Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
15-06-2024 08:56
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://turbowarp.org
Resource
win10v2004-20240611-en
General
-
Target
https://turbowarp.org
Malware Config
Signatures
-
Downloads MZ/PE file
-
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
MEMZ.exeMEMZ.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation MEMZ.exe Key value queried \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000\Control Panel\International\Geo\Nation MEMZ.exe -
Executes dropped EXE 7 IoCs
Processes:
MEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exepid process 5808 MEMZ.exe 3564 MEMZ.exe 4340 MEMZ.exe 5100 MEMZ.exe 4688 MEMZ.exe 4072 MEMZ.exe 6004 MEMZ.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
Processes:
MEMZ.exedescription ioc process File opened for modification \??\PhysicalDrive0 MEMZ.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 9 IoCs
Processes:
msedge.exechrome.exechrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Modifies data under HKEY_USERS 3 IoCs
Processes:
msedge.exechrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry msedge.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133629154502845310" msedge.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Modifies registry class 2 IoCs
Processes:
msedge.exemsedge.exedescription ioc process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3665033694-1447845302-680750983-1000\{FED33DD8-7A14-4DB5-8588-FA8A337A2A84} msedge.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3665033694-1447845302-680750983-1000\{BDAE5531-FE96-4EBA-800C-EFE4E218B439} msedge.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
chrome.exemsedge.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exepid process 3600 chrome.exe 3600 chrome.exe 4792 msedge.exe 4792 msedge.exe 3564 MEMZ.exe 3564 MEMZ.exe 3564 MEMZ.exe 4340 MEMZ.exe 3564 MEMZ.exe 4340 MEMZ.exe 3564 MEMZ.exe 4340 MEMZ.exe 3564 MEMZ.exe 4340 MEMZ.exe 4688 MEMZ.exe 4688 MEMZ.exe 5100 MEMZ.exe 5100 MEMZ.exe 5100 MEMZ.exe 4688 MEMZ.exe 5100 MEMZ.exe 4688 MEMZ.exe 4340 MEMZ.exe 4072 MEMZ.exe 4340 MEMZ.exe 4072 MEMZ.exe 3564 MEMZ.exe 3564 MEMZ.exe 4340 MEMZ.exe 4072 MEMZ.exe 4340 MEMZ.exe 4072 MEMZ.exe 4688 MEMZ.exe 5100 MEMZ.exe 4688 MEMZ.exe 5100 MEMZ.exe 5100 MEMZ.exe 4688 MEMZ.exe 5100 MEMZ.exe 4688 MEMZ.exe 4072 MEMZ.exe 4072 MEMZ.exe 4340 MEMZ.exe 4340 MEMZ.exe 3564 MEMZ.exe 3564 MEMZ.exe 4340 MEMZ.exe 3564 MEMZ.exe 4340 MEMZ.exe 3564 MEMZ.exe 4072 MEMZ.exe 4072 MEMZ.exe 5100 MEMZ.exe 5100 MEMZ.exe 4688 MEMZ.exe 4688 MEMZ.exe 4688 MEMZ.exe 4072 MEMZ.exe 4688 MEMZ.exe 4072 MEMZ.exe 3564 MEMZ.exe 4340 MEMZ.exe 3564 MEMZ.exe 4340 MEMZ.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs
Processes:
chrome.exemsedge.exechrome.exepid process 3600 chrome.exe 3600 chrome.exe 3600 chrome.exe 4792 msedge.exe 4792 msedge.exe 4792 msedge.exe 4792 msedge.exe 3600 chrome.exe 3600 chrome.exe 3600 chrome.exe 3600 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 3600 chrome.exe Token: SeCreatePagefilePrivilege 3600 chrome.exe Token: SeShutdownPrivilege 3600 chrome.exe Token: SeCreatePagefilePrivilege 3600 chrome.exe Token: SeShutdownPrivilege 3600 chrome.exe Token: SeCreatePagefilePrivilege 3600 chrome.exe Token: SeShutdownPrivilege 3600 chrome.exe Token: SeCreatePagefilePrivilege 3600 chrome.exe Token: SeShutdownPrivilege 3600 chrome.exe Token: SeCreatePagefilePrivilege 3600 chrome.exe Token: SeShutdownPrivilege 3600 chrome.exe Token: SeCreatePagefilePrivilege 3600 chrome.exe Token: SeShutdownPrivilege 3600 chrome.exe Token: SeCreatePagefilePrivilege 3600 chrome.exe Token: SeShutdownPrivilege 3600 chrome.exe Token: SeCreatePagefilePrivilege 3600 chrome.exe Token: SeShutdownPrivilege 3600 chrome.exe Token: SeCreatePagefilePrivilege 3600 chrome.exe Token: SeShutdownPrivilege 3600 chrome.exe Token: SeCreatePagefilePrivilege 3600 chrome.exe Token: SeShutdownPrivilege 3600 chrome.exe Token: SeCreatePagefilePrivilege 3600 chrome.exe Token: SeShutdownPrivilege 3600 chrome.exe Token: SeCreatePagefilePrivilege 3600 chrome.exe Token: SeShutdownPrivilege 3600 chrome.exe Token: SeCreatePagefilePrivilege 3600 chrome.exe Token: SeShutdownPrivilege 3600 chrome.exe Token: SeCreatePagefilePrivilege 3600 chrome.exe Token: SeShutdownPrivilege 3600 chrome.exe Token: SeCreatePagefilePrivilege 3600 chrome.exe Token: SeShutdownPrivilege 3600 chrome.exe Token: SeCreatePagefilePrivilege 3600 chrome.exe Token: SeShutdownPrivilege 3600 chrome.exe Token: SeCreatePagefilePrivilege 3600 chrome.exe Token: SeShutdownPrivilege 3600 chrome.exe Token: SeCreatePagefilePrivilege 3600 chrome.exe Token: SeShutdownPrivilege 3600 chrome.exe Token: SeCreatePagefilePrivilege 3600 chrome.exe Token: SeShutdownPrivilege 3600 chrome.exe Token: SeCreatePagefilePrivilege 3600 chrome.exe Token: SeShutdownPrivilege 3600 chrome.exe Token: SeCreatePagefilePrivilege 3600 chrome.exe Token: SeShutdownPrivilege 3600 chrome.exe Token: SeCreatePagefilePrivilege 3600 chrome.exe Token: SeShutdownPrivilege 3600 chrome.exe Token: SeCreatePagefilePrivilege 3600 chrome.exe Token: SeShutdownPrivilege 3600 chrome.exe Token: SeCreatePagefilePrivilege 3600 chrome.exe Token: SeShutdownPrivilege 3600 chrome.exe Token: SeCreatePagefilePrivilege 3600 chrome.exe Token: SeShutdownPrivilege 3600 chrome.exe Token: SeCreatePagefilePrivilege 3600 chrome.exe Token: SeShutdownPrivilege 3600 chrome.exe Token: SeCreatePagefilePrivilege 3600 chrome.exe Token: SeShutdownPrivilege 3600 chrome.exe Token: SeCreatePagefilePrivilege 3600 chrome.exe Token: SeShutdownPrivilege 3600 chrome.exe Token: SeCreatePagefilePrivilege 3600 chrome.exe Token: SeShutdownPrivilege 3600 chrome.exe Token: SeCreatePagefilePrivilege 3600 chrome.exe Token: SeShutdownPrivilege 3600 chrome.exe Token: SeCreatePagefilePrivilege 3600 chrome.exe Token: SeShutdownPrivilege 3600 chrome.exe Token: SeCreatePagefilePrivilege 3600 chrome.exe -
Suspicious use of FindShellTrayWindow 62 IoCs
Processes:
chrome.exechrome.exepid process 3600 chrome.exe 3600 chrome.exe 3600 chrome.exe 3600 chrome.exe 3600 chrome.exe 3600 chrome.exe 3600 chrome.exe 3600 chrome.exe 3600 chrome.exe 3600 chrome.exe 3600 chrome.exe 3600 chrome.exe 3600 chrome.exe 3600 chrome.exe 3600 chrome.exe 3600 chrome.exe 3600 chrome.exe 3600 chrome.exe 3600 chrome.exe 3600 chrome.exe 3600 chrome.exe 3600 chrome.exe 3600 chrome.exe 3600 chrome.exe 3600 chrome.exe 3600 chrome.exe 3600 chrome.exe 3600 chrome.exe 3600 chrome.exe 3600 chrome.exe 3600 chrome.exe 3600 chrome.exe 3600 chrome.exe 3600 chrome.exe 3600 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe -
Suspicious use of SendNotifyMessage 48 IoCs
Processes:
chrome.exechrome.exepid process 3600 chrome.exe 3600 chrome.exe 3600 chrome.exe 3600 chrome.exe 3600 chrome.exe 3600 chrome.exe 3600 chrome.exe 3600 chrome.exe 3600 chrome.exe 3600 chrome.exe 3600 chrome.exe 3600 chrome.exe 3600 chrome.exe 3600 chrome.exe 3600 chrome.exe 3600 chrome.exe 3600 chrome.exe 3600 chrome.exe 3600 chrome.exe 3600 chrome.exe 3600 chrome.exe 3600 chrome.exe 3600 chrome.exe 3600 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe 5104 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 4792 wrote to memory of 3536 4792 msedge.exe msedge.exe PID 4792 wrote to memory of 3536 4792 msedge.exe msedge.exe PID 4792 wrote to memory of 4992 4792 msedge.exe msedge.exe PID 4792 wrote to memory of 4992 4792 msedge.exe msedge.exe PID 4792 wrote to memory of 4992 4792 msedge.exe msedge.exe PID 4792 wrote to memory of 4992 4792 msedge.exe msedge.exe PID 4792 wrote to memory of 4992 4792 msedge.exe msedge.exe PID 4792 wrote to memory of 4992 4792 msedge.exe msedge.exe PID 4792 wrote to memory of 4992 4792 msedge.exe msedge.exe PID 4792 wrote to memory of 4992 4792 msedge.exe msedge.exe PID 4792 wrote to memory of 4992 4792 msedge.exe msedge.exe PID 4792 wrote to memory of 4992 4792 msedge.exe msedge.exe PID 4792 wrote to memory of 4992 4792 msedge.exe msedge.exe PID 4792 wrote to memory of 4992 4792 msedge.exe msedge.exe PID 4792 wrote to memory of 4992 4792 msedge.exe msedge.exe PID 4792 wrote to memory of 4992 4792 msedge.exe msedge.exe PID 4792 wrote to memory of 4992 4792 msedge.exe msedge.exe PID 4792 wrote to memory of 4992 4792 msedge.exe msedge.exe PID 4792 wrote to memory of 4992 4792 msedge.exe msedge.exe PID 4792 wrote to memory of 4992 4792 msedge.exe msedge.exe PID 4792 wrote to memory of 4992 4792 msedge.exe msedge.exe PID 4792 wrote to memory of 4992 4792 msedge.exe msedge.exe PID 4792 wrote to memory of 4992 4792 msedge.exe msedge.exe PID 4792 wrote to memory of 4992 4792 msedge.exe msedge.exe PID 4792 wrote to memory of 4992 4792 msedge.exe msedge.exe PID 4792 wrote to memory of 4992 4792 msedge.exe msedge.exe PID 4792 wrote to memory of 4992 4792 msedge.exe msedge.exe PID 4792 wrote to memory of 4992 4792 msedge.exe msedge.exe PID 4792 wrote to memory of 4992 4792 msedge.exe msedge.exe PID 4792 wrote to memory of 4992 4792 msedge.exe msedge.exe PID 4792 wrote to memory of 4992 4792 msedge.exe msedge.exe PID 4792 wrote to memory of 4992 4792 msedge.exe msedge.exe PID 4792 wrote to memory of 4992 4792 msedge.exe msedge.exe PID 4792 wrote to memory of 4992 4792 msedge.exe msedge.exe PID 4792 wrote to memory of 4992 4792 msedge.exe msedge.exe PID 4792 wrote to memory of 4992 4792 msedge.exe msedge.exe PID 4792 wrote to memory of 4992 4792 msedge.exe msedge.exe PID 4792 wrote to memory of 4992 4792 msedge.exe msedge.exe PID 4792 wrote to memory of 4992 4792 msedge.exe msedge.exe PID 4792 wrote to memory of 4992 4792 msedge.exe msedge.exe PID 4792 wrote to memory of 4992 4792 msedge.exe msedge.exe PID 4792 wrote to memory of 4992 4792 msedge.exe msedge.exe PID 4792 wrote to memory of 4992 4792 msedge.exe msedge.exe PID 4792 wrote to memory of 4992 4792 msedge.exe msedge.exe PID 4792 wrote to memory of 4992 4792 msedge.exe msedge.exe PID 4792 wrote to memory of 4992 4792 msedge.exe msedge.exe PID 4792 wrote to memory of 4992 4792 msedge.exe msedge.exe PID 4792 wrote to memory of 4992 4792 msedge.exe msedge.exe PID 4792 wrote to memory of 4992 4792 msedge.exe msedge.exe PID 4792 wrote to memory of 4992 4792 msedge.exe msedge.exe PID 4792 wrote to memory of 4992 4792 msedge.exe msedge.exe PID 4792 wrote to memory of 4992 4792 msedge.exe msedge.exe PID 4792 wrote to memory of 4992 4792 msedge.exe msedge.exe PID 4792 wrote to memory of 2248 4792 msedge.exe msedge.exe PID 4792 wrote to memory of 2248 4792 msedge.exe msedge.exe PID 4792 wrote to memory of 824 4792 msedge.exe msedge.exe PID 4792 wrote to memory of 824 4792 msedge.exe msedge.exe PID 4792 wrote to memory of 824 4792 msedge.exe msedge.exe PID 4792 wrote to memory of 824 4792 msedge.exe msedge.exe PID 4792 wrote to memory of 824 4792 msedge.exe msedge.exe PID 4792 wrote to memory of 824 4792 msedge.exe msedge.exe PID 4792 wrote to memory of 824 4792 msedge.exe msedge.exe PID 4792 wrote to memory of 824 4792 msedge.exe msedge.exe PID 4792 wrote to memory of 824 4792 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://turbowarp.org1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4064,i,11069752405888604640,8928124405695604965,262144 --variations-seed-version --mojo-platform-channel-handle=5016 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3852,i,11069752405888604640,8928124405695604965,262144 --variations-seed-version --mojo-platform-channel-handle=5092 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=3384,i,11069752405888604640,8928124405695604965,262144 --variations-seed-version --mojo-platform-channel-handle=5332 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5396,i,11069752405888604640,8928124405695604965,262144 --variations-seed-version --mojo-platform-channel-handle=5500 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5356,i,11069752405888604640,8928124405695604965,262144 --variations-seed-version --mojo-platform-channel-handle=5644 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=5980,i,11069752405888604640,8928124405695604965,262144 --variations-seed-version --mojo-platform-channel-handle=6032 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --field-trial-handle=6036,i,11069752405888604640,8928124405695604965,262144 --variations-seed-version --mojo-platform-channel-handle=6184 /prefetch:81⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x378 0x3a41⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=6156,i,11069752405888604640,8928124405695604965,262144 --variations-seed-version --mojo-platform-channel-handle=4272 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=6800,i,11069752405888604640,8928124405695604965,262144 --variations-seed-version --mojo-platform-channel-handle=6720 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --field-trial-handle=3856,i,11069752405888604640,8928124405695604965,262144 --variations-seed-version --mojo-platform-channel-handle=6872 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --field-trial-handle=6900,i,11069752405888604640,8928124405695604965,262144 --variations-seed-version --mojo-platform-channel-handle=6932 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --field-trial-handle=7060,i,11069752405888604640,8928124405695604965,262144 --variations-seed-version --mojo-platform-channel-handle=6604 /prefetch:81⤵
- Modifies registry class
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --field-trial-handle=7080,i,11069752405888604640,8928124405695604965,262144 --variations-seed-version --mojo-platform-channel-handle=6672 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --field-trial-handle=7200,i,11069752405888604640,8928124405695604965,262144 --variations-seed-version --mojo-platform-channel-handle=7224 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --field-trial-handle=7108,i,11069752405888604640,8928124405695604965,262144 --variations-seed-version --mojo-platform-channel-handle=7252 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --field-trial-handle=7480,i,11069752405888604640,8928124405695604965,262144 --variations-seed-version --mojo-platform-channel-handle=7492 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --field-trial-handle=7388,i,11069752405888604640,8928124405695604965,262144 --variations-seed-version --mojo-platform-channel-handle=7468 /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --field-trial-handle=7804,i,11069752405888604640,8928124405695604965,262144 --variations-seed-version --mojo-platform-channel-handle=7820 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --field-trial-handle=8020,i,11069752405888604640,8928124405695604965,262144 --variations-seed-version --mojo-platform-channel-handle=7956 /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=125.0.6422.142 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=125.0.2535.92 --initial-client-data=0x23c,0x240,0x244,0x238,0x260,0x7ff95ed54ef8,0x7ff95ed54f04,0x7ff95ed54f102⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3200,i,1811923708392294953,10813327340655211156,262144 --variations-seed-version --mojo-platform-channel-handle=3196 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1964,i,1811923708392294953,10813327340655211156,262144 --variations-seed-version --mojo-platform-channel-handle=3388 /prefetch:32⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2288,i,1811923708392294953,10813327340655211156,262144 --variations-seed-version --mojo-platform-channel-handle=3644 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --field-trial-handle=3328,i,1811923708392294953,10813327340655211156,262144 --variations-seed-version --mojo-platform-channel-handle=4536 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --field-trial-handle=3328,i,1811923708392294953,10813327340655211156,262144 --variations-seed-version --mojo-platform-channel-handle=4536 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4212,i,1811923708392294953,10813327340655211156,262144 --variations-seed-version --mojo-platform-channel-handle=4784 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5096,i,1811923708392294953,10813327340655211156,262144 --variations-seed-version --mojo-platform-channel-handle=5144 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4596,i,1811923708392294953,10813327340655211156,262144 --variations-seed-version --mojo-platform-channel-handle=5184 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5568,i,1811923708392294953,10813327340655211156,262144 --variations-seed-version --mojo-platform-channel-handle=5584 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5560,i,1811923708392294953,10813327340655211156,262144 --variations-seed-version --mojo-platform-channel-handle=5620 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5600,i,1811923708392294953,10813327340655211156,262144 --variations-seed-version --mojo-platform-channel-handle=5840 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --field-trial-handle=4764,i,1811923708392294953,10813327340655211156,262144 --variations-seed-version --mojo-platform-channel-handle=5108 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --field-trial-handle=4784,i,1811923708392294953,10813327340655211156,262144 --variations-seed-version --mojo-platform-channel-handle=5484 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=4888,i,1811923708392294953,10813327340655211156,262144 --variations-seed-version --mojo-platform-channel-handle=3156 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\elevation_service.exe"1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff977acab58,0x7ff977acab68,0x7ff977acab782⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 --field-trial-handle=1956,i,18078100761355403690,15358961208258356964,131072 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1956,i,18078100761355403690,15358961208258356964,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2304 --field-trial-handle=1956,i,18078100761355403690,15358961208258356964,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3140 --field-trial-handle=1956,i,18078100761355403690,15358961208258356964,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3020 --field-trial-handle=1956,i,18078100761355403690,15358961208258356964,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4424 --field-trial-handle=1956,i,18078100761355403690,15358961208258356964,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4580 --field-trial-handle=1956,i,18078100761355403690,15358961208258356964,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4400 --field-trial-handle=1956,i,18078100761355403690,15358961208258356964,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 --field-trial-handle=1956,i,18078100761355403690,15358961208258356964,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5076 --field-trial-handle=1956,i,18078100761355403690,15358961208258356964,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4668 --field-trial-handle=1956,i,18078100761355403690,15358961208258356964,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4748 --field-trial-handle=1956,i,18078100761355403690,15358961208258356964,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4676 --field-trial-handle=1956,i,18078100761355403690,15358961208258356964,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4520 --field-trial-handle=1956,i,18078100761355403690,15358961208258356964,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4472 --field-trial-handle=1956,i,18078100761355403690,15358961208258356964,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3356 --field-trial-handle=1956,i,18078100761355403690,15358961208258356964,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5268 --field-trial-handle=1956,i,18078100761355403690,15358961208258356964,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5344 --field-trial-handle=1956,i,18078100761355403690,15358961208258356964,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 --field-trial-handle=1956,i,18078100761355403690,15358961208258356964,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5300 --field-trial-handle=1956,i,18078100761355403690,15358961208258356964,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4564 --field-trial-handle=1956,i,18078100761355403690,15358961208258356964,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵
-
C:\Users\Admin\Downloads\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ.exe"1⤵
- Checks computer location settings
- Executes dropped EXE
-
C:\Users\Admin\Downloads\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\Downloads\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\Downloads\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\Downloads\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\Downloads\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\Downloads\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ.exe" /main2⤵
- Checks computer location settings
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
-
C:\Windows\SysWOW64\notepad.exe"C:\Windows\System32\notepad.exe" \note.txt3⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff977acab58,0x7ff977acab68,0x7ff977acab782⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 --field-trial-handle=2028,i,2115762891261559945,3873903069713092962,131072 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1880 --field-trial-handle=2028,i,2115762891261559945,3873903069713092962,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2264 --field-trial-handle=2028,i,2115762891261559945,3873903069713092962,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=2028,i,2115762891261559945,3873903069713092962,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3056 --field-trial-handle=2028,i,2115762891261559945,3873903069713092962,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4352 --field-trial-handle=2028,i,2115762891261559945,3873903069713092962,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4544 --field-trial-handle=2028,i,2115762891261559945,3873903069713092962,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4672 --field-trial-handle=2028,i,2115762891261559945,3873903069713092962,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.datFilesize
40B
MD564d7569e7e9cd59b61724e5ca8024d2b
SHA17e567c8f3a278f528fd7d85d462cce4e56bb8e79
SHA2568adde9c0e5b89d0b9041d73f1c9ef531e668cdc1d020e7625e45f7063569ab1c
SHA512b4425d6dea07aaa95039db3491ace66ff0e4e64232309b2c7dfe29200823454c3f91391db09b01b83edeb298dd3a9ff1dd0198c13230763553160e5a2607efb2
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\12acd505-def7-43a6-bd16-956a3417648e.tmpFilesize
1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0Filesize
44KB
MD5f9b284fd2d587bd15e3bbd8f5ea95cef
SHA1e471e5a7d116184b4971e6c42b3aa924d7a3fc85
SHA256c7480683c6542f6a406500334ce3ba16644139a29c9db26afdcff14522906002
SHA512c7a340f0618f1049e38af5cba2039c766edef4a5972a59aebf2177d3d66b24dd8c2572523fb334d54091a167863492317a339b5756286e3a91b678957d891fda
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1Filesize
264KB
MD53c9eb2abc59562777e053713fac6b6f4
SHA141fd043bfdd10923a44c694e580d0eae50e0b209
SHA256e7e3bba86bb285ecba5d4cae38d52ac292487f2394dcf3604d38dd7fa86c9440
SHA5121aab5b9609c3b5147a1d6bc2cfd1890d7ee5d0c4d574b548049c289ed29454d9db9d10bdbb21bae57067a7307c74d704cebde49005671e77ac4871b074966edf
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2Filesize
1.0MB
MD5612f1bcd644a1598f44b16bc7a2b4dd4
SHA1f1278195f546e3caa02e34a741e0d28d04b395c8
SHA256459649d29b55e17c2f332bb24426407179def30d593d013aa77f34ca6a0b2b48
SHA5124568ae221c84b6af4f3f55d1fd2f81fdc8bae538d9d5171aa6c959ed5051b4fd3c21944c77db0c03504db0b25c05d7da0193bd38659d1d201076f07293a64f29
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3Filesize
4.0MB
MD51c9218c432058c256fa08c1b025ffb39
SHA13900c49048d26aff0db8ab4f7df5aa1fbd501350
SHA2562d6b068c1980aecbc11f6025e2acfe0407ae88fe53032d1b0fc3669080f1c195
SHA51298f3de9b571de451fcafa0fb4d77d40516f39a8d8854048e5f9d6af1dd26d94cfe2ff2213a14a90f40c1600132d6da8d65c1aed3a301f8336b8924d80e967cb1
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005Filesize
34KB
MD54be1e3ddf50f2689343be4678e824989
SHA15bf898eb7d402d5e25a6d126c845906b6afb918f
SHA256bf9ee4d1875ce58454160246d5c74c1ac064a7da41ecedbbcc121f3caa963e97
SHA512e8d7686fb54d0ef4e6081383a3fe6ba026be88684dac9418a4549267dd382f09e29c8c4c5ba2a6282e850b545e7e857f0c4cc0d7ce0d5e700d79875a0c5f3fe3
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006Filesize
65KB
MD5a52fc2e39001aa4ae74c3f8e6501ad51
SHA168c5cc872b5c873b85b472ee81f61812d5adaa0b
SHA2568ff6f8494a64f2af01e5c03460d13c3fd50318acc003282f994d43fc17d6052b
SHA512dfbe8646a6db853a68a7e1ecb13c603d246c5086f4b2ab15c052ec081a38e2c0265f1cb113b3329f4ae42771c3300db39f60484f651b472d809fa96a24b1046b
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007Filesize
134KB
MD5387ed93f42803b1ec6697e3b57fbcef0
SHA12ea8a5bfbf99144bd0ebaebe60ac35406a8b613e
SHA256982aac952e2c938bd55550d0409ece5f4430d38f370161d8318678fa25316587
SHA5127c90f69a53e49bad03c4cefd9868b4c4ba145e5738218e8c445ff6ae5347153e3a2f2b918cbe184b0366afd53b984634d2894fea6f31a4603e58ccb6bfa5c625
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008Filesize
91KB
MD5bb738ce85941bd77a72cdba423f8a240
SHA12005093fe8c394d9e18d954e0c9dddb974991378
SHA2567ecaa1b1ee68a78e8ec1d0fad57cf18d2edf4b9b149aa6fc8272585a8364c69c
SHA5129ee323cd3b91e197a26dde4e40f1f9b8df91af8ae3b38e749bc58277e23bd5f0bf4119297febddb7e829d6cfc6f936afdc680c43ed50b5f018dbf633beb68eb5
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009Filesize
24KB
MD587c2b09a983584b04a63f3ff44064d64
SHA18796d5ef1ad1196309ef582cecef3ab95db27043
SHA256d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0
SHA512df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000aFilesize
104KB
MD5a208ef431109f211b3785db791af5de5
SHA1693f78f8d336ffccf1424001c5295585257f1e58
SHA256c1f0e3d84b0261d2253819800d33f9dd50d678ef634f542f6ea155b52ccbd956
SHA5126e49111428e62c4eeae943a5087f33d44b8d0b85562c1f5b89e76caa06de4c9edd7a1fccbe07a960ece256f8a015f9a13d825978c96a902d3e3d4c56465041de
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000bFilesize
68KB
MD5f0c27286e196d0cb18681b58dfda5b37
SHA19539ba7e5e8f9cc453327ca251fe59be35edc20b
SHA2567a6878398886e4c70cf3e9cec688dc852a1f1465feb9f461ff1f238b608d0127
SHA512336333d29cd4f885e7758de9094b2defb8c9e1eb917cb55ff8c4627b903efb6a0b31dcda6005939ef2a604d014fe6c2acda7c8c802907e219739cf6dab96475b
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000cFilesize
327KB
MD5dd242f4737b2737ecad98bc2028b544a
SHA1065a4e6f50f16e5986df7f582d4839e59c4338a4
SHA256cc8950f8d690094464d97041d919cab9ec3af790437c6e3febb754e245171cd6
SHA512b393c7f0da53d9ae875743cb564b223b2031767844db1de296b6e652492bc29f8e19bae002b66e987c00b11009ac7df0bff7a36d661f7846e8bd8c9a0957a272
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
2KB
MD58b28833cbdaf0f98f862f4b8d5ce49a8
SHA18455fa9c5811b9a518ef701a675f5c8534210097
SHA256bd8f2e849dfd96980deb580ffd43391fc56af9e7f2e3ed7a33968bab82e7592b
SHA5125ef871d64612ef0815e9a9f1fa3e292a3975b391c2edde63aa5bcb3afc0e42d3ec4cfb8e6010d34617ed2c1da241985e76425c96c4e2aca18cf92e29fbbbea76
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\FaviconsFilesize
24KB
MD5017cbe0e09c46bb07b57591142294363
SHA14d1ff1c969edddd8f88f4763e2702863afc60657
SHA256fa3a410a2e224425d62e1679193b727810ad0f294b3b2d3d3bf0a66455b9d9a8
SHA512a40aaf21023e14332a675fc76ad6da6cd8a0db16a20fcc14d490c476436201aecffd41dc0d6310715180d46909300664bb4775a20ad04fcedf42ca408491f4b1
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1Filesize
264KB
MD5c662023dfba6b83b349fa7b78f6a4abc
SHA173248a5c4b66a7571941f9eb2146829943d2e315
SHA256ff4c63925b2723d8dc7072920178c5b82eb5a22c76a96895a222cb88205dcaa9
SHA512c5a448256b34386590f191371dcb0a1076b7334cf8d4ab75cdbc42948dcfcf89f2cce9b354edb96eb607621975b973eda861ee6fbf4b1de8c38022936ffba966
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\HistoryFilesize
152KB
MD585f00729e8237114696abc10d4b2586e
SHA1a7d29f295ccdcf919affa1d2d87044bc0ad3c3d8
SHA25698d8ea4aeaf019faca7686ae340ff1f0c4e8c7e77d09441e877ca01b6892570b
SHA5120de0fc4aecb438e18f1d5d17024d23425a91398aa8dd61411009c5d81c27b842b1974aeaf66ea52982e0de2eadd7653a3d8589279e92fd83cd0e50b1cd024085
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\15b4dd57-d142-470a-b006-63dde4897c43.tmpFilesize
1KB
MD5842ca873de2061d9553887bc374e7e00
SHA19a089ab76b0be41017ff143430acb89a0f1ed86e
SHA256d24be3bcd27aea6323f067153cdc5a1694b2339b33b4dbd3cd96f45b8dd45311
SHA51250fccd3387886cd8534d80fab2ff5b52482508a55da2168d83d1cd3932a37a468882046d7e18402111fdbf5cdf74587f6519ca66a60410d9f1805fb5486f35c6
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
3KB
MD5f2fcf83ed55fa7540654e6061ab5dc94
SHA132414edd58a5517a10faf966cf9c603cf655f1df
SHA256e199bd076a65ba9861e5b9006ea36647496ac5d2deafbcac3f3db77dd8ad9b4c
SHA512f03b280ab3e8e9830a9995970f3eb2c3238ceace4817c8a488f28008fdccbac913b56984062290ed7f6b647ec47c06d3dab41cc750b6a4dc10248fad36669ff3
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
3KB
MD54d1c25bce504e8fa3a94bad4ce997188
SHA145773c84c9d378ac44c6ffb143510da90c2e5313
SHA2560a2250328fed774ddcb728bf163712e43115f5b760dd8b0c4242da64935431e3
SHA5123662749a4bd74a0e18bb0ffd263c0f7a0ca79113084e9b03e06f6393bd20deb29d4b11cce878b663e4f6c424e2c5c5f47d969d459e096c0ab09c7ce45aa90926
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
524B
MD5428e1d9f93e4e6681a9d67e18dcac978
SHA1d6a830f56d1c3b8d3962da007e2f6ff377dca290
SHA2562dd51945dfa6539978ca773749f3ab8c90ca09c1d683ab544d1f04c60dc58946
SHA5124d8e09beed399674cf1175aab573b3a401c1bb620809ffbe881d316416a061d1822cebbada40600dd95be7bcc9a6c14e587822ddc7a4f4937f8928d7e634cfc6
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
524B
MD5a0b4f571d143f0d054f1472c9c1f485f
SHA1ff7f18fc3c1386d6a64e6ecfc4db99fe5d23b5ae
SHA2563598c89997770f601de5e955d87139c63b82349779166192e4e62bd0cc83af31
SHA512487b75af9ab0b3d0660c478fc3b1d1498290212dad28851263770b673f2440b702e263d6011c2096e2779454452bfe7ed32dd6f535c8c69e2410bdab3d6870c9
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD518e1ee8e30faa2d2b5863cd02e12aae2
SHA15fd5c22b412fb9fddbba5d8f95aab10c623750f8
SHA2563870f37bb6b9022b9b1e1a9c45c78397b086f91fe194dee34ea170b3e4b7d37a
SHA5126d241b7897caa92d7e95f08495c5b2caf603cbecbd52ea5ca0528bf7defd315aa87232c80fd9fd5f7aa3d23f3134585d3c0f85c5ef2be28eb7b7c42dc45bf354
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD53c960b6539087b83fe4cb7a056e44c3e
SHA1d4572feb9b7e8c8c24b2f63574d960545f4a33b5
SHA2563ba7ddfd13f32b5c3e387e95cb7216589045cfde440aa0e346a190ed53e4ff02
SHA5121fcf89f1e6e8c8131cb67a3234a837c406a69f649c59ba6ef644c7fee16d91fc071ae3d450c85376408dec024ffd458c29f1ad058e0339dcfbe5629d963ee9e6
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD5b798734fc95a566288f37635d03a1924
SHA1aff89e920116ecdcf2a4d68a43a6cfb2c5b3682f
SHA256f2665fd229c829845dc312cdcc9bcfc75d085a652b424dd4cd89804495639a77
SHA51256ecdbfce19cf624766297f072c90b8c465383110df30271abe2cea15c8a469182f8f46c53800268014b630302c9747b5228d08d3aec39b34a2d49ab0be09bee
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD538cf0085fc755a566b1609d1706d0d4b
SHA19886ab30ab0b5055a8bb3e6d8117784585893143
SHA2569ae5859a736a2f3198d281c3f684feb3a67e39346b4584c4688122804878faee
SHA512ae51e0a6b5719e56fa49253acb9d13322db90e3856ccc0417aaf0aef2571a9fd1c37f9308dddbb371f02bf8cf225546894a737e3b9525264879a5e760d1df7cc
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD57691bf5f878acb9d37c28880b260122f
SHA1547bb8d1281a11247e3992f6018def0ffa536202
SHA2561b8cf62c13adad600ee3cdaa219e3bfb277eebb5b3e1bf464cd91032ec695f53
SHA512728c4daaa16d6657c8aa61bd80ca77f56eaf774404c2d60d58b427dbebce5e0a7e69c32160841f8feafef2e421cac8162cea80da4e36c7bb7fcc1ff334da0ab1
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD577853a52767c043fba5da7efb34acdb1
SHA1ba443da5acac68fafed4385b5435a33408ac35c8
SHA256829a2dd329c576a7227f422bd53d6d82fec93b5919d62b7253e95c690f4c9070
SHA5124e5d8f90b8a8cf4a0456a7c26843af1f5f175ea6578a6bf14c32375f1903f6a85facec088451ae977d8a882d428b0136ca8145dfa07bed4b5beb155e66d87584
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD5d35b3117ef5554bd1756fcd93279613a
SHA18e07e598d1db5150a9edf869f7ecbe9b100b8c59
SHA256b9d64ccbb4be9a5b0f966368adcef26881064dda6baae927439798f7464243b8
SHA51296e07681a35f05883d0da55b133875cfcd2ef4b0cdf69aa02752cca609383cea1f1f9c46fa24c1c1d660c2c0fabfb878823da66d57bf206db7c1bb8fba5bb13d
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure PreferencesFilesize
16KB
MD5e3b6bf33c76ff6a3d97530740cd2ab55
SHA17be23d533d04fff41dab8b03fe333c37d5b36be0
SHA256150c0e23f7d3e6c632fe9c5fa5c38d410d42b89234c1f165f89991e3fc35fd3c
SHA5126bdb65a01eec22700b1b83fdfa347d7c521d3d6c88abdfff7fdd1feca677c8e79f35eb17a0ce10d7d340d31492a5f79e197b526d2f7d42333219c8a226c7372e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOGFilesize
324B
MD50e56a115eb931a803f4be3d36f13672c
SHA15a1ff3f9606be496239d50fbf6e4c2ae6978e0eb
SHA2568ba6257330b6f767a5aaaea11ca9de941057b196a816eecc82f03cd56abac2e4
SHA512092eadbf5a17e57885ddc84d0c2fdca822f92d2052d1951607f508e08bc466f430b10b7d22a2858cb4d17b06a9a52d5119e4fc6eeb816c486268f52b621a0fbc
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last VersionFilesize
14B
MD5009b9a2ee7afbf6dd0b9617fc8f8ecba
SHA1c97ed0652e731fc412e3b7bdfca2994b7cc206a7
SHA256de607a2c68f52e15a104ead9ecbaa3e6862fdb11eac080e408ba4d69f1f7a915
SHA5126161dd952ae140a8fb8aa5e33f06bc65fdc15ce3fbfe4c576dc2668c86bce4a1d5c1112caee014e5efa3698547faad3bc80ec253eedb43148e36e1a02ce89910
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
276KB
MD5fc41c2682d7217df58a65aa236031a0f
SHA18c094c2731482dddb689ec4f74083ebaf8a0a692
SHA256869ed8cfe5ce2698eba9edb2bce0e6de22ad75d0bc4bbcbafeef9a9866cc5c9a
SHA512ed93384730786a434109c28f9d94ce1bae5daee5cf7470ad8ef6dd837b4a5dd9303f1809e3a02d9368cb94a2d09e9723508c92911e748281ba0d86b0c889c43e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
276KB
MD5bc88b0226b864cf1f0c88771bf2436e0
SHA1235487173bca71df5d8148523be1a07e90b1b0e0
SHA256c72ecda624c15b4c8db125655c67780228e8eb4b372cd7ab1f7383e2e410abf6
SHA51221ef5acb5d23b3894f56503c9c1bb33b5eb12b8090573d880f98627cf38920c333de1200e106cdd4540bdf7a971ce57c209dbebf8959a022c678b81cd4340954
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
141KB
MD578fbf4a681db98efe4dc0455cda03761
SHA1287546175935b2bfe67c742adf280b5da2859b78
SHA2563ba99ae61b4f06e1e91d623ce31d8570ef88e6c6b280c4fc91feda9feac316db
SHA5123f72e017a2968ca9c2d66ac5d37e500e4c5e7c81af15acd1b920cddbc68df3ce26830baf4ffc58ce65a4058a6a5d524cc3fa6a9dbbbeedfd1f8ada135fea2dae
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1Filesize
264KB
MD5bea29fdcdfc28e50ff3332ff430173ca
SHA1094af7fb566393d68845b1dc638b9f100d11703b
SHA256120c1b9e904b9fa92bf095fc046e1aa849b0146c4be6ce49d5b7e5462718425b
SHA5125666e93dff50f6043728112e32ceaa70132fb31d0d343e2f08a780c06f1c313ed99b09f20defdf49e5ae672d80545e74b2479fb5c62d264714a281cfda86e2f8
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\VariationsFilesize
85B
MD5bc6142469cd7dadf107be9ad87ea4753
SHA172a9aa05003fab742b0e4dc4c5d9eda6b9f7565c
SHA256b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557
SHA51247d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.jsonFilesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\80502ab4-b042-4850-89c2-08f9d0575178.tmpFilesize
211B
MD52edbd484491cdb551181ebf990765541
SHA1fcfaac4db2b271ce55e1cd56d8a9d18cf26fbd18
SHA25694cad322d2bd07e116e616cc624361974640c0e07dc61eeea2ea19090adf881e
SHA512e0636b37cc645aec760d3922be9809a3057486895739c365af14333254de796bba68b027845089d365ae67347904015ab1c32411e775c680e2933a7b71c2b749
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent StateFilesize
3KB
MD5b16746f80ab9d606e8c4714030830255
SHA166ead14e069795cf816d3d4dc1c0e73020bfce87
SHA256326403ad88f6eff9b2a1e5bcb9789812f82c7abcb9718f39f040b271c374d2f5
SHA512439ba630e7fbf7fe1bbaab1f2f4f0ce1e8ccd55675274cea8846c7e167043bc7dd23dddc3780d165f6f0ad138676ca8f802014dd9843a128e92a8daaffe3ec61
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending ReportsFilesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
13KB
MD57df69059ad7ecd30603cc79d88d8fb45
SHA1ac9fc869214e08560988167d3045dd7b55d8f42b
SHA2560f91681071f3a2b93ba7539701851383e9e7186ba69eded5f0770dfdbf3f08da
SHA5120c0178f947d553e0f7a3c310380ff2039f13ac5897c5610d4f95ac118cc4fa121626f3ffdc9bb9469bd69c73291c234124589091071a2f9de6b602dcae046399
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
84KB
MD5be43f8fc39c2d190259e1de0d25315ec
SHA1173cd4b5a84cc6ec59ac621abdcb7b4f27b9ce08
SHA256a6f516df7ff7bb59d929687dd1899ed55f021f104da22603bd317f9d3d23348e
SHA5126b3f8bd3dbc8b4194682492402beec9fcdc26a94742ed0c0ea3b4d45f70a5c6f51dfda1b504fe338ca80f7108f26ef93383c64e543003348e95142589fc7535c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
84KB
MD5fe2f94ccae76dc46862feb3a084cc564
SHA1f178b203b8ca3f2d2f6f704ad0dc97fd1661455c
SHA256f28013684ce7be638167ad1bd73817d7fe3ad6cfd733e5f8b993bb458b313c20
SHA512ed5520cbd3684eb965b7ba68863d0908420d11163805169773261a4141eaff1a49686580e9b238c69c60e340a808df1e8ae78aa591b7b2e462fed7eff932c638
-
C:\Users\Admin\Downloads\MEMZ.exeFilesize
16KB
MD51d5ad9c8d3fee874d0feb8bfac220a11
SHA1ca6d3f7e6c784155f664a9179ca64e4034df9595
SHA2563872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff
SHA512c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1
-
C:\note.txtFilesize
218B
MD5afa6955439b8d516721231029fb9ca1b
SHA1087a043cc123c0c0df2ffadcf8e71e3ac86bbae9
SHA2568e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270
SHA5125da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf
-
\??\pipe\crashpad_4792_PGDWERZTVDAANZHWMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e