Overview

overview

10

Static

static

3

BUG32.exe

windows7-x64

BUG32.exe

windows10-2004-x64

MEMZ 3.0/MEMZ.bat

windows7-x64

7

MEMZ 3.0/MEMZ.bat

windows10-2004-x64

7

MEMZ 3.0/MEMZ.exe

windows7-x64

6

MEMZ 3.0/MEMZ.exe

windows10-2004-x64

7

MEMZ-Destructive.exe

windows7-x64

6

MEMZ-Destructive.exe

windows10-2004-x64

7

Trojan.Win32.000.exe

windows7-x64

Trojan.Win32.000.exe

windows10-2004-x64

Trojan.Win...or.exe

windows7-x64

Trojan.Win...or.exe

windows10-2004-x64

Trojan.Win...sk.exe

windows7-x64

6

Trojan.Win...sk.exe

windows10-2004-x64

6

Resubmissions

03-03-2024 13:51

240303-q5vgpscb85 10

03-03-2024 13:45

240303-q2r76sbd9y 10

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-03-2024 13:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    MEMZ 3.0/MEMZ.bat

  • Size

    12KB

  • MD5

    13a43c26bb98449fd82d2a552877013a

  • SHA1

    71eb7dc393ac1f204488e11f5c1eef56f1e746af

  • SHA256

    5f52365accb76d679b2b3946870439a62eb8936b9a0595f0fb0198138106b513

  • SHA512

    602518b238d80010fa88c2c88699f70645513963ef4f148a0345675738cf9b0c23b9aeb899d9f7830cc1e5c7e9c7147b2dc4a9222770b4a052ee0c879062cd5a

  • SSDEEP

    384:nnLhRNiqt0kCH2LR0GPXxGiZgCz+KG/yKhLdW79HOli+lz3:nLhRN9t0SR4iZtzlREBWhuF

Score
7/10
bootkitpersistence

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 7 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 57 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 20 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1400
    • C:\Windows\system32\cscript.exe
      cscript x.js
      2⤵
        PID:3552
      • C:\Users\Admin\AppData\Roaming\MEMZ.exe
        "C:\Users\Admin\AppData\Roaming\MEMZ.exe"
        2⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:2376
        • C:\Users\Admin\AppData\Roaming\MEMZ.exe
          "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
          3⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          PID:3300
        • C:\Users\Admin\AppData\Roaming\MEMZ.exe
          "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
          3⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          PID:1376
        • C:\Users\Admin\AppData\Roaming\MEMZ.exe
          "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
          3⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          PID:1656
        • C:\Users\Admin\AppData\Roaming\MEMZ.exe
          "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
          3⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          PID:2012
        • C:\Users\Admin\AppData\Roaming\MEMZ.exe
          "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
          3⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          PID:2336
        • C:\Users\Admin\AppData\Roaming\MEMZ.exe
          "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /main
          3⤵
          • Checks computer location settings
          • Executes dropped EXE
          • Writes to the Master Boot Record (MBR)
          • Modifies registry class
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2308
          • C:\Windows\SysWOW64\notepad.exe
            "C:\Windows\System32\notepad.exe" \note.txt
            4⤵
              PID:640
            • C:\Windows\SysWOW64\calc.exe
              "C:\Windows\System32\calc.exe"
              4⤵
              • Modifies registry class
              PID:4780
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/
              4⤵
              • Enumerates system info in registry
              • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
              • Suspicious use of FindShellTrayWindow
              • Suspicious use of SendNotifyMessage
              • Suspicious use of WriteProcessMemory
              PID:4520
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa6bd846f8,0x7ffa6bd84708,0x7ffa6bd84718
                5⤵
                  PID:4516
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,10402314222304443289,7069914004790273578,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
                  5⤵
                    PID:1332
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,10402314222304443289,7069914004790273578,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
                    5⤵
                      PID:3224
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,10402314222304443289,7069914004790273578,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
                      5⤵
                        PID:3784
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10402314222304443289,7069914004790273578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
                        5⤵
                          PID:1528
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10402314222304443289,7069914004790273578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
                          5⤵
                            PID:1168
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10402314222304443289,7069914004790273578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3996 /prefetch:1
                            5⤵
                              PID:3684
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10402314222304443289,7069914004790273578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
                              5⤵
                                PID:4360
                              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,10402314222304443289,7069914004790273578,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 /prefetch:8
                                5⤵
                                  PID:4424
                                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,10402314222304443289,7069914004790273578,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 /prefetch:8
                                  5⤵
                                    PID:1468
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10402314222304443289,7069914004790273578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1
                                    5⤵
                                      PID:2384
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10402314222304443289,7069914004790273578,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
                                      5⤵
                                        PID:4316
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10402314222304443289,7069914004790273578,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
                                        5⤵
                                          PID:4524
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10402314222304443289,7069914004790273578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
                                          5⤵
                                            PID:3840
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10402314222304443289,7069914004790273578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
                                            5⤵
                                              PID:4984
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10402314222304443289,7069914004790273578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
                                              5⤵
                                                PID:1892
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10402314222304443289,7069914004790273578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2144 /prefetch:1
                                                5⤵
                                                  PID:1168
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10402314222304443289,7069914004790273578,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
                                                  5⤵
                                                    PID:3040
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+remove+memz+trojan+virus
                                                  4⤵
                                                    PID:4252
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0x108,0x124,0x7ffa6bd846f8,0x7ffa6bd84708,0x7ffa6bd84718
                                                      5⤵
                                                        PID:3296
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
                                                      4⤵
                                                        PID:1412
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa6bd846f8,0x7ffa6bd84708,0x7ffa6bd84718
                                                          5⤵
                                                            PID:4704
                                                        • C:\Windows\SysWOW64\mmc.exe
                                                          "C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
                                                          4⤵
                                                          • Suspicious use of SetWindowsHookEx
                                                          PID:3044
                                                          • C:\Windows\system32\mmc.exe
                                                            "C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
                                                            5⤵
                                                            • Drops file in System32 directory
                                                            • Drops file in Windows directory
                                                            • Checks SCSI registry key(s)
                                                            • Suspicious use of AdjustPrivilegeToken
                                                            • Suspicious use of SetWindowsHookEx
                                                            PID:4884
                                                  • C:\Windows\system32\OpenWith.exe
                                                    C:\Windows\system32\OpenWith.exe -Embedding
                                                    1⤵
                                                    • Suspicious use of SetWindowsHookEx
                                                    PID:1412
                                                  • C:\Windows\System32\CompPkgSrv.exe
                                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                    1⤵
                                                      PID:3788
                                                    • C:\Windows\System32\CompPkgSrv.exe
                                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                      1⤵
                                                        PID:3380
                                                      • C:\Windows\system32\AUDIODG.EXE
                                                        C:\Windows\system32\AUDIODG.EXE 0x4ac 0x2f8
                                                        1⤵
                                                        • Suspicious use of AdjustPrivilegeToken
                                                        PID:4488

                                                      Network

                                                      MITRE ATT&CK Enterprise v15

                                                      Replay Monitor

                                                      Loading Replay Monitor...

                                                      Downloads

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                        Filesize

                                                        152B

                                                        MD5

                                                        279e783b0129b64a8529800a88fbf1ee

                                                        SHA1

                                                        204c62ec8cef8467e5729cad52adae293178744f

                                                        SHA256

                                                        3619c3b82a8cbdce37bfd88b66d4fdfcd728a1112b05eb26998bea527d187932

                                                        SHA512

                                                        32730d9124dd28c196bd4abcfd6a283a04553f3f6b050c057264bc883783d30d6602781137762e66e1f90847724d0e994bddf6e729de11a809f263f139023d3b

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                        Filesize

                                                        152B

                                                        MD5

                                                        cbec32729772aa6c576e97df4fef48f5

                                                        SHA1

                                                        6ec173d5313f27ba1e46ad66c7bbe7c0a9767dba

                                                        SHA256

                                                        d34331aa91a21e127bbe68f55c4c1898c429d9d43545c3253d317ffb105aa24e

                                                        SHA512

                                                        425b3638fed70da3bc16bba8b9878de528aca98669203f39473b931f487a614d3f66073b8c3d9bc2211e152b4bbdeceb2777001467954eec491f862912f3c7a0

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
                                                        Filesize

                                                        119KB

                                                        MD5

                                                        314bcfb1777e6b073fd4237b0be1905c

                                                        SHA1

                                                        80269e9e27e2fa4b68bb8442ca41ea5c2f95fd82

                                                        SHA256

                                                        b011bf9f220e8e26d9fda55c0b0ed58f11cf406b886a699a236b724d851ecd30

                                                        SHA512

                                                        931376b3c76cac58a62fc95f46bf65a4d6f2f0665380fcc2afc83a1016e4c8fa0fd22ac33c8adb20774da0c80426f9e55288bdc311be2327f299c0b57e0960f9

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
                                                        Filesize

                                                        24KB

                                                        MD5

                                                        b82ca47ee5d42100e589bdd94e57936e

                                                        SHA1

                                                        0dad0cd7d0472248b9b409b02122d13bab513b4c

                                                        SHA256

                                                        d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

                                                        SHA512

                                                        58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                        Filesize

                                                        120B

                                                        MD5

                                                        02787949d684d8871af742ff93c6579b

                                                        SHA1

                                                        166394d2f3a619e195d1d26af6deb47d4b360b68

                                                        SHA256

                                                        a6abe1fbe64cc136feabee106f9529882097864617277a41a6fd39822aa95f4f

                                                        SHA512

                                                        ad7011d6b442f61eaa7539667dad6ab612470eab99b5c416c3288a140218eafeb8e51ceaa524e58e03856848e73fba3ac2250a5c7686ae3b96d7b1094ecdb446

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                        Filesize

                                                        120B

                                                        MD5

                                                        6668655e40621d40b9045132f26e0381

                                                        SHA1

                                                        0e89d0f7ad15f2b13a31b369d52652830b1abab2

                                                        SHA256

                                                        e446514dc6ec47a2da4fba3b0dbb84fae0dc989a0436e7de37d0ad1f5a60d495

                                                        SHA512

                                                        4ab27c6e0a504377bd6ad34d4dbf2f7cc446416cacd5d70b3ca54f948445aff15f6edbdf39c149cc1ddc8ddfca3cf09e73f1c53f4ad64f3f806a028e144a04da

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                        Filesize

                                                        6KB

                                                        MD5

                                                        32474b73876dc9925047102aca42c8b5

                                                        SHA1

                                                        16d32bac649019bf28cf034896c46308e3a67074

                                                        SHA256

                                                        f4d1f862d931dfae19240ade5a3bbee07802541be2daa8135380f3a734491cff

                                                        SHA512

                                                        678d4d6e244bcb4f4f630409249365168ecead70e963fe835da5aa3dfb31d5386802259c344f7bd9b80ecb9479f0966b06a721d7fc22d2cc16707e987a90fe11

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                        Filesize

                                                        6KB

                                                        MD5

                                                        cc54908a9323db675ddfafdbbf8122c3

                                                        SHA1

                                                        bd54a98141559529d0743c7fdd8aa7fad0f66628

                                                        SHA256

                                                        0432ef061e1c7668fd77f71c45e1a352b173fb333e17e5fde2f0ae68cdb07cbe

                                                        SHA512

                                                        27f7a4ee93a36dcc16d4987a88472cb01cf17141f76e120f3dd53b538728b5f73f12e639049d2b1b02aec6f4164d24978f4a8ae81f77e9eb1e773feefca865b2

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                        Filesize

                                                        6KB

                                                        MD5

                                                        be626382ce7dbd16a368bc48ca03e3f4

                                                        SHA1

                                                        4ce11461966b75d99620ccf13831111cadb8fd99

                                                        SHA256

                                                        44ae0c062babc69154114610b64272679c4479a760b5189e8a7802e2c32efa8f

                                                        SHA512

                                                        202e385d66c99ddafcebc1718fe3e8fe9efddafd86043219cf85f238854751efe9ec0b3f5d1a284f6be2dc157cce62b6c65e6e634c9320afd820ca20a530717d

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                        Filesize

                                                        7KB

                                                        MD5

                                                        54b648466f3735597281e2a95340fd61

                                                        SHA1

                                                        ff04087c895e94eb654e2a839ccbdb717931fc06

                                                        SHA256

                                                        5be69e4afb0a5c599b820fa8c85bbcfab85b83648f56fda1b77009f94c7ba815

                                                        SHA512

                                                        d55de03d4a0d615a567b47c5aea4d8b22bd70bffe8e12254a390f9fc391626184c47e9c2280489999d7555ea3df36aabe9c79fd376bf7f9e9bf378098fb07fc9

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                        Filesize

                                                        16B

                                                        MD5

                                                        6752a1d65b201c13b62ea44016eb221f

                                                        SHA1

                                                        58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                        SHA256

                                                        0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                        SHA512

                                                        9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                        Filesize

                                                        11KB

                                                        MD5

                                                        b64ab6d8f637bea7a82da3fdba72d0c4

                                                        SHA1

                                                        e50fdcbff91c700ecf65fd12a813d0beade953fc

                                                        SHA256

                                                        c40e5206d856c7ece353f23e6cfc5d307d781a3cbebdffc933dfbd26c32d2c9c

                                                        SHA512

                                                        d32523d36529f683940c94c870c68c5a4a69fd1c21253b1ca2e1e6198aa25f9b05d586be23345b39e8f89278a84cdcbf4e783e6d8f30fb89207f42aca108fde8

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                        Filesize

                                                        11KB

                                                        MD5

                                                        13f7b3edb8b72683dc8fd5a5833c72dc

                                                        SHA1

                                                        42d8082cfc64de7d90dadf0e2c7233bc2ccdf89d

                                                        SHA256

                                                        6e5f0b648ced7c26ef04ae9d2721c29c8246ed76ee3099b7aba524ed48948ad9

                                                        SHA512

                                                        d90bfc46189f8dbe63131f7102a064fec00fdb64f435a0371cfdba9475e55098ca007b86c45743316802e496e6a565eac754fe761ff8d3e86faa56d5fa87ef31

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                        Filesize

                                                        12KB

                                                        MD5

                                                        4fa56b6fb15cba14b950664bd8d52064

                                                        SHA1

                                                        acdb507a9405ea4f7799a527596b6308ac19b7e7

                                                        SHA256

                                                        02e9d33cd6b08ee00ae472d466451c6582179ca716f905a239cbc205276c2ce7

                                                        SHA512

                                                        f2ffcb5140e147abe1e2b618a54ea14604902ec7952eaaec50045b858585f4c219e1783cfedc00d1c94c3ae48668c50774726121e5113c7f6f54d8cca957a533

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\x
                                                        Filesize

                                                        10KB

                                                        MD5

                                                        fc59b7d2eb1edbb9c8cb9eb08115a98e

                                                        SHA1

                                                        90a6479ce14f8548df54c434c0a524e25efd9d17

                                                        SHA256

                                                        a05b9be9dd87492f265094146e18d628744c6b09c0e7efaabf228a9f1091a279

                                                        SHA512

                                                        3392cfc0dbddb37932e76da5a49f4e010a49aaa863c882b85cccab676cd458cfc8f880d8a0e0dc7581175f447e6b0a002da1591ecd14756650bb74996eacd2b1

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\x
                                                        Filesize

                                                        4KB

                                                        MD5

                                                        b6873c6cbfc8482c7f0e2dcb77fb7f12

                                                        SHA1

                                                        844b14037e1f90973a04593785dc88dfca517673

                                                        SHA256

                                                        0a0cad82d9284ccc3c07de323b76ee2d1c0b328bd2ce59073ed5ac4eb7609bd1

                                                        SHA512

                                                        f3aa3d46d970db574113f40f489ff8a5f041606e79c4ab02301b283c66ff05732be4c5edc1cf4a851da9fbaaa2f296b97fc1135210966a0e2dfc3763398dfcaf

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\x.js
                                                        Filesize

                                                        448B

                                                        MD5

                                                        8eec8704d2a7bc80b95b7460c06f4854

                                                        SHA1

                                                        1b34585c1fa7ec0bd0505478ac9dbb8b8d19f326

                                                        SHA256

                                                        aa01b8864b43e92077a106ed3d4656a511f3ba1910fba40c78a32ee6a621d596

                                                        SHA512

                                                        e274b92810e9a30627a65f87448d784967a2fcfbf49858cbe6ccb841f09e0f53fde253ecc1ea0c7de491d8cc56a6cf8c79d1b7c657e72928cfb0479d11035210

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\z.zip
                                                        Filesize

                                                        7KB

                                                        MD5

                                                        cf0c19ef6909e5c1f10c8460ba9299d8

                                                        SHA1

                                                        875b575c124acfc1a4a21c1e05acb9690e50b880

                                                        SHA256

                                                        abb834ebd4b7d7f8ddf545976818f41b3cb51d2b895038a56457616d3a2c6776

                                                        SHA512

                                                        d930a022a373c283f35d103e277487c2034a0b0814913b8f6ec695b45e20528667aa830eeab58e4483d523bd6a755a16a5379095cb137db6c91909a545a19a2f

                                                        Download Submit

                                                      • C:\Users\Admin\AppData\Roaming\MEMZ.exe
                                                        Filesize

                                                        12KB

                                                        MD5

                                                        a7bcf7ea8e9f3f36ebfb85b823e39d91

                                                        SHA1

                                                        761168201520c199dba68add3a607922d8d4a86e

                                                        SHA256

                                                        3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42

                                                        SHA512

                                                        89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523

                                                        Download Submit

                                                      • C:\note.txt
                                                        Filesize

                                                        218B

                                                        MD5

                                                        afa6955439b8d516721231029fb9ca1b

                                                        SHA1

                                                        087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

                                                        SHA256

                                                        8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

                                                        SHA512

                                                        5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

                                                        Download Submit

                                                      • \??\pipe\LOCAL\crashpad_4520_OROJZPNFMJIPLTGR
                                                        MD5

                                                        d41d8cd98f00b204e9800998ecf8427e

                                                        SHA1

                                                        da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                        SHA256

                                                        e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                        SHA512

                                                        cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                        Download Submit