Resubmissions
15-09-2024 23:12
240915-27aqvsxhjq 815-09-2024 23:02
240915-21efgaxake 815-09-2024 22:58
240915-2xypyaxdkj 315-09-2024 22:56
240915-2wn44sxcpk 315-09-2024 22:43
240915-2np2fawhpr 315-09-2024 22:42
240915-2m3k5swhmk 1015-09-2024 22:33
240915-2gqdmawbja 815-09-2024 22:27
240915-2de4gswekk 715-09-2024 22:15
240915-16esravenh 10Analysis
-
max time kernel
210s -
max time network
209s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system -
submitted
15-09-2024 22:27
Static task
static1
Behavioral task
behavioral1
Sample
MEMZ 3.0/MEMZ.bat
Resource
win11-20240802-en
Behavioral task
behavioral2
Sample
MEMZ 3.0/MEMZ.exe
Resource
win11-20240802-en
Errors
General
-
Target
MEMZ 3.0/MEMZ.exe
-
Size
12KB
-
MD5
a7bcf7ea8e9f3f36ebfb85b823e39d91
-
SHA1
761168201520c199dba68add3a607922d8d4a86e
-
SHA256
3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42
-
SHA512
89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523
-
SSDEEP
192:HMDLTxWDf/pl3cIEiwqZKBktLe3P+qf2jhP6B5b2yL3:H4IDH3cIqqvUWq+jhyT2yL
Malware Config
Signatures
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
description ioc Process File opened for modification \??\PhysicalDrive0 MEMZ.exe -
Drops file in System32 directory 1 IoCs
description ioc Process File opened for modification C:\Windows\System32\devmgmt.msc mmc.exe -
Drops file in Windows directory 59 IoCs
description ioc Process File created C:\Windows\INF\remoteposdrv.PNF mmc.exe File created C:\Windows\INF\c_diskdrive.PNF mmc.exe File created C:\Windows\INF\c_fssecurityenhancer.PNF mmc.exe File created C:\Windows\INF\miradisp.PNF mmc.exe File created C:\Windows\INF\c_volume.PNF mmc.exe File created C:\Windows\INF\c_computeaccelerator.PNF mmc.exe File created C:\Windows\INF\c_firmware.PNF mmc.exe File created C:\Windows\INF\c_sslaccel.PNF mmc.exe File created C:\Windows\INF\c_fssystem.PNF mmc.exe File created C:\Windows\INF\c_fscopyprotection.PNF mmc.exe File created C:\Windows\INF\c_fscompression.PNF mmc.exe File created C:\Windows\INF\c_scmdisk.PNF mmc.exe File created C:\Windows\INF\c_fsphysicalquotamgmt.PNF mmc.exe File created C:\Windows\INF\ts_generic.PNF mmc.exe File created C:\Windows\INF\c_fsactivitymonitor.PNF mmc.exe File created C:\Windows\INF\xusb22.PNF mmc.exe File created C:\Windows\INF\c_monitor.PNF mmc.exe File created C:\Windows\INF\c_proximity.PNF mmc.exe File created C:\Windows\INF\c_apo.PNF mmc.exe File created C:\Windows\INF\PerceptionSimulationSixDof.PNF mmc.exe File created C:\Windows\INF\c_fsencryption.PNF mmc.exe File created C:\Windows\INF\c_scmvolume.PNF mmc.exe File created C:\Windows\INF\c_primitive.PNF mmc.exe File created C:\Windows\INF\oposdrv.PNF mmc.exe File created C:\Windows\INF\c_holographic.PNF mmc.exe File created C:\Windows\INF\c_fssystemrecovery.PNF mmc.exe File created C:\Windows\INF\c_fshsm.PNF mmc.exe File created C:\Windows\INF\c_swcomponent.PNF mmc.exe File created C:\Windows\INF\c_camera.PNF mmc.exe File created C:\Windows\INF\c_fsvirtualization.PNF mmc.exe File created C:\Windows\INF\c_mcx.PNF mmc.exe File created C:\Windows\INF\c_fsreplication.PNF mmc.exe File created C:\Windows\INF\c_linedisplay.PNF mmc.exe File created C:\Windows\INF\c_smrvolume.PNF mmc.exe File created C:\Windows\INF\c_fscontinuousbackup.PNF mmc.exe File created C:\Windows\INF\c_netdriver.PNF mmc.exe File created C:\Windows\INF\wsdprint.PNF mmc.exe File created C:\Windows\INF\c_extension.PNF mmc.exe File created C:\Windows\INF\c_fsinfrastructure.PNF mmc.exe File created C:\Windows\INF\dc1-controller.PNF mmc.exe File created C:\Windows\INF\c_processor.PNF mmc.exe File created C:\Windows\INF\rawsilo.PNF mmc.exe File created C:\Windows\INF\rdcameradriver.PNF mmc.exe File created C:\Windows\INF\c_cashdrawer.PNF mmc.exe File created C:\Windows\INF\c_fsantivirus.PNF mmc.exe File created C:\Windows\INF\c_barcodescanner.PNF mmc.exe File created C:\Windows\INF\c_magneticstripereader.PNF mmc.exe File created C:\Windows\INF\c_receiptprinter.PNF mmc.exe File created C:\Windows\INF\c_ucm.PNF mmc.exe File created C:\Windows\INF\c_fsopenfilebackup.PNF mmc.exe File created C:\Windows\INF\c_media.PNF mmc.exe File created C:\Windows\INF\c_nvmedisk.PNF mmc.exe File created C:\Windows\INF\c_fsquotamgmt.PNF mmc.exe File created C:\Windows\INF\c_fscfsmetadataserver.PNF mmc.exe File created C:\Windows\INF\c_fsundelete.PNF mmc.exe File created C:\Windows\INF\digitalmediadevice.PNF mmc.exe File created C:\Windows\INF\c_fscontentscreener.PNF mmc.exe File created C:\Windows\INF\c_display.PNF mmc.exe File created C:\Windows\INF\c_smrdisk.PNF mmc.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 6 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language notepad.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MEMZ.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MEMZ.exe -
Checks SCSI registry key(s) 3 TTPs 32 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005 mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005 mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\ mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\ mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\ mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\ mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014 mmc.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies data under HKEY_USERS 15 IoCs
description ioc Process Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" LogonUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432" LogonUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" LogonUI.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00 LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "225" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" LogonUI.exe -
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings explorer.exe Key created \REGISTRY\USER\S-1-5-21-3007475212-2160282277-2943627620-1000_Classes\Local Settings MEMZ.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 3116 MEMZ.exe 4960 MEMZ.exe 3116 MEMZ.exe 4960 MEMZ.exe 4960 MEMZ.exe 4960 MEMZ.exe 3756 MEMZ.exe 3756 MEMZ.exe 3116 MEMZ.exe 3116 MEMZ.exe 1484 MEMZ.exe 1484 MEMZ.exe 3116 MEMZ.exe 1484 MEMZ.exe 1484 MEMZ.exe 3116 MEMZ.exe 3756 MEMZ.exe 4960 MEMZ.exe 3756 MEMZ.exe 4960 MEMZ.exe 2740 MEMZ.exe 2740 MEMZ.exe 4960 MEMZ.exe 4960 MEMZ.exe 2740 MEMZ.exe 2740 MEMZ.exe 3756 MEMZ.exe 3756 MEMZ.exe 3116 MEMZ.exe 3116 MEMZ.exe 1484 MEMZ.exe 1484 MEMZ.exe 1484 MEMZ.exe 1484 MEMZ.exe 3116 MEMZ.exe 3116 MEMZ.exe 3756 MEMZ.exe 3756 MEMZ.exe 4960 MEMZ.exe 2740 MEMZ.exe 4960 MEMZ.exe 2740 MEMZ.exe 4960 MEMZ.exe 4960 MEMZ.exe 2740 MEMZ.exe 2740 MEMZ.exe 3756 MEMZ.exe 3756 MEMZ.exe 3116 MEMZ.exe 3116 MEMZ.exe 1484 MEMZ.exe 1484 MEMZ.exe 4960 MEMZ.exe 2740 MEMZ.exe 2740 MEMZ.exe 4960 MEMZ.exe 1484 MEMZ.exe 3116 MEMZ.exe 1484 MEMZ.exe 3116 MEMZ.exe 3756 MEMZ.exe 3756 MEMZ.exe 3756 MEMZ.exe 3756 MEMZ.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 3568 mmc.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
pid Process 3772 msedge.exe 3772 msedge.exe 3772 msedge.exe 3772 msedge.exe 3772 msedge.exe 3772 msedge.exe 3772 msedge.exe 3772 msedge.exe 3772 msedge.exe 3772 msedge.exe 3772 msedge.exe -
Suspicious use of AdjustPrivilegeToken 6 IoCs
description pid Process Token: 33 3144 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 3144 AUDIODG.EXE Token: 33 3568 mmc.exe Token: SeIncBasePriorityPrivilege 3568 mmc.exe Token: 33 3568 mmc.exe Token: SeIncBasePriorityPrivilege 3568 mmc.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3772 msedge.exe 3772 msedge.exe 3772 msedge.exe 3772 msedge.exe 3772 msedge.exe 3772 msedge.exe 3772 msedge.exe 3772 msedge.exe 3772 msedge.exe 3772 msedge.exe 3772 msedge.exe 3772 msedge.exe 3772 msedge.exe 3772 msedge.exe 3772 msedge.exe 3772 msedge.exe 3772 msedge.exe 3772 msedge.exe 3772 msedge.exe 3772 msedge.exe 3772 msedge.exe 3772 msedge.exe 3772 msedge.exe 3772 msedge.exe 3772 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 3772 msedge.exe 3772 msedge.exe 3772 msedge.exe 3772 msedge.exe 3772 msedge.exe 3772 msedge.exe 3772 msedge.exe 3772 msedge.exe 3772 msedge.exe 3772 msedge.exe 3772 msedge.exe 3772 msedge.exe -
Suspicious use of SetWindowsHookEx 64 IoCs
pid Process 2772 MEMZ.exe 4592 identity_helper.exe 2772 MEMZ.exe 1560 mmc.exe 3568 mmc.exe 3568 mmc.exe 1144 LogonUI.exe 2740 MEMZ.exe 3756 MEMZ.exe 4960 MEMZ.exe 1484 MEMZ.exe 3116 MEMZ.exe 3116 MEMZ.exe 4960 MEMZ.exe 3756 MEMZ.exe 2740 MEMZ.exe 1484 MEMZ.exe 3116 MEMZ.exe 1484 MEMZ.exe 2740 MEMZ.exe 4960 MEMZ.exe 3756 MEMZ.exe 3756 MEMZ.exe 4960 MEMZ.exe 3116 MEMZ.exe 2740 MEMZ.exe 1484 MEMZ.exe 2740 MEMZ.exe 3756 MEMZ.exe 4960 MEMZ.exe 1484 MEMZ.exe 3116 MEMZ.exe 3116 MEMZ.exe 4960 MEMZ.exe 3756 MEMZ.exe 2740 MEMZ.exe 1484 MEMZ.exe 4960 MEMZ.exe 3116 MEMZ.exe 2740 MEMZ.exe 3756 MEMZ.exe 1484 MEMZ.exe 2740 MEMZ.exe 3756 MEMZ.exe 4960 MEMZ.exe 3116 MEMZ.exe 1484 MEMZ.exe 1484 MEMZ.exe 3116 MEMZ.exe 4960 MEMZ.exe 3116 MEMZ.exe 2740 MEMZ.exe 2740 MEMZ.exe 3756 MEMZ.exe 3756 MEMZ.exe 4960 MEMZ.exe 1484 MEMZ.exe 3116 MEMZ.exe 1484 MEMZ.exe 2740 MEMZ.exe 3116 MEMZ.exe 3756 MEMZ.exe 4960 MEMZ.exe 4960 MEMZ.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2992 wrote to memory of 4960 2992 MEMZ.exe 78 PID 2992 wrote to memory of 4960 2992 MEMZ.exe 78 PID 2992 wrote to memory of 4960 2992 MEMZ.exe 78 PID 2992 wrote to memory of 3116 2992 MEMZ.exe 79 PID 2992 wrote to memory of 3116 2992 MEMZ.exe 79 PID 2992 wrote to memory of 3116 2992 MEMZ.exe 79 PID 2992 wrote to memory of 1484 2992 MEMZ.exe 80 PID 2992 wrote to memory of 1484 2992 MEMZ.exe 80 PID 2992 wrote to memory of 1484 2992 MEMZ.exe 80 PID 2992 wrote to memory of 3756 2992 MEMZ.exe 81 PID 2992 wrote to memory of 3756 2992 MEMZ.exe 81 PID 2992 wrote to memory of 3756 2992 MEMZ.exe 81 PID 2992 wrote to memory of 2740 2992 MEMZ.exe 82 PID 2992 wrote to memory of 2740 2992 MEMZ.exe 82 PID 2992 wrote to memory of 2740 2992 MEMZ.exe 82 PID 2992 wrote to memory of 2772 2992 MEMZ.exe 83 PID 2992 wrote to memory of 2772 2992 MEMZ.exe 83 PID 2992 wrote to memory of 2772 2992 MEMZ.exe 83 PID 2772 wrote to memory of 4888 2772 MEMZ.exe 86 PID 2772 wrote to memory of 4888 2772 MEMZ.exe 86 PID 2772 wrote to memory of 4888 2772 MEMZ.exe 86 PID 2772 wrote to memory of 3772 2772 MEMZ.exe 87 PID 2772 wrote to memory of 3772 2772 MEMZ.exe 87 PID 3772 wrote to memory of 3148 3772 msedge.exe 88 PID 3772 wrote to memory of 3148 3772 msedge.exe 88 PID 3772 wrote to memory of 1824 3772 msedge.exe 89 PID 3772 wrote to memory of 1824 3772 msedge.exe 89 PID 3772 wrote to memory of 1824 3772 msedge.exe 89 PID 3772 wrote to memory of 1824 3772 msedge.exe 89 PID 3772 wrote to memory of 1824 3772 msedge.exe 89 PID 3772 wrote to memory of 1824 3772 msedge.exe 89 PID 3772 wrote to memory of 1824 3772 msedge.exe 89 PID 3772 wrote to memory of 1824 3772 msedge.exe 89 PID 3772 wrote to memory of 1824 3772 msedge.exe 89 PID 3772 wrote to memory of 1824 3772 msedge.exe 89 PID 3772 wrote to memory of 1824 3772 msedge.exe 89 PID 3772 wrote to memory of 1824 3772 msedge.exe 89 PID 3772 wrote to memory of 1824 3772 msedge.exe 89 PID 3772 wrote to memory of 1824 3772 msedge.exe 89 PID 3772 wrote to memory of 1824 3772 msedge.exe 89 PID 3772 wrote to memory of 1824 3772 msedge.exe 89 PID 3772 wrote to memory of 1824 3772 msedge.exe 89 PID 3772 wrote to memory of 1824 3772 msedge.exe 89 PID 3772 wrote to memory of 1824 3772 msedge.exe 89 PID 3772 wrote to memory of 1824 3772 msedge.exe 89 PID 3772 wrote to memory of 1824 3772 msedge.exe 89 PID 3772 wrote to memory of 1824 3772 msedge.exe 89 PID 3772 wrote to memory of 1824 3772 msedge.exe 89 PID 3772 wrote to memory of 1824 3772 msedge.exe 89 PID 3772 wrote to memory of 1824 3772 msedge.exe 89 PID 3772 wrote to memory of 1824 3772 msedge.exe 89 PID 3772 wrote to memory of 1824 3772 msedge.exe 89 PID 3772 wrote to memory of 1824 3772 msedge.exe 89 PID 3772 wrote to memory of 1824 3772 msedge.exe 89 PID 3772 wrote to memory of 1824 3772 msedge.exe 89 PID 3772 wrote to memory of 1824 3772 msedge.exe 89 PID 3772 wrote to memory of 1824 3772 msedge.exe 89 PID 3772 wrote to memory of 1824 3772 msedge.exe 89 PID 3772 wrote to memory of 1824 3772 msedge.exe 89 PID 3772 wrote to memory of 1824 3772 msedge.exe 89 PID 3772 wrote to memory of 1824 3772 msedge.exe 89 PID 3772 wrote to memory of 1824 3772 msedge.exe 89 PID 3772 wrote to memory of 1824 3772 msedge.exe 89 PID 3772 wrote to memory of 1824 3772 msedge.exe 89
Processes
-
C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2992 -
C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4960
-
-
C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3116
-
-
C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1484
-
-
C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3756
-
-
C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2740
-
-
C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe" /main2⤵
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2772 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\System32\notepad.exe" \note.txt3⤵
- System Location Discovery: System Language Discovery
PID:4888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=g3t+r3kt3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3772 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb0c313cb8,0x7ffb0c313cc8,0x7ffb0c313cd84⤵PID:3148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1836,1275369899946323067,4366694578572698301,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1864 /prefetch:24⤵PID:1824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1836,1275369899946323067,4366694578572698301,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:34⤵PID:1092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1836,1275369899946323067,4366694578572698301,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2580 /prefetch:84⤵PID:1804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,1275369899946323067,4366694578572698301,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:14⤵PID:3620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,1275369899946323067,4366694578572698301,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:14⤵PID:1188
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,1275369899946323067,4366694578572698301,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:14⤵PID:1380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,1275369899946323067,4366694578572698301,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:14⤵PID:1108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,1275369899946323067,4366694578572698301,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:14⤵PID:2508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1836,1275369899946323067,4366694578572698301,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5008 /prefetch:84⤵PID:4656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,1275369899946323067,4366694578572698301,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:14⤵PID:4336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,1275369899946323067,4366694578572698301,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:14⤵PID:4744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1836,1275369899946323067,4366694578572698301,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 /prefetch:84⤵
- Suspicious use of SetWindowsHookEx
PID:4592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,1275369899946323067,4366694578572698301,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2540 /prefetch:14⤵PID:4684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,1275369899946323067,4366694578572698301,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:14⤵PID:1032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,1275369899946323067,4366694578572698301,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:14⤵PID:2892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,1275369899946323067,4366694578572698301,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:14⤵PID:4660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1836,1275369899946323067,4366694578572698301,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5212 /prefetch:24⤵PID:4852
-
-
-
C:\Windows\SysWOW64\explorer.exe"C:\Windows\System32\explorer.exe"3⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:3320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=g3t+r3kt3⤵PID:4468
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb0c313cb8,0x7ffb0c313cc8,0x7ffb0c313cd84⤵PID:1780
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+20163⤵PID:3280
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb0c313cb8,0x7ffb0c313cc8,0x7ffb0c313cd84⤵PID:748
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe"3⤵
- System Location Discovery: System Language Discovery
PID:4940
-
-
C:\Windows\SysWOW64\mmc.exe"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1560 -
C:\Windows\system32\mmc.exe"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"4⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3568
-
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4940
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3320
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x000000000000047C 0x00000000000004941⤵
- Suspicious use of AdjustPrivilegeToken
PID:3144
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x4 /state0:0xa3944055 /state1:0x41c64e6d1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:1144
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
10KB
MD52d9630cd7be0bff7f4ff60da4e3c4d6a
SHA147a04ed5dd64e24bc3074af24a4ca4e21e2f0d23
SHA2563a8490b3a6712d171d1ea88176f2b6c1a458866a6c4f53e01204fbb35c87329a
SHA5128b61d366a1ea4ef3ed09a63a3eb24d3f7001c0755d931c885232271eda1c2cc1f3e2b531add0dc42c74cf6a780d5026ffdebd8f643c7662a711bbecc1d8153e4
-
Filesize
152B
MD5b4ae6009e2df12ce252d03722e8f4288
SHA144de96f65d69cbae416767040f887f68f8035928
SHA2567778069a1493fdb62e6326ba673f03d9a8f46bc0eea949aabbbbc00dcdaddf9d
SHA512bb810721e52c77793993470692bb2aab0466f13ed4576e4f4cfa6bc5fcfc59c13552299feb6dfd9642ea07b19a5513d90d0698d09ca1d15e0598133929c05fe1
-
Filesize
152B
MD54bf4b59c3deb1688a480f8e56aab059d
SHA1612c83e7027b3bfb0e9d2c9efad43c5318e731bb
SHA256867ab488aa793057395e9c10f237603cfb180689298871cdf0511132f9628c82
SHA5122ec6c89f9653f810e9f80f532abaff2a3c0276f6d299dce1b1eadf6a59e8072ed601a4f9835db25d4d2610482a00dd5a0852d0ef828678f5c5ed33fe64dddca9
-
Filesize
212KB
MD508ec57068db9971e917b9046f90d0e49
SHA128b80d73a861f88735d89e301fa98f2ae502e94b
SHA2567a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1
SHA512b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf
-
Filesize
24KB
MD5c594a826934b9505d591d0f7a7df80b7
SHA1c04b8637e686f71f3fc46a29a86346ba9b04ae18
SHA256e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610
SHA51204a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961
-
Filesize
289B
MD51cfe31f543dbac7d6ae94d7aee015585
SHA1b5201ed99ea86e8a175694aa687402e557240df0
SHA256f2eb6eeb6d739ea40fa9b76a44d28743873d3279e7c37616de8ca7ba84ba8d57
SHA5129dcfa13471706a0d6979a0ff1c7e3fe780e2f143811fdd54c9722f9b4d2bdd0694f765f8c30f37f2c869f6058a8dcf41ed87b269fa9409186e89f3d996ba897e
-
Filesize
339KB
MD5a92a228d1e1f8242e00de942f724a987
SHA1052da73c65d4bdad4944ac8297ea8f1f11e9ee37
SHA256c4a8ee7813119a70578606a24f2b07056efa87a4d6b27f2fe513fd170b75974b
SHA512f39a780bc8df25be15098b1046b0cec5e626b8b62f88a65790d38eede6d5e2fa6a4cbdb006ad0ea9d2120f4e5660bb3025960dda21f844124bf4802f63d0242c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize120B
MD51d14c07585a813c05fd9a8e528db5515
SHA1a943ce5126e8def63e89a0c9eac98a6bc97f94ae
SHA256663a2e7359d580650c2daea88ce4dd9ed85fb53f3a4286875628f80f8be02871
SHA5121e3aa25d3ef5b52301411339fb8c2d9f65dbe2aa7063e2031cba5af14b240e396c97a585e7f404d5dbe85eac20b414ddd88e481fcf3164956b2cfd31b4e78a08
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize120B
MD52dcb53978ee46f4d74c74681bedcb41a
SHA18833e63e2da8dfdbdb1b011165ffbc99042b7940
SHA25685c167aa465ec633ac623a37caef855eb1eea352047a99477797d7de825ac5dc
SHA51280fb8af5a3505d52963aa112a31ac40fc64a428fbfdff39574955429958705184d32bec3566dd63a519af771040ad08fc7d3e1cd31d66e7b28a96c2f286911da
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize120B
MD5adcd4413dfdbcd57dad4a0ac7ec20bbc
SHA16c671b094ee36d2a73f0d4e34d8a9cc3a818276c
SHA25618ffda39a2fb11e4dce280ba8ead0583ad700773ce62314362708eb4a8fd88c4
SHA512c7e5648ee0839696f84a1360262a51ad949fbe571289d17ea91e864a0044223599cc49fd0d2a2ef7c52d0af19615cec06b720a0d62b498b08f7647ff29c8571d
-
Filesize
1KB
MD54a96265c9f978339ecc057b1e40a23c2
SHA16393dd3ec9bf16c641985041ba1e143a2a459448
SHA256f2df909dfe04c469ffeb0d036ce6d61d9e8a45a3d5a12e113265bbd1f71f4701
SHA5121fa98cef40ab1c71f6c6a811127efdfac3236057dafb1a5f3d139cbb12cc9d4fd7724d60ea8acc22d5dd2b54d5b22be07ec58ebd50460146a1182750ed8910b5
-
Filesize
1005B
MD51eaebe04dee5fe80cb574452456f2246
SHA1f9cb8cd0248a2947b1c925633234fd0e92e6323a
SHA2568836beee5cc2ecc19621bf68ebc03743a98de973a4037e499b0769ac3767eb9b
SHA51285aca738853e186d41a9c35190d879e7bb1c71d82abfeea191a6e860421ce618b77f4f1bcfb5803b3e3da1505cac6077bed46b860ecabe990b4e4f03427da092
-
Filesize
5KB
MD554e4b7872472dfb6b2f3b86d2e8fa8f7
SHA1cb705f010de1c00f61309196e0ec1c5052b94097
SHA256882a756245bdb4dc445512e99e593fc28652d19c61cd5fe57f88d9cb21440dfe
SHA51236f7da0a59d4cb1a68056c45e592a410a79b3be346c28b7eba0f7cabb9f5172421259b59f038bad24506b8a8e7322960e7b9700481ba07d1dc4201c6a2d01d6d
-
Filesize
6KB
MD5f07f8a2d0614510227795d111fdd62f2
SHA12fbd0d16a9fa9f8de1ecae94598422ea01b5c86f
SHA25665b3d76c376cc1b7d0d3274fe313f76dcebe33fb34778513391d35cc03c2ed8c
SHA5124e9ac0015368a5a306811855df223cb0172898a704a05c0e6368bdd62605cf5459dfd9258890166a0eb57392fed3db6cbeb53febef97c1e4685bee2791493e9e
-
Filesize
6KB
MD50ee439bee65a8022f3c8a6eee2bd6043
SHA14cef94c9ee2a20b16dc48461a6775dc35c7bb23d
SHA2564a22fbd960f25db983ed31927f3f702c927a032219af2c7d1f756e4f45fbe1bf
SHA512000382564c5e8bc729e85925dce36f6464f3ea51f3d23022a74e2e62f69737f730174bb48f3c63ba6382feee319039f816e2b50be961e41a1ea73c23fd5edaba
-
Filesize
6KB
MD5ef4e01c614f6a0c0797601bbc4d65061
SHA1a6695aba2905238e87c279921b9f85a1930bdabb
SHA256175119754311c51fbaa774deafe3f7b898716fbec20ee8fdcbb04efdb03157ae
SHA51272ba668786909df7cd7afd33f74bc16d0f923c30aaf476491fc0e492d8c820ccd4abd56d5dc148f6f5111f061288b33ddc19c0284ddca47b0ef792508277f784
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
10KB
MD534ecd8e2cd032e5aab5055056aa5bd29
SHA15ced1ff0f525f787ce1115865e93de242a0543d4
SHA256fe87db74472280e8992ee54aa2b529a7a1a15494de363a1747d90dff0e4355a5
SHA512969a160d46efe978c01aff4e175d279097f3e52f59a7a9c194705e6f040c6aebe9231c7fa6ae9389f97ee0947b826bdef374bd56b0477de58d3218f3e3c41529
-
Filesize
11KB
MD56649ce18e0a544959e918f1664880355
SHA1f865af864c7161ab50c14fe5d6ea6205baf5cbb8
SHA2563cd1c4c887c2eecb8ec8fed4112a38e529a9b7dfbc90c8458ac85fbcd0de2a90
SHA51274ff905c0f3a025fcb02d56d9f41ba8cd1ab2e1c3084306097e345ff3dfc03d9827879849b097e30fec0011a86f2b70db2714aba96ab0a717b59dabae4187f93
-
Filesize
10KB
MD54d8e2297c2d2a19e55aee6b22d2d98b8
SHA14bf67634d7dc3cdf3e944eab43445fc6122a65f2
SHA2566452f5469396a400f5f32a40bee2ca00b05b6b4123417c6766fec1688431422b
SHA512253bc1bb14bf89a4e4da7661326e65adab6b2d424033d47f8e6ae323f95a5e713e42c1cf285fc617cd639c1437e40ce2f54545ddc22817f126c058c0da7e2e62
-
Filesize
218B
MD5afa6955439b8d516721231029fb9ca1b
SHA1087a043cc123c0c0df2ffadcf8e71e3ac86bbae9
SHA2568e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270
SHA5125da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf