hxxps://www[.]ve3rl[.]com/

Resubmissions

10/01/2025, 09:55

250110-lx64ba1lcy 6

10/01/2025, 09:46

250110-lr2xeatjek 10

10/01/2025, 09:41

250110-ln5h5asrfm 6

Analysis

max time kernel
238s
max time network
254s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
10/01/2025, 09:41

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://www.ve3rl.com/

Score

6^/10

bootkit discovery persistence

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
6	drive.google.com
34	drive.google.com

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Winword.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	Winword.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	Winword.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133809757360722824"	chrome.exe

Modifies registry class 16 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\쀀	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\ 谀疗\ = "md_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\md_auto_file\shell\edit	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\ἀ耀섀	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\.md	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\md_auto_file	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\ 谀疗	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\md_auto_file\shell	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\md_auto_file\shell\edit\command	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\md_auto_file\shell\edit\command\ = "\"C:\\Program Files\\Microsoft Office\\root\\Office16\\Winword.exe\" /n \"%1\""	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\md_auto_file\shell\edit\ = "@C:\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\Office16\\oregres.dll,-1"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\ἀ耀섀\ = "md_auto_file"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\쀀\ = "md_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\.md\ = "md_auto_file"	OpenWith.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Memz-Download-v.1.0.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\MEMZ-virus-main.zip:Zone.Identifier	msedge.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
3548	Winword.exe
3548	Winword.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2044	chrome.exe
2044	chrome.exe
5528	chrome.exe
5528	chrome.exe
5528	chrome.exe
5528	chrome.exe
1352	msedge.exe
1352	msedge.exe
2524	msedge.exe
2524	msedge.exe
5172	identity_helper.exe
5172	identity_helper.exe
2368	msedge.exe
2368	msedge.exe
1720	msedge.exe
1720	msedge.exe
2840	msedge.exe
2840	msedge.exe
1564	MEMZ.exe
1564	MEMZ.exe
1564	MEMZ.exe
1564	MEMZ.exe
1564	MEMZ.exe
1564	MEMZ.exe
1564	MEMZ.exe
1564	MEMZ.exe
1564	MEMZ.exe
1564	MEMZ.exe
1564	MEMZ.exe
1564	MEMZ.exe
1564	MEMZ.exe
1564	MEMZ.exe
1564	MEMZ.exe
1564	MEMZ.exe
1564	MEMZ.exe
1564	MEMZ.exe
1564	MEMZ.exe
1564	MEMZ.exe
1564	MEMZ.exe
1564	MEMZ.exe
1564	MEMZ.exe
1564	MEMZ.exe
1564	MEMZ.exe
1564	MEMZ.exe
1564	MEMZ.exe
1564	MEMZ.exe
1564	MEMZ.exe
1564	MEMZ.exe
1564	MEMZ.exe
1564	MEMZ.exe
1564	MEMZ.exe
1564	MEMZ.exe
1564	MEMZ.exe
1564	MEMZ.exe
1564	MEMZ.exe
1564	MEMZ.exe
1564	MEMZ.exe
1564	MEMZ.exe
1564	MEMZ.exe
1564	MEMZ.exe
1564	MEMZ.exe
1564	MEMZ.exe
1564	MEMZ.exe
1564	MEMZ.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2576	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 31 IoCs

pid	Process
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe
Token: SeShutdownPrivilege	2044	chrome.exe
Token: SeCreatePagefilePrivilege	2044	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2044	chrome.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe
2524	msedge.exe

Suspicious use of SetWindowsHookEx 51 IoCs

pid	Process
2576	OpenWith.exe
2576	OpenWith.exe
2576	OpenWith.exe
2576	OpenWith.exe
2576	OpenWith.exe
2576	OpenWith.exe
2576	OpenWith.exe
2576	OpenWith.exe
2576	OpenWith.exe
2576	OpenWith.exe
2576	OpenWith.exe
2576	OpenWith.exe
2576	OpenWith.exe
3548	Winword.exe
3548	Winword.exe
3548	Winword.exe
3548	Winword.exe
3548	Winword.exe
3548	Winword.exe
3548	Winword.exe
1564	MEMZ.exe
3744	MEMZ.exe
2820	MEMZ.exe
4988	MEMZ.exe
3744	MEMZ.exe
1564	MEMZ.exe
2820	MEMZ.exe
4988	MEMZ.exe
2820	MEMZ.exe
1564	MEMZ.exe
3744	MEMZ.exe
4988	MEMZ.exe
3744	MEMZ.exe
1564	MEMZ.exe
2820	MEMZ.exe
4988	MEMZ.exe
2820	MEMZ.exe
1564	MEMZ.exe
3744	MEMZ.exe
4988	MEMZ.exe
3744	MEMZ.exe
1564	MEMZ.exe
2820	MEMZ.exe
4988	MEMZ.exe
2820	MEMZ.exe
1564	MEMZ.exe
3744	MEMZ.exe
4988	MEMZ.exe
1564	MEMZ.exe
3744	MEMZ.exe
2820	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2044 wrote to memory of 2776	2044	chrome.exe	77
PID 2044 wrote to memory of 2776	2044	chrome.exe	77
PID 2044 wrote to memory of 3844	2044	chrome.exe	78
PID 2044 wrote to memory of 3844	2044	chrome.exe	78
PID 2044 wrote to memory of 3844	2044	chrome.exe	78
PID 2044 wrote to memory of 3844	2044	chrome.exe	78
PID 2044 wrote to memory of 3844	2044	chrome.exe	78
PID 2044 wrote to memory of 3844	2044	chrome.exe	78
PID 2044 wrote to memory of 3844	2044	chrome.exe	78
PID 2044 wrote to memory of 3844	2044	chrome.exe	78
PID 2044 wrote to memory of 3844	2044	chrome.exe	78
PID 2044 wrote to memory of 3844	2044	chrome.exe	78
PID 2044 wrote to memory of 3844	2044	chrome.exe	78
PID 2044 wrote to memory of 3844	2044	chrome.exe	78
PID 2044 wrote to memory of 3844	2044	chrome.exe	78
PID 2044 wrote to memory of 3844	2044	chrome.exe	78
PID 2044 wrote to memory of 3844	2044	chrome.exe	78
PID 2044 wrote to memory of 3844	2044	chrome.exe	78
PID 2044 wrote to memory of 3844	2044	chrome.exe	78
PID 2044 wrote to memory of 3844	2044	chrome.exe	78
PID 2044 wrote to memory of 3844	2044	chrome.exe	78
PID 2044 wrote to memory of 3844	2044	chrome.exe	78
PID 2044 wrote to memory of 3844	2044	chrome.exe	78
PID 2044 wrote to memory of 3844	2044	chrome.exe	78
PID 2044 wrote to memory of 3844	2044	chrome.exe	78
PID 2044 wrote to memory of 3844	2044	chrome.exe	78
PID 2044 wrote to memory of 3844	2044	chrome.exe	78
PID 2044 wrote to memory of 3844	2044	chrome.exe	78
PID 2044 wrote to memory of 3844	2044	chrome.exe	78
PID 2044 wrote to memory of 3844	2044	chrome.exe	78
PID 2044 wrote to memory of 3844	2044	chrome.exe	78
PID 2044 wrote to memory of 3844	2044	chrome.exe	78
PID 2044 wrote to memory of 5644	2044	chrome.exe	79
PID 2044 wrote to memory of 5644	2044	chrome.exe	79
PID 2044 wrote to memory of 5124	2044	chrome.exe	80
PID 2044 wrote to memory of 5124	2044	chrome.exe	80
PID 2044 wrote to memory of 5124	2044	chrome.exe	80
PID 2044 wrote to memory of 5124	2044	chrome.exe	80
PID 2044 wrote to memory of 5124	2044	chrome.exe	80
PID 2044 wrote to memory of 5124	2044	chrome.exe	80
PID 2044 wrote to memory of 5124	2044	chrome.exe	80
PID 2044 wrote to memory of 5124	2044	chrome.exe	80
PID 2044 wrote to memory of 5124	2044	chrome.exe	80
PID 2044 wrote to memory of 5124	2044	chrome.exe	80
PID 2044 wrote to memory of 5124	2044	chrome.exe	80
PID 2044 wrote to memory of 5124	2044	chrome.exe	80
PID 2044 wrote to memory of 5124	2044	chrome.exe	80
PID 2044 wrote to memory of 5124	2044	chrome.exe	80
PID 2044 wrote to memory of 5124	2044	chrome.exe	80
PID 2044 wrote to memory of 5124	2044	chrome.exe	80
PID 2044 wrote to memory of 5124	2044	chrome.exe	80
PID 2044 wrote to memory of 5124	2044	chrome.exe	80
PID 2044 wrote to memory of 5124	2044	chrome.exe	80
PID 2044 wrote to memory of 5124	2044	chrome.exe	80
PID 2044 wrote to memory of 5124	2044	chrome.exe	80
PID 2044 wrote to memory of 5124	2044	chrome.exe	80
PID 2044 wrote to memory of 5124	2044	chrome.exe	80
PID 2044 wrote to memory of 5124	2044	chrome.exe	80
PID 2044 wrote to memory of 5124	2044	chrome.exe	80
PID 2044 wrote to memory of 5124	2044	chrome.exe	80
PID 2044 wrote to memory of 5124	2044	chrome.exe	80
PID 2044 wrote to memory of 5124	2044	chrome.exe	80
PID 2044 wrote to memory of 5124	2044	chrome.exe	80
PID 2044 wrote to memory of 5124	2044	chrome.exe	80

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.ve3rl.com/
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaf6b8cc40,0x7ffaf6b8cc4c,0x7ffaf6b8cc58
  2⤵
  PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1824,i,13326290317981645532,14139764386563007732,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1820 /prefetch:2
  2⤵
  PID:3844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2044,i,13326290317981645532,14139764386563007732,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2108 /prefetch:3
  2⤵
  PID:5644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2188,i,13326290317981645532,14139764386563007732,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2160 /prefetch:8
  2⤵
  PID:5124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3076,i,13326290317981645532,14139764386563007732,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3108 /prefetch:1
  2⤵
  PID:1556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3092,i,13326290317981645532,14139764386563007732,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4272,i,13326290317981645532,14139764386563007732,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4644 /prefetch:8
  2⤵
  PID:3724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4820,i,13326290317981645532,14139764386563007732,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3552 /prefetch:1
  2⤵
  PID:5972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4644,i,13326290317981645532,14139764386563007732,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4892 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5076,i,13326290317981645532,14139764386563007732,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4916 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4712,i,13326290317981645532,14139764386563007732,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4300 /prefetch:8
  2⤵
  PID:1804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5340,i,13326290317981645532,14139764386563007732,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5456,i,13326290317981645532,14139764386563007732,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:1412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4888,i,13326290317981645532,14139764386563007732,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4264 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5164,i,13326290317981645532,14139764386563007732,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5104 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5528

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1216

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5296

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004B8 0x00000000000004D0
1⤵
PID:5304

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffadeae3cb8,0x7ffadeae3cc8,0x7ffadeae3cd8
  2⤵
  PID:3716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,14992703767796022767,16375162980334001776,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,14992703767796022767,16375162980334001776,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,14992703767796022767,16375162980334001776,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2540 /prefetch:8
  2⤵
  PID:5792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14992703767796022767,16375162980334001776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14992703767796022767,16375162980334001776,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14992703767796022767,16375162980334001776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4568 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14992703767796022767,16375162980334001776,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14992703767796022767,16375162980334001776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1880,14992703767796022767,16375162980334001776,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14992703767796022767,16375162980334001776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14992703767796022767,16375162980334001776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14992703767796022767,16375162980334001776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:5448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14992703767796022767,16375162980334001776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14992703767796022767,16375162980334001776,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1880,14992703767796022767,16375162980334001776,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14992703767796022767,16375162980334001776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:6044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14992703767796022767,16375162980334001776,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:1984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14992703767796022767,16375162980334001776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3824 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14992703767796022767,16375162980334001776,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:5316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14992703767796022767,16375162980334001776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14992703767796022767,16375162980334001776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14992703767796022767,16375162980334001776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14992703767796022767,16375162980334001776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3792 /prefetch:1
  2⤵
  PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14992703767796022767,16375162980334001776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:5940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,14992703767796022767,16375162980334001776,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14992703767796022767,16375162980334001776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6800 /prefetch:1
  2⤵
  PID:1052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14992703767796022767,16375162980334001776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14992703767796022767,16375162980334001776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14992703767796022767,16375162980334001776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7020 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,14992703767796022767,16375162980334001776,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6804 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2840

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4424

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1272

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5840

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2576
- C:\Program Files\Microsoft Office\root\Office16\Winword.exe
  "C:\Program Files\Microsoft Office\root\Office16\Winword.exe" /n "C:\Users\Admin\AppData\Local\Temp\Temp1_Memz-Download-v.1.0.zip\Memz-Download-v.1.0\README.md"
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of SetWindowsHookEx
  PID:3548

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4720
- C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe" /watchdog
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:1564
- C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe" /watchdog
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2820
- C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe" /watchdog
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3744
- C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe" /watchdog
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:4988
- C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe" /watchdog
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2708
- C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe" /main
  2⤵
  - Writes to the Master Boot Record (MBR)
  - System Location Discovery: System Language Discovery
  PID:3892
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe" \note.txt
    3⤵
    - System Location Discovery: System Language Discovery
    PID:756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
66d0d399cc174c6c107a034e208a9084

SHA1
189611bf8ede1edb38cdd059dc51d444d0e65df4

SHA256
1f1f39e8c3ed1d23f94e199820abb2985fa3df8693494df62b47e2e87064b40e

SHA512
7295440cbd2582b3308fab1b083423bf03f6d881845e5f8d2d481831daa903be6791c1321913076f0f3c5c20febd0bea2996b963088d3d164a828b6d79ecfa47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
165KB

MD5
a274a27349fb21fcfaa65ee7fc59123c

SHA1
fd2ed7ab65162f3ce9a59baeb290e8fa068c99e8

SHA256
dc60ba0c74202d95502b3ee8b7f671c58dbb6da64f347744584adcd553d0276e

SHA512
2f889ce0a6d8b7e36b79ab04f30414e5e19a4198da521bab1ac79adfe097d34bb14a2ccb2c620fd379338a31508bc2dcc99804ecde284e88c03fc8bbc131ce73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
133KB

MD5
48a1e6f39c43a9644c768048317bfa65

SHA1
e9472fc0c57d99c965e09f6d20b7fd2f66b0299e

SHA256
feae9ba0bf9df0e184e2b3a19da3e6423c4f7af2db824b91b7198425d998b6ab

SHA512
ab4fd517f05bedae0a5c4258d3fc7226cea22b81a4e6ca1aa54acc50c29d6b90db5096bdecc1d20c0a3bf04b1c2e748301acab56fd25e96d1340914f998c1bf7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
17KB

MD5
a75c0771ad920b3126e8c7fa5259c627

SHA1
066aac8689e0c8d6885b58272671c189e56c2542

SHA256
a92973e47e5b9ce381fcb05f91a8ce8c3e331c7ec766dc58602f4958c9a34f60

SHA512
9f371cd9538ecf948cc1b414ea66a38a9771ea4382b4824ea840c22303220514e8e0201cbf2ff2b863423d79795ff9720c156e3106044616c4c54ce21e7192c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
187KB

MD5
4cac55c8e1dc26e2257afc96307e9e26

SHA1
7ab6143411ba1f30cfc5d1bc1d8dd5511cd42126

SHA256
41d447f79e964ee9da68db4f99b36fd387e7eb636054e1740fba632750e50c52

SHA512
90710094e91fbe837381cfd2eebbbc09e2e8630d806aeb73de1a10e274ba3c7e732a6a31f4c3674f15724b9db723f48aa325e46cdd9500f3adf4d35b1afc9345

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
282KB

MD5
2f32e8c14b5c1bfe8c18e24c6d05c0f6

SHA1
fdfb43d8ac05c066990b8ba89cc9a8fffea2e329

SHA256
193376db797170beb640475b49ee3169a9d591f631917ae3982d52c31f6b5b8f

SHA512
6d65233363010bd43779369f0dded9eb155787a1fc0a93fc9bfb1907a2233e544650f636eedce6952dccae27f768ab40c91bbb2d9a1178a77d03b83f87a39298

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
912B

MD5
2be14d05da4d7b522747413b2abb770b

SHA1
ace55b55b6aa51e31d3244ba1dacbeedebab4ef2

SHA256
86e520e0c107faac4bf24d951789ca5743135a8e8e13dea4eb3681302a6f8da4

SHA512
545422736abe756dde992d7185e4cc08e2f2d17ef2448f8e7359e52fa56fb9e2b088a5fcf8d7cfd204b4e7948c383c0e22178e7e59d2e2aeb73c8a476b72e71d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
696B

MD5
e7c4543961be8c3fd10ff06ff2287500

SHA1
bf31efc92a094e60aa2a5b407b4213a0357ba95e

SHA256
7e9e3e52dfe5e93cc88ab7f7ad866bec1a99ad16badf0052f758ef0a6ff3cda3

SHA512
f55b799b9e3ffe8df9ca2316d58933c1b1a174f833904dfde46965cf82696b778238cd532df75b819b42bb19e2f89eebaaf57b9449fd732aac51790d87e032da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
760fac3539fd324bb3a5bde33fd59a54

SHA1
5492b1bb4ae6841ccdcb18f14990371ec93146d2

SHA256
a0051466c082e9c63af7ca4dd4b19f2e26fd921decb84e833a1a95b81b190289

SHA512
38126187fb70163f77c193705f91c992bdcfa8b500be16a062fa1f21ad9294acd977f09ecf85f16a399f480345bbe63d9896f5a5e65bfc596b55432c36b33e39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
8e645ebb74ba60e97739731fc7421e59

SHA1
916781ff43c78927e9a33dae5cb375943d704b76

SHA256
8d0bab2bc0d6e5e6e2caa9fc36b2d0f7e9846e98e1733a57edca67d6ff3a156f

SHA512
1571c334ceac735dd3be36540fb22620ac237d4c4746e2ef4457b1021e9cf5347ff9d25ee9cfb2cb682d08030bdeae5edbfc4b673e98ac6fe3555d65d6c3cebd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
e8ddc7645671f34319ed2d7197245fc8

SHA1
33cd283fe833b798248aeae34124ec26037ea449

SHA256
f3a33f18ed0fd775075df9161a69a2134363ee185c566332f71f53f8122c283a

SHA512
0536573597e9118a740bb4430a0da92c795b476aee6c06a3002db5baedee48900dbf9d4f0822947b9ef3b934c95a77ecae6263ac439dd441a1d133d461f2f237

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
9ebd3de9af00daa8bf43dfd53f6bdb42

SHA1
5346f5738b3719b61482745b9cc84a2bcc66746d

SHA256
13cb9dc2461be639fc00f81b5a9d6c3b132e86f82598891068bd1b28ca77d3ba

SHA512
868143a21991e148b085421b94273b023d1d641b168e70917e969ad7c7ee56d21dfc394bf04e5737b552ac0128bf562a63c97a1a3ac5dedf9937b737831b09bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
691B

MD5
c0542a9be2de01519a66dd97cb0b8dca

SHA1
6090c844e361948d2c296f58a0feec607b3e8132

SHA256
d3a9ed43633956800fa50363dcfbd85e4dfc6887e415e9f4e4858624d332d297

SHA512
0dcaa1529200308e79a4a1f1735770450cfdbe7948ebd5afd5647918e765472027486b4bc64433bb93d83b344fcd1e68361edbd75ea1ce2da206188e7add232f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2cf4777bd37e072d43957ef70a54cfcd

SHA1
5915d38032af2307caabe1777f51fc2fc67b09f1

SHA256
9b36ca5d6041c5ea828bff7baa8ae56cc7abbdb3b83b3471313f1a228fcb207e

SHA512
68b0b5116a70c38334f2ca09ae73470f208169c2dafccf53d097033188bbe479724f24108b4977179f30b68a4223f95e36157fdd1438c5d5757d449171ff4b63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
71f56ab37591602ae014e9d022b5d136

SHA1
7dcba3ac0e0aead5e4de7306955ba1bb79d6eaf0

SHA256
26d01ad01bf78ea68aaa8a7e78991f46ef0d1507e7de2e304751d52a62aba04f

SHA512
39fd06b4971fb3001fe1b78010e2062d5627b1c254b928a1b3bae8db20dffde2d75533b2e1d596104e5bb15197d6a2dacbc314bd7bef1f2c8c5d9c11f5a166e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
695a1884e3164b9cd65f1616e2ae0f3e

SHA1
f1bbc61f016a50706edf7d7141d9d7aa67e68df5

SHA256
d966bad725b420e1c009c96880d5fc21f63d0ed0d2278cb6a835f13a903a9c94

SHA512
4e642e8601201276b1325e203e47475758a156fc9d0c6b75adb0e1639378b15ab1a55c84488c644d91fc670760221da54cb6df129df7733fef89f601cadea99f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
da00bec7bd3e9138e7ffa870181a0bb3

SHA1
be7443bd0a6957b2295f385a32cb641069b7af6f

SHA256
3d5d6a0054c3f3eaa4d14a294cfd173efe408a5100061222dd728b0f51757d98

SHA512
ad088035f91809724d3d16e8af03d79a058d4d161ced27c5963335ffe1c42794f9f8f7f254dff4ea832e07d3777bb639d7e4791811081775bec94b50990c26fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8b70ba9232c6f3541545f9795414e7f3

SHA1
c5906578f9399d13b0ff651b617532f91f17c1ee

SHA256
b17d8c6bd3c98ff63b00a7028a9e6baef6c620c816961d5e5b5df955c7143a2b

SHA512
afb3c829e483e85744b3353d982fc82adf455e0d7cded59c40f3f723f07b6807d28d8eceeb08297aef850056eae0d6a68795d996b1c55d20618b1c8454806c74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0956e20177cc501bb1d37f60ec7a7353

SHA1
e1d45e650cc7d7fd21d718cdc3ea1141571bcb07

SHA256
0bda2256dd76e77fc7d053d5a6ac1086fb1db8f79b672a393b58b6199273423f

SHA512
efd7d02332e095e42bcd966ff20976cbed19b550fac150e4fb84ea1369c09a3a74ad6afa56acf89333524ed0e2fe4ff8e95334ecbc6383b7d37e437c0a0cba5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b6bb6205cf34fa5a77e2081178c9ee85

SHA1
ce8805594f59f61111203ba8b8966ddd9d7e3897

SHA256
680b894aa5acdc09d10c584a8c0473573ac92f0135f4450fa675b3fa121f9bc5

SHA512
4ab686e1fb23339afd59a76c78bcf162fac674a0e3ec5024496b32204b6aad8df3cf4b2e640b955758dd47299ee15d07e9333678705c11d823911864e304ce99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6c4ab2bba0d826c56e8789a298b4871b

SHA1
648e30e4110a76001cddb2e168c11d91eb7a9d9f

SHA256
04240ff50defb4e4f9bf790995dd9e77bd10b53f346d6584040d71816864e47d

SHA512
2364de7871a7a9e41d3389e4276a1c8cdd19f6beaadbddd665f2ae8ceb0abe5a65cae7f7c3b99acd86d3c9afe3682b94057fc21c918bd206e5fb45bf85641240

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
039dac0b5d939641b52e64fef55c9a99

SHA1
a01e47c878b373b7735b988b2735078b94aa1a48

SHA256
13202fe8fa4404f45fc27a14afd67096a25244e01c5fb4719b68e97d3540a4a6

SHA512
9c87d8ef62967fecab4ffa56c04141562edf3ef5e1e18c4b707007489b2bf508430b87978d8898f2cea73c2a0b14459562b838134b75b7441ee8256f063f8cbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
70b2a24e7e9851122b08574c710bcbf7

SHA1
8eedb79819e8b60d87a02923532dba92362d5a0b

SHA256
f59cb303f5d8dbc176a4ef4a9770c7822bda94bbf6e3a4e4d43e9e8c76409761

SHA512
8ec9625a4832f95662d4b65479dbbbeaa754fc84134cc6776daf400406a309a26116ae1ab8e600c1d6b7324d2004329c25835937ab14883d13dfd308ea8d3be4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9908a82ac1ce65daf7041b5eaea41837

SHA1
8a39b9f712c59420c53b9df9b433ca5fc2e68797

SHA256
0ddae0161be794d912a27c43e42e6463f5d89a5945129bf018aa3f924dc13ccc

SHA512
47682906a0971d885e29e2885de51eed3acfd11473689a793322077ebe66887a3d2483493cb8a2d66985d92e3f623e538c990aff4d144d4a8b4d8ce13935512e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
72e9dba7900fef5b10fe24368519c30b

SHA1
c1e6cfa316a46c8f241115f3f2c34ac65a9d7ced

SHA256
bb7540dcf97021f79d6d598c0e96b0c2b53d8cbcacdae4fda03c0549b1f26dbd

SHA512
eec498b9158f5ff8bd2c2bd72ffd9215200d550fec5773cc416a573405dd0ae49c4fa1ceb8e8690bc75e86c71b454a976b4b7511ecfb9c5065cea17e034975c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d21e2dddfb9ecce11461792806d907ac

SHA1
00cca2b68ce761bfb57bbc97cf89eb7230f0dd38

SHA256
d31156bfa6dd1a1f122fdcb7611b86635f435aef7916b688be6e890c78f687e2

SHA512
5acc2858e15fbe61932f8cadf3bed376235dca4fcf30fff385d2b0981241f8bdc4d9d707a8a622532cfa5756f338f89d301708154c5396d3faaed0a8370e4f83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b03287f91648c2190ea4d32d1073fec8

SHA1
45c2ec35251886a380af8f5300b54c819a6e98d7

SHA256
c84e57e33e32597c9c0553815a9cfc10b79372c7d1d6355358dcde512da5386b

SHA512
67179ca9571d678248213c485e4f32a85959c0ddc7f6573e1d43f93e8ce8cd23bba87bd20f9c9fbf6640a417f327b5df55600745f253d030e58b76b98aa9c1cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bc0c86bc373794ace76b0c152b15fd9a

SHA1
9931527218a8146460562d79826bc69830540408

SHA256
24a2caeb3f8bd28274f8a866e92ef55422874186059a20d19aff4cd37c9272f0

SHA512
8811f44f03d2dc3bc29c2de8be8b01bec60821bcefba678897ed69b02f6d4a92fe2d1210a95f16007be3d040f44f48c9bac15e13fdaa2c33e894372aba063377

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
81cf35d663dce1dfeed024400631f601

SHA1
65f95ffb992e26284e21586ee8a26f638f280c0a

SHA256
2d40b202c6e8980c6a91cfb21c75aacd9583f0411b27169b7b3dc8c2937d8670

SHA512
4b817419b37e944b718bd37a449635cd09fd1c40934d34efaf68906dfc25c2f38a43a945aabd32a1a711f356dc72d25c1f72e3597c1364353bc81a7216c53792

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5bb9a3c7f31be168b5fd04c1e1b0203e

SHA1
aaa87d9435e887124a9e5e3f0cf810a39de4707b

SHA256
99ed997da0f119da2d7fb3d98fb4118cf5d318b35c34de504956852c7b376f0a

SHA512
f9871c438ac8ef4d9147278e16c52d005626033a3d1cfee63cbf32de5cdd7b8c678eb9607bb7a6b40d6dbfd58736576dc9552d86b4fbb80b5ffe533036a9933e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1dca8ebff1842830bc181a55ac7028b1

SHA1
ef3e4b771af52eae13b3e6dcfedd24eaeca3d030

SHA256
46f8eb4f9adb023d20bc26a8cd60180dfeabf82dc54bd9583a7f8cc0f431bb5d

SHA512
56ede37a0aec51a6f46d76389c2000f849325f781d09d3cb8b3a97788dbf52ee08c8ff7e891cb308453ba92f8850ef6fc4b58eaf7732c0c293f00c84d76b7ee9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
f93613f7d95733838c78f59b4f61d3cc

SHA1
8a3c6bc1f2fa6d27c805f7aac93aabf4a18cf61b

SHA256
8c69c610acbe115d75da71f32291689765f4f826fd4d0289c93841d42754c03d

SHA512
a6daf559b54bb60171d5649e65f8cb2ead9de611c889f8862af3d55fb4b44142e6b3f7fadb042ccad9e34a8b865143e4a9d5b987a87b9ef29dc81ab9082b249f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
c1b9b44e8f2b18ea944913aaa1c26802

SHA1
9c8dab421b8677b202ebc6785ab98584328723f1

SHA256
f402bc2a20410a3bac95fe7765b8f0231b554fcd68e5ad1b3f5f8ac02a3b813e

SHA512
1f4509a3d7c2b99dff7c63dc0afa7b58e21c2cb3ffeba2b5c80145c33dd46a3df4232985d252313d144a917145bcaafb48b793f8dbe3e97e64278ddc7d1fe528

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
4c87c485ee09937a3ae3e57fb29e755b

SHA1
7d8d484cdf209df16621a716dda56665dd6db7d4

SHA256
6fa825aa730cb4d3c23bb718fc901305a14d5763d26ae95919d4ea7118fb2601

SHA512
8e9d437552f2edda16c89db8b43abdad12da8e35da14ff87cb89c4193a442c32b2ed03022d6412b9631273bffb641d239e4ff1b9461b512d935f313f0976e2b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
ce5f9df4bb36ea50e0d41bb39e39b86e

SHA1
eb18ca5386d8bdb017e7fdf23ade640e1e2bbc64

SHA256
8eccab6e0ef19bb04edb3d8ad99aeac49c663c569edf92731ccc6c6527d30f3d

SHA512
a6f899d14734bcfa2f5f331b16842f5c7e720a314d8a0fd98ebcb1d3be12c0d02fb677ce5d9cb39ab62ce0a463cf7a8b6d4bbde2527c62c07d6a05aa7526594f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e11c77d0fa99af6b1b282a22dcb1cf4a

SHA1
2593a41a6a63143d837700d01aa27b1817d17a4d

SHA256
d96f9bfcc81ba66db49a3385266a631899a919ed802835e6fb6b9f7759476ea0

SHA512
c8f69f503ab070a758e8e3ae57945c0172ead1894fdbfa2d853e5bb976ed3817ecc8f188eefd5092481effd4ef650788c8ff9a8d9a5ee4526f090952d7c859f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c0a1774f8079fe496e694f35dfdcf8bc

SHA1
da3b4b9fca9a3f81b6be5b0cd6dd700603d448d3

SHA256
c041da0b90a5343ede7364ccf0428852103832c4efa8065a0cd1e8ce1ff181cb

SHA512
60d9e87f8383fe3afa2c8935f0e5a842624bb24b03b2d8057e0da342b08df18cf70bf55e41fa3ae54f73bc40a274cf6393d79ae01f6a1784273a25fa2761728b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
47KB

MD5
0d89f546ebdd5c3eaa275ff1f898174a

SHA1
339ab928a1a5699b3b0c74087baa3ea08ecd59f5

SHA256
939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e

SHA512
26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
67KB

MD5
69df804d05f8b29a88278b7d582dd279

SHA1
d9560905612cf656d5dd0e741172fb4cd9c60688

SHA256
b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608

SHA512
0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
26KB

MD5
5dea626a3a08cc0f2676427e427eb467

SHA1
ad21ac31d0bbdee76eb909484277421630ea2dbd

SHA256
b19581c0e86b74b904a2b3a418040957a12e9b5ae6a8de07787d8bb0e4324ed6

SHA512
118016178abe2c714636232edc1e289a37442cc12914b5e067396803aa321ceaec3bcfd4684def47a95274bb0efd72ca6b2d7bc27bb93467984b84bc57931fcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
26KB

MD5
1ede9e3905933a66e0ce4b0cf2e90e9a

SHA1
2785ff8c11ad3855117a3c4dd2bdc59836cf00b4

SHA256
ff21ca7f713de6c0e23eff626f794ccb31b5f68f922cba7e4fec3ec0cda10cda

SHA512
efc0413871558d2009f89f6abfe74730d5c4bf51860e0e661df8af4242d166bd18083e15c29c0eb55f0c6f315cadc7d6338c2b78f311ee13d5691d121fa421e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
16KB

MD5
0dade13d267d8481bb51a2dd7b994b83

SHA1
b7a6a9190163e676cef83693abb8c2e6d64f0456

SHA256
95edb9c8b9634228bdad9d9d237ad933e8be7d3be2c4bacc6599e50124ebb29b

SHA512
d7b0890c98720775f03ef4f75ccf9eccb1f9eb1aea1ca545c562730ca1770da1646bfd97e72886b86d800952572be89f4bf6d195dcde30a7b88439c18c67be38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
7322c042b1a3d5f0c6128021b7846fa9

SHA1
89d49b0d7432c4ad01ca0f64b1f2ce1bc48f0a30

SHA256
d6a943488d10105c5913d03bc559ad24990d56c1051f9f5a1f5a7a1a09b39c23

SHA512
a4eb4d135528c78ee8b900d5d4268e2f295b685bc03c4f9408de4f96663a04ae39749722b9a32d92d035a8d81a81c0c359346ce984bf966c7992a2e57f079e44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
bc2b5e6a3c106df83b3b4935fdbf84ca

SHA1
b94dd5f926d723b47dbeb8357b00966d1726810b

SHA256
251f93fe0f930c32b0225875e1ca55753ac05cd9defe1c62598835e64efe7ffe

SHA512
a83c1f28c603c3994b6b796726d103e32f4e722281345daf9cb4d0aa021b74745935e30c7d61a80dd3be3b54f7435bc03ec7c875a16b5244d904441d9280575d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
25ff6c89b693b562bf127a0414b1f5a6

SHA1
5b2ce732f453e91f9502cc984e67c6dc59958de4

SHA256
eee94f964fe8122cb120a0010cc3e86c8d75beaf79b392b44c8958dce1e1c848

SHA512
ebd46688618eec6a00a5f87b8d6bbf9b1bbba839f4e4ebc8e9571f556dfbebdd8559ca178c71b3688d803e37f8541f7f57f3290216f954115245ff48fca3177e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f9846294b0aeb02ab3127ebbbbedc7d3

SHA1
7d28e5449cf9d74a55c0b9f593d13e5de1837183

SHA256
ddfb84ac66e01b93279666c0d3c4ce3798edda13098d2ba18d7f20c9c7d8e06f

SHA512
33f135792b885d2b684577f269311af55f27d00f60bf2676bcf6bc3ec7198775c803eb3a4e75ae00e81e5a0261cc2eaa401b6b76d84ec0d8feb1da959830b29e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cd57fa9c36f7b69ff0f155007e129bf8

SHA1
ade04045edf9ff499607e2d1b326df6c6f456a1d

SHA256
d4dbbd4411f29e92c3b07cf3218990520169dd433fdb933bc1f43e98dbcf0449

SHA512
f2f9d9b23b6d7194093e718c5f7e7527e28ba0990dac1e16f211862304276a8b21fa399d70c7bc1adba291ffd9881cece09aec0a41d2053efc192b87b6660cc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
00c4782dfa3e91cdcfaec6aa3151cf1c

SHA1
f82874d46167e1a0dc58713db13355c7e8baf1be

SHA256
96b473d1c241515f825920e05c7153cdc1d99bfdf4366e112003b556709531cf

SHA512
93029c82dfb294ba9c98213fed53cb8cebe96ba345c401ada8f104f5cd06059140c55a9cd75fced85224abcf46daa22775c3e075337b7a0ecfc7bba9646c25d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6171684cb768d6d626b4283f189250d3

SHA1
273cbccbe427689fcefcd4172ae4ae9e2de8afc8

SHA256
43818d3b494f8119469f90e0c70bf31fd43ab8023a57c81c0e415479b7efe0fc

SHA512
1cf5cf28b54d8b98ac95c457aeb4ca1dd1df4401c09e508d52b53afd755052d8cdc7889b0292b12acbf0d4042af10c072d577466e501926f6793832873a94a52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ccf4e31a06ccd1c27db72b03ab36e5c9

SHA1
e915bd19362cc937b59459738cd3ddfd99b77b60

SHA256
ecc04874ddd4fcd575570e2f7e9f64ce09312c4fc8580e0fdfb000c7f3e7615a

SHA512
f0a21df9c203077102ecd52d8771e85d9f86c50a30e9073d756d2713ecc42d7bdd466efa51d0ca70104e0810ebd3aca803aeddbbc9d251641c4806e6378e7dc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
787dc5c8cce4de6b0b425e50d9c8f3f1

SHA1
57084282087327813011d37a941e14ede7e42e64

SHA256
cc2d40750ab1012b8587c6c619c87e0b422dfcd742a4870a800cd689a27ef559

SHA512
e7a617d5868ce9e0e8eafd3e178253a0616c90507642b52e6c8775b24363f30bdd7581d0f8ac019d8e9302848967b740ccb63c7554674090769d8ab0b4128842

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5e12048ba14543280efd7f05cbdd9648

SHA1
13dec5e72efb12bf9e386b05e2d733f324b1cace

SHA256
1c783a0b146e8803d67ae537d26800d84107ca38245054746d54ac4681234c79

SHA512
4abd65d50f93dad2b0dd2446983ba9e7522dd43dbb639d41cec600eb2c20e363a2ca582c3e488082e918eccc5970fb1cb23d764e8e47a3fe0c04728c1559a2f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c25d18158fe397bc4cfdaf5dee625ec8

SHA1
808e43a1a85966a92f15693d71c1151fdb9cd011

SHA256
f61456aef2239e604d56498e8dcd8f8d6f45cfbf77b296db2ec08c3bc35c3304

SHA512
5a544675aa4aa94b468dfe295450ec1abfd275bd5b1a6412ebf599e2a9dff2c3e9840ccd07c673c8802a09f94ce94c8eca3caa0d0461b2569d6b8e6a4ef91455

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7b616124fbebc14f6f163b7ad38c2e5b

SHA1
3519fb8dead94b5ed67b4cf4970818977bc3d65a

SHA256
6e6828751080fb54eff0df41acaf7f9823e75493e2b64b9cfeab17430ba1d14d

SHA512
31a443c1d4568d6e0a99abba6f5f9d2ffd1a0ffc7426c5841fd4d41befbddfeb2bb19ccdd2407cde650092372c177005ab6f7ff2a196084a5d375b66dc01dcc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a19e2.TMP

Filesize
873B

MD5
2dc55271301cfdb817eca78dae94cf98

SHA1
56167486d2333649fb517325048f900723dafd38

SHA256
37835617f3282656ede5aff72746bffc62c1336b8a744639bc13361c4ce59ba3

SHA512
ddb56c717258073fd6964e0fbf478f703beef232b011a180b4be251006b6c66c7834c3eb0884ca763818878d479294e30e3ab22c8e9bd19a23935a24f3d2c03b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ace6fba90f235b20152de31a8642c5d0

SHA1
47f5fc0c560acd1163bb614e9f98c7d61db83f5a

SHA256
be46a6992cd50cf137b8e4e294a503d40daea34733c4f7715c158fd797ea43da

SHA512
d4b4527b03c98b938b84515305f3643250b6af136a6e7c893a152f4bab3e45de392192cf09822b56f36e0c922b491e64cfb9f432d16dccc1bd369e08d37abe4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
28889aa9ab685ddbded229fc0c994278

SHA1
eb97c09685da0e00658a86f68f0d166edd8af93e

SHA256
8f551e0ea275133fbc4f43e4b228dc71258d03caaa2cc871d8a2c3592db1aad8

SHA512
fabb763d2db3ba5cb052fe6e1d083665e8dd251d4647170b7ee7bd9c78bc8bfea0530f96f8c661a563888ba0f4cb80ac38055f9e2dd32a285aa7805745048bf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1dcf93a486054aa7daead4e24e91d2c5

SHA1
7ae03388470a006f06e6fa5ef0fce6169a6d3a82

SHA256
5187d6fc7d1458b040b8e3ab0115ad3e4d6a5ce9b9bb47b78349be5f07bd3372

SHA512
74c70a1ca3f01ee277d6f10916f73690b51e2b8f6146b7e28b547250cd36a57d6c2d5d32e96a825300d3d2a951b10c94f35101cd99ec2e3b459cbbd35a2edbdf

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\MEMZ-virus-main.zip

Filesize
8KB

MD5
a043dc5c624d091f7c2600dd18b300b7

SHA1
4682f79dabfc6da05441e2b6d820382ff02b4c58

SHA256
0acffde0f952b44d500cf2689d6c9ab87e66ac7fa29a51f3c3e36a43ea5e694a

SHA512
ee4f691a6c7b6c047bca49723b65e5980a8f83cbbc129ddfd578b855430b78acf3d0e461238739cd64c8a5c9071fe132c10da3ac28085fc978b6a19ee1ca3313

Download Submit
C:\Users\Admin\Downloads\MEMZ-virus-main.zip:Zone.Identifier

Filesize
151B

MD5
c0aaf6dc437b95d10bb053831c3cba7c

SHA1
f3b57f1b2dfc8a4ca0f366b7d1051d68f59110d7

SHA256
5d3db06bf246f33b99bfabbac16d6142e6bac695092228d5367b3cc03959653a

SHA512
9effe9ccb34ac61508648e32efb4f7fe8dd5ce195259f60707c720ac4cb9ebee0f5e944bda0ebd804eb441a8a32cf56336677389a9ad59a8c1d4402c164f2ff0

Download Submit
C:\Users\Admin\Downloads\Memz-Download-v.1.0.zip

Filesize
388B

MD5
76d0a1d84cca5c2404c1799556106891

SHA1
378a662c54fffccc1f2bc3cc72dcbb66e27c2779

SHA256
23b8378ff4073b47a9542c744e506ac2fde0cffba27a5ae8140f3856c9ddb6bf

SHA512
7931c992d09301f22b8c5dc861e35d4e98432f79d2ea48be07e24366ab6302ba8bd2fc85fc8e8af889da46f1588d33419c41afa8f4d46b60ed1d6d50531e3f4c

Download Submit
C:\Users\Admin\Downloads\Memz-Download-v.1.0.zip:Zone.Identifier

Filesize
168B

MD5
04f4d358437d239ec6ec44836e3baddf

SHA1
3be13f5880a1fb6c875fa2ad646270a080eeb47b

SHA256
f82532c264b7e9eb7f6a9600759550125d800683dc2d9908717f241a38b9a775

SHA512
1af4b7541511033bffa5a699102448384414d104678a71db671f1aefaa37ce76e33bc54aef1ba7d50013a021f8fc8838cf4257ede1315eb5845d42116b51e043

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
memory/3548-958-0x00007FFAC1ED0000-0x00007FFAC1EE0000-memory.dmp

Filesize
64KB

Download
memory/3548-1003-0x00007FFAC1ED0000-0x00007FFAC1EE0000-memory.dmp

Filesize
64KB

Download
memory/3548-963-0x00007FFABF8F0000-0x00007FFABF900000-memory.dmp

Filesize
64KB

Download
memory/3548-964-0x00007FFABF8F0000-0x00007FFABF900000-memory.dmp

Filesize
64KB

Download
memory/3548-959-0x00007FFAC1ED0000-0x00007FFAC1EE0000-memory.dmp

Filesize
64KB

Download
memory/3548-962-0x00007FFAC1ED0000-0x00007FFAC1EE0000-memory.dmp

Filesize
64KB

Download
memory/3548-960-0x00007FFAC1ED0000-0x00007FFAC1EE0000-memory.dmp

Filesize
64KB

Download
memory/3548-1002-0x00007FFAC1ED0000-0x00007FFAC1EE0000-memory.dmp

Filesize
64KB

Download
memory/3548-1004-0x00007FFAC1ED0000-0x00007FFAC1EE0000-memory.dmp

Filesize
64KB

Download
memory/3548-961-0x00007FFAC1ED0000-0x00007FFAC1EE0000-memory.dmp

Filesize
64KB

Download
memory/3548-1001-0x00007FFAC1ED0000-0x00007FFAC1EE0000-memory.dmp

Filesize
64KB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads