad5b8d64979aa64ad3d647029

SHA512
8f467396e871978f97a5659b6bb1cae40fb32c6922462b5f08231283433bb633676993edbbe523c7252469a38b46eab91a175b23300834812ad952c25fa37025

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d55e8551-7abf-4582-9070-c89b6de91c77.tmp

Filesize
2KB

MD5
15192cf9c173439585feed5ce30317bb

SHA1
99e0d3c71aea43d3fa92edf2505e5bffc28978fb

SHA256
2a64af3e3e669ab5857f8ebd15dd598369fb138348599e9463ff770a93daff9c

SHA512
f55ce98597864710a5b65d6b275b3b2242b7ca05367167b3179555237f6e8cd838a5d3f76010689d231aac8875b18e49e8ebeb224823735d1980ea46f8bf4002

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
75b5706764abca1789ade7e0fc10bca3

SHA1
5b1aa7330ba1ed85adeb4cbd304fa1f91f660a19

SHA256
2feac8f1ebd97a394320937efdf79088f7ff77bd2fdc79b747c62915a9c365ee

SHA512
802845dbc199c0b6de430d99ae7d50851f3664c2cd68b15393b971d5002f9d958a3e46dfc2f75b736db4419f8943accb5076be70586cb1a3589fec3007eb3807

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
aa0be32c05b29f006bb0606999c7e1cd

SHA1
2a8887e057d9392de488563d2f70ddf338877815

SHA256
7cc7d4d918a9e3dcb16363991a0a2c1f44682484a795540c020961703b45f753

SHA512
a16a09078caada768801d120311d0f5e118f5be7728d3e0855d16bd8a4738b801713176f8d1fb478c325bdf49e38f56435daf3132397be3757dfe66bc3dbcd78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
74f6bb5174a554d36453edafc7c473eb

SHA1
2819cc0bb6d0f532277ea4148e722d0d39c83dca

SHA256
90bf4e4a96b2e3c0c55286e4b0c48b7f5f59ecf48f9f9a7a3f623edf6b7af2e6

SHA512
6b6578ed22aff75a41546cd3e31c57c5f35cb5c1a09ac7e41ec73efac8ddeb3a02c40911a3392eccbc334fd1e10f4eb5add475d6ba8eca67ed71ff2450e4b4de

Download Submit
C:\Users\Admin\Downloads\memz-master.zip

Filesize
17KB

MD5
4790677e05d72ef7429dddf35562bf4a

SHA1
4243d6ea53db7e8cc0c355e70d6cffb54787b90b

SHA256
319bf6087040d17b87f46cd05f5ee064c291ba9ca46e1910f28d1f4c57cb3d96

SHA512
a93c5f691938bc1bdd9ef20b975f0b22cf494543e7df82ec31838bf811552ead5cd855959be4e47186ee7de944be005030f52f58b9dc85e7cde719cb97b794e3

Download Submit