fc5bca3c384922d0d27ba63e56e22c4463206cbbf90ee50a115e644278837420

max time kernel
154s
max time network
156s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250113-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
18-01-2025 15:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Знімок екрана 2025-01-17 164150.png
Size

89KB
MD5

bc6ca19d49bf9037ac632b050e2c7b36
SHA1

3505656078d7dab8cb4e8a0987113d7d146d9cde
SHA256

fc5bca3c384922d0d27ba63e56e22c4463206cbbf90ee50a115e644278837420
SHA512

9ab597c0d067c7ce438ab8e0d7d554124612b85a4e66640e979677866f9dfde48489c33120e75ec902fc6bc85b3616cbd53bf6e9d03457ebc1f4d20e25cd9f4d
SSDEEP

1536:zgmr9TL/IDgOTLEU3uaMSnu2YsA3DNq3EcUfeEoCTWoOkS00zsRh3XY3/+hAOAf:8mr9TCTxrANot6eEzq7kS0dXY3sAf

Score

7^/10

discovery execution

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000\Control Panel\International\Geo\Nation	cmd.exe

Executes dropped EXE 1 IoCs

pid	Process
5848	MEMZ.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ-Clean.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133816866004866905"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3104	mspaint.exe
3104	mspaint.exe
3836	chrome.exe
3836	chrome.exe
1896	msedge.exe
1896	msedge.exe
2012	msedge.exe
2012	msedge.exe
5960	chrome.exe
5960	chrome.exe
5960	chrome.exe
5960	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe
2012	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe
Token: SeShutdownPrivilege	3836	chrome.exe
Token: SeCreatePagefilePrivilege	3836	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
2012	msedge.exe
2012	msedge.exe
5192	cscript.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe
3836	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3104	mspaint.exe
3104	mspaint.exe
3104	mspaint.exe
3104	mspaint.exe
5848	MEMZ.exe
5848	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1080 wrote to memory of 3104	1080	cmd.exe	84
PID 1080 wrote to memory of 3104	1080	cmd.exe	84
PID 3836 wrote to memory of 1208	3836	chrome.exe	92
PID 3836 wrote to memory of 1208	3836	chrome.exe	92
PID 3836 wrote to memory of 660	3836	chrome.exe	93
PID 3836 wrote to memory of 660	3836	chrome.exe	93
PID 3836 wrote to memory of 660	3836	chrome.exe	93
PID 3836 wrote to memory of 660	3836	chrome.exe	93
PID 3836 wrote to memory of 660	3836	chrome.exe	93
PID 3836 wrote to memory of 660	3836	chrome.exe	93
PID 3836 wrote to memory of 660	3836	chrome.exe	93
PID 3836 wrote to memory of 660	3836	chrome.exe	93
PID 3836 wrote to memory of 660	3836	chrome.exe	93
PID 3836 wrote to memory of 660	3836	chrome.exe	93
PID 3836 wrote to memory of 660	3836	chrome.exe	93
PID 3836 wrote to memory of 660	3836	chrome.exe	93
PID 3836 wrote to memory of 660	3836	chrome.exe	93
PID 3836 wrote to memory of 660	3836	chrome.exe	93
PID 3836 wrote to memory of 660	3836	chrome.exe	93
PID 3836 wrote to memory of 660	3836	chrome.exe	93
PID 3836 wrote to memory of 660	3836	chrome.exe	93
PID 3836 wrote to memory of 660	3836	chrome.exe	93
PID 3836 wrote to memory of 660	3836	chrome.exe	93
PID 3836 wrote to memory of 660	3836	chrome.exe	93
PID 3836 wrote to memory of 660	3836	chrome.exe	93
PID 3836 wrote to memory of 660	3836	chrome.exe	93
PID 3836 wrote to memory of 660	3836	chrome.exe	93
PID 3836 wrote to memory of 660	3836	chrome.exe	93
PID 3836 wrote to memory of 660	3836	chrome.exe	93
PID 3836 wrote to memory of 660	3836	chrome.exe	93
PID 3836 wrote to memory of 660	3836	chrome.exe	93
PID 3836 wrote to memory of 660	3836	chrome.exe	93
PID 3836 wrote to memory of 660	3836	chrome.exe	93
PID 3836 wrote to memory of 660	3836	chrome.exe	93
PID 3836 wrote to memory of 1924	3836	chrome.exe	94
PID 3836 wrote to memory of 1924	3836	chrome.exe	94
PID 3836 wrote to memory of 1412	3836	chrome.exe	95
PID 3836 wrote to memory of 1412	3836	chrome.exe	95
PID 3836 wrote to memory of 1412	3836	chrome.exe	95
PID 3836 wrote to memory of 1412	3836	chrome.exe	95
PID 3836 wrote to memory of 1412	3836	chrome.exe	95
PID 3836 wrote to memory of 1412	3836	chrome.exe	95
PID 3836 wrote to memory of 1412	3836	chrome.exe	95
PID 3836 wrote to memory of 1412	3836	chrome.exe	95
PID 3836 wrote to memory of 1412	3836	chrome.exe	95
PID 3836 wrote to memory of 1412	3836	chrome.exe	95
PID 3836 wrote to memory of 1412	3836	chrome.exe	95
PID 3836 wrote to memory of 1412	3836	chrome.exe	95
PID 3836 wrote to memory of 1412	3836	chrome.exe	95
PID 3836 wrote to memory of 1412	3836	chrome.exe	95
PID 3836 wrote to memory of 1412	3836	chrome.exe	95
PID 3836 wrote to memory of 1412	3836	chrome.exe	95
PID 3836 wrote to memory of 1412	3836	chrome.exe	95
PID 3836 wrote to memory of 1412	3836	chrome.exe	95
PID 3836 wrote to memory of 1412	3836	chrome.exe	95
PID 3836 wrote to memory of 1412	3836	chrome.exe	95
PID 3836 wrote to memory of 1412	3836	chrome.exe	95
PID 3836 wrote to memory of 1412	3836	chrome.exe	95
PID 3836 wrote to memory of 1412	3836	chrome.exe	95
PID 3836 wrote to memory of 1412	3836	chrome.exe	95
PID 3836 wrote to memory of 1412	3836	chrome.exe	95
PID 3836 wrote to memory of 1412	3836	chrome.exe	95
PID 3836 wrote to memory of 1412	3836	chrome.exe	95
PID 3836 wrote to memory of 1412	3836	chrome.exe	95

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Знімок екрана 2025-01-17 164150.png"
1⤵
- Checks computer location settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1080
- C:\Windows\system32\mspaint.exe
  "C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Знімок екрана 2025-01-17 164150.png"
  2⤵
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:3104

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:4020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ffc40bccc40,0x7ffc40bccc4c,0x7ffc40bccc58
  2⤵
  PID:1208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2012,i,7504575356378484942,8685566537002632066,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=2008 /prefetch:2
  2⤵
  PID:660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1920,i,7504575356378484942,8685566537002632066,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=2040 /prefetch:3
  2⤵
  PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2260,i,7504575356378484942,8685566537002632066,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=2292 /prefetch:8
  2⤵
  PID:1412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3152,i,7504575356378484942,8685566537002632066,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:3828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3184,i,7504575356378484942,8685566537002632066,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:3348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3788,i,7504575356378484942,8685566537002632066,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4556 /prefetch:1
  2⤵
  PID:2012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3760,i,7504575356378484942,8685566537002632066,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4696 /prefetch:8
  2⤵
  PID:4376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4928,i,7504575356378484942,8685566537002632066,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4660 /prefetch:8
  2⤵
  PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5220,i,7504575356378484942,8685566537002632066,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5076,i,7504575356378484942,8685566537002632066,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:1392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=504,i,7504575356378484942,8685566537002632066,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4640,i,7504575356378484942,8685566537002632066,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4564 /prefetch:8
  2⤵
  PID:1932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5204,i,7504575356378484942,8685566537002632066,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5576,i,7504575356378484942,8685566537002632066,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5848,i,7504575356378484942,8685566537002632066,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4648 /prefetch:8
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4996,i,7504575356378484942,8685566537002632066,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5808 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5960

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3780

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3732

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:540

C:\Users\Admin\Downloads\MEMZ 4.0 Clean\MEMZ 4.0 Clean\MEMZ-Clean.exe
"C:\Users\Admin\Downloads\MEMZ 4.0 Clean\MEMZ 4.0 Clean\MEMZ-Clean.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=dank+memz
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  PID:2012
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x140,0x150,0x7ffc2de046f8,0x7ffc2de04708,0x7ffc2de04718
    3⤵
    PID:2796
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,2340269452187622785,6452234438616279051,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
    3⤵
    PID:3936
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,2340269452187622785,6452234438616279051,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1896
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,2340269452187622785,6452234438616279051,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
    3⤵
    PID:3140
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,2340269452187622785,6452234438616279051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3644 /prefetch:1
    3⤵
    PID:908
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,2340269452187622785,6452234438616279051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3652 /prefetch:1
    3⤵
    PID:976
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,2340269452187622785,6452234438616279051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
    3⤵
    PID:2704
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,2340269452187622785,6452234438616279051,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1
    3⤵
    PID:5312

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3364

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3332

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\MEMZ 4.0 Clean\MEMZ 4.0 Clean\MEMZ-Clean.bat" "
1⤵
PID:756
- C:\Windows\system32\cscript.exe
  cscript x.js
  2⤵
  - Suspicious use of FindShellTrayWindow
  PID:5192
- C:\Users\Admin\AppData\Roaming\MEMZ.exe
  "C:\Users\Admin\AppData\Roaming\MEMZ.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:5848

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
696B

MD5
70d9acfb5a177f3f44f6b8ba6b8c8fa8

SHA1
6929a678087c000118f640225ed8564e957862cc

SHA256
13992e1d0f57cb422e03eba74adbc9f9e30537566e91cc05ad2e172f673d6345

SHA512
21f0cb6661b6ee41856bbb806c7d5d492ecee027ab095616bed61d2c600448bd7102fffee6eaa698e683b0668a99316d357a59be2040e0cc8c7de176fd499520

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\8eac58ec-4555-493d-845d-3f71c4580270.tmp

Filesize
1KB

MD5
e98a8d3a495e9c284f69a13ad4623c86

SHA1
8e7529b4b96b559401b580ad83996b9450353a3d

SHA256
4e2039ef2e86c59dae22977ac4ae30245d33930190ccb4fd7a818c9dc4bfa266

SHA512
9e694c6eb0f865230f072f8e54e752135a2464d0f2aca78fffa6208d01648f2eaa5d92059ef8a0837674b9a79602bce0fc4e5de105b08c5efcc1e2f2ab9089b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
965aba89fc7879c077607ae7b7917130

SHA1
ecd643323c88dd502e001451cac01279863c108d

SHA256
0e0fe2f89affd4b96a1a01a1777a41b2236cb479cad3f57b80876916a10d4385

SHA512
dded25958e1d01d857a5c7febf17445f5853bbc8b258e9e4a783777f07033c04c4323313f0bbbcf9acbeff86f1f678f3e6829f2c726331e1af600efd676d9cc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
a1bf693efe8be95cfb0173079ff4f8d3

SHA1
8cb63b2b01500ee61d181141a7bcca8597e93bcd

SHA256
6272b78d8e8071f9d73e26ed9761a455e5eabde991612263cd1f4492a5f8e86f

SHA512
5b47072ab1b4c13d69d56230fdcb1c68e6b05df48f6d08f14122dcabd2c3e14be0c9d63fc0f583939dc383730cd7a2f3aa08993d4d0bf35ab4a34db7bf9f2c37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
5744a439583f0fc9d611f0e55f5af6e3

SHA1
67797f341aec36e3b437bae0ef917b015e3fb824

SHA256
689edf7f82c3940202ed02d227b347c150a2ccbc9c69ddc239a3282676b4192e

SHA512
473b19c0d0e8b42f40a2efd319c0daa822f75c6d02e898318785db50c7fa061cae4545b3c4085cb6e553cf27b2846b78e4c54ab24c14dad5b40840862383e0ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
dd9f40f0307b73a9c5d123bdd794347e

SHA1
69ceae4b89639a0dc52cdcd16acdb9ffe440499d

SHA256
08c349cab3f81aa55b886eed758428079b75bb023dbaff5528b339d5dc424456

SHA512
5ce76e7314e6938e29632eefff14f8be6c88e218c1c6eb08a29c4d1618876ddcdab5fa0a428832a1ba4881569761ebb10163dd00ca9bda7eb8adc7904c039148

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
03aa94104bd6d5b753a745a7c9c97ff8

SHA1
f3a73a1e59469bede76cdb37fe97755faf8bd9a3

SHA256
4e6071c2aec0f29b21f726b5ec40d7d5045782da7feb6cb0181cf4e7032b4e83

SHA512
6d4370c3d9e4b900046108485bb6c200489f822ad234d93c8d38b30a15be70a318623e20cb20a1c8ff4edb1b03319a627c93354adfbd056de27b2b17d75035d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
1d7df09d6eb618e3c8f5feb6b6d13ba4

SHA1
63bc5325e8932c921361f3a8d056bd92fde690f1

SHA256
3edf0535ad4ab318bdb2bcee308deaa97ceb421e5ff8293830b475628f71d20f

SHA512
8e15f74c4fe0abc6efffbc02f803c7b98a61c14b7fbbf071170738f55e0b4c4ce80d2b670ce410119c2dcfe987f5beda611ca61921a02f3b982f34b50d1e9206

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5dc1e0746f3e197f6f64cc5a0315c94e

SHA1
f64a49afe5ed3f0bff97a3918e37543db1952c4a

SHA256
b0d4d18a1b5e97e72dcd6f2d68b398534f91f486050ed9831240a3c09ee77b0e

SHA512
3127b70ee2e6de798129620c37ac5d48d7eb44a0b628980ade8eec1d74bd8be8b2f6d57946b9dc7832a33761959f2c4b82dc99dfdcb222f6d9ae8f7b3275b0d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
421827504152837779d89be15ab5180c

SHA1
aea2989c282d298721128574c60885f9cd27ac6b

SHA256
866ff05930b3c682dcb0ff1a3f4888b7d61f4fefbe00c917180f3ad83c024702

SHA512
3ff104662e8804429bedbdfbcec5c5ccb2131910fb15f34b12eba4077e2c2c21de127c281e9d9505b7faf2a4370d87b997cb644bc40355c9be04c33f8c3ea546

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5e10218d39b39c4e40590451b41e6972

SHA1
6b5779a3a88b15efad2a9f68c15b69cf2801f89b

SHA256
8895e3004967492964143c24f20364fe085026e797fe4ef03cb40e0cc040f95d

SHA512
593f774e2aa8abed5e2a22c565a95c8318cf18bede9361836e6b4bdedc080018308da4d2d4d24b622d256ee0b325d35b5c411a78e9bc6bc6d011b6b74533d33c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
30f0b00605cee4653455158ed741d5f3

SHA1
497aacd34e2f0d1b435459a88e27bdad5061f388

SHA256
580002c259e94668410a266d4ef3f219b5ddce460ad1713f7dcea1e6dad9e4bb

SHA512
bb07f3a5dc5dc86091fb8529a7ddb83b2e045a55083571845121188a586d55c96c46d638f5fe93197e7eae4ad1dbbb945b07c19099d192c331b2320531bca06a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
43b8672291b01025ec2fc335877d6473

SHA1
4ec583b97681a53f2b46451dde042ba60fbba2e2

SHA256
030cc8294bf30f29e29fe7b23af139bcdfcf3c8ed0ddd696d272f79dafbddb09

SHA512
b694be23e8f80c83f9bcd529980ab317b04b771219e0bf60e8199406708bf327cd5bcf6f7e04ee3746c160e58409bce84baccb08db4dcf2d5d8a9a98e44c904e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
ecad958304c3920c870201e95c95bfba

SHA1
1d09d0ed37fd8bb7ceaf546ded2f5e347ba18f22

SHA256
7b8941050eef963f5213dd8d5de7b32d39489a4d79f96067ed7a0263dbd5b594

SHA512
95eed5bb2d648bd01b9061ea7a7789e54ccd945663b3e9d4985efaf8973346ee5c76025d724de6e484f501e78c615d66c06b60ec39cc73f862128d0311798aad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6ebd6c99ddd373fe72f207a00af6465a

SHA1
a1b0b082b582f98de2ef0819c5218003d3169857

SHA256
3782c5dc41714f677c734f3d1dc7c71b048a28df98867dba082c76c2755c2719

SHA512
5d72669f735d47cb1a8e66b7d64d869d0462d53f8b48d84a0e55fcca1609d5a5a45dc8d037028d439cb0f9b40d496563198dbe75b1ed2cb0590c338cb1152a36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7f37c90cb60d89fe18275bcf079b6d17

SHA1
669d89a9baca3dcbe63c8ff968b368a3a9118c84

SHA256
c08a6c588af447659fb161cf21def796ffd2c0fa22dc2e6299591a0a07191872

SHA512
d012bf950b06840255ec8808e3bc39224ba16e0b09be0def8c513647f1082793b3353ed70e1c0fcf086af7c1f9be32311d4df77bbf52316710e8151f011e9531

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
5a1caa660762533c10c55f29a31bae58

SHA1
9148036292e593791235533ba926b398eafdf967

SHA256
863cddf3e576158a4154dcc0953c029aa1e66ef07c5019cd8bad607acb0730f3

SHA512
79b27f1073832ac2a8112b2f1f42e9e81361a2fd48cbb6eb57ddec9c8c0feeda0c8958bb7ebebe291dc84f91da5e951929a211c41fbfc64586a5896fbe4a75e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
7e9b5ff959837fb46bc8db276e3f201a

SHA1
da6fb865d6245249407587581c182cfed908ef64

SHA256
26e4a3f6270cf6c33e824182b57ea2ef86930bd6cacb96c99b834a6b194cea12

SHA512
c757a68dd9070446732834802eb47b21b35be8f2c66529d61bfa28ca738329993311e3a1d57c6613795066c12316cbe98bb19ae5f1aa1c41f6771a1c93be3ea2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
555ca129d23501fea132e716c19a7769

SHA1
1f1a3b17702b3e6de10557c1fd8271d60f4193bc

SHA256
d470a53ebb683d2c4c30d8e57c1641c292baaaa7677a0aeea57b1a6d8f27510c

SHA512
3086d20835fc53fe890be10019b2f86da2afdb133b49608f6cab0f1698ae59c02c0352169c66adba4b7c2fb0ef2c20cf7e4ad3861b6727d534afea7f8b2b71f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
8428e40cd560bb9a20511573c7efd832

SHA1
fb2863107f9cd3d1d0c20584045a0eda241306eb

SHA256
bade42930a1466e2a317aa4689d74dedbd955aedb9281f631d5e88f38ce7d1ac

SHA512
c5b7923fe0c8ed595ef143824bc0a4bd4402b1b70b6516dcd0715b4daad766fbd9735230776c28f2f5462e22226a44a74c19c0fd4837a97e85e9274ca7afd4ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
0038f8f17e7423aac2794f5aca056e47

SHA1
7847fead94c20c8ea4ad8a259a6c4bfa2694d8bd

SHA256
da2ef46a456cee94fbac184aae4cb5fc358c96f4a9a6af734a298ea4905223d6

SHA512
f330c5fdc979fc7832e36e900b5287d78529d1ecf957efac44c1aa685b0b63d230c2dabe4f62566b9726d105adb4b650f61d8700f3de3f0c820b3a6f6caf14ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
d6829b8e15a48ba0a659b6cbb22ed322

SHA1
bb9b241bd0d64137d7f2e766aa100f775ad9649f

SHA256
5f95ea076666508700bb87ed10bf4be13348bdc1f1535fbd314153ed37ff49aa

SHA512
dbecd549013c3d388149698d23e8831380e1149bbf9de1dd2252805a8161a759888772db60d615afa5ec025c8f013d926c0a9fba776c2da6a0b43fb382744064

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
8a2000cd98444426c0742ef10d7dd777

SHA1
b4f3d658edd542c143a6de704cf17cc6f56ef894

SHA256
261c26776df06cd1e7fa8181ebe31f8991afb0bb13b14f08a3b482f6d43853ff

SHA512
7ed966baa5427c183065bad2719a5c980e086aeea7db1f831f7ae4c95b4037ba9aa9fa49840003737be0e9310014e409c75156ffcc55f135b61d5ff9a2425e0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5408de1548eb3231accfb9f086f2b9db

SHA1
f2d8c7e9f3e26cd49ee0a7a4fecd70b2bf2b7e8a

SHA256
3052d0885e0ef0d71562958b851db519cfed36fd8e667b57a65374ee1a13a670

SHA512
783254d067de3ac40df618665be7f76a6a8acb7e63b875bffc3c0c73b68d138c8a98c437e6267a1eb33f04be976a14b081a528598b1e517cdd9ad2293501acc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
254fc2a9d1a15f391d493bff79f66f08

SHA1
6165d5a9de512bb33a82d99d141a2562aa1aabfb

SHA256
2bf9282b87bdef746d298cff0734b9a82cd9c24656cb167b24a84c30fb6a1fd0

SHA512
484a1c99ee3c3d1ebf0af5ec9e73c9a2ca3cf8918f0ba2a4b543b75fa587ec6b432866b74bcd6b5cdd9372532c882da438d44653bd5bccdbc94ebc27852ff9e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
215KB

MD5
d474ec7f8d58a66420b6daa0893a4874

SHA1
4314642571493ba983748556d0e76ec6704da211

SHA256
553a19b6f44f125d9594c02231e4217e9d74d92b7065dc996d92f1e53f6bcb69

SHA512
344062d1be40db095abb7392b047b16f33ea3043158690cf66a2fa554aa2db79c4aa68de1308f1eddf6b9140b9ac5de70aad960b4e8e8b91f105213c4aace348

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
17f312d60e48499c2ac71198fe7af9d3

SHA1
143aecc18dc80fde42d93e16d4fe2918e1304c45

SHA256
2b206b9f72f7524cd234d812e205b9d83fafd9025d1c513a619b17ee411b4cbe

SHA512
80ea8b040234553d2c8e3214dbc6a16b59b7c513be6e4d84a5cce0f08e703c5b5ecb825683041c65366679c40cf60f9891ccaf8dd41a270f749af67bacabb874

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
7cafb16821f39694d4077389eec99eb9

SHA1
c8cbe5aa8f3eb0fbf52255fa2142f8fab2256d9a

SHA256
eb84a27150a8bc21c08c3598e04fe2eb3e0d057e90df31bfbe9b913a177cf595

SHA512
bd63378acbf5c1fddacf8d75e749856601e11886543935cd0db682a7521ec3403d30979661e7b3acbf19d6bcc3d891e4d0badb205cf90e9e1402f48cc337c553

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b0fc240f3efeca72880c80ff10854009

SHA1
f07890abe56318f5e9638be1725b5c30a30cbc5d

SHA256
eb713497383422bc503231f64311730a131f5f61e24f7242b59cbedf01ca668f

SHA512
4830bd83af0e15f020dd6876ed49895ec4a1c417e389e14aaa39899d1e2de5c1abccd8b3233585fcef5370692250de5a2128bb33ff7b2dac6c2beaadc3f96af7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bde4bfc28445b1865e076ce359890e37

SHA1
6ac00bb5ad713986aff8d7f8c9d666c9da8d5b1c

SHA256
807575ee1329d22988875369a324ef4e4b543d32f8f37abf1c89d7dbaaa40f27

SHA512
3152f084fa3a240b2b263b0b9bd6ec29cc6a0bad61420157b27f467815b9b8fcd629068259ae28d4a90e98722f77370797116adfef3c992e39f4be24ac0ae941

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
48febe0b0625901956573dfb2378e7ed

SHA1
c324173a8f8fd7a6a7398f6bb24dd2ee11d3cf24

SHA256
f0fae7ad33efdd05845d0d631ce8341ea4b6dfd4c45be844f0c117738df9c0d0

SHA512
fc38a0c64e67e3b5d43f787fe86f700e6f753d8e90bcebc446d4a8c631b9e4362a74fa862a5b2ffc74f3f5236d3ecf006b341042b5469d1cc24f2c325a607a91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
c7372f6f9d0923743d6d08f6c8bc97a0

SHA1
fd0a415ddcf1bd2654e13ced6c05ecca2bf1fd7b

SHA256
d83590f58933f76e77c19f2b22cb9a251df97acdac420fb0d58dbf3e4dd3690b

SHA512
eb02d57f466d111e4f4b362b8cce2f0768ba9b3ed4f727092d4ac4c96204d3470b91e1b46ae297fe2be83b0485cd25b76ab7c2e1b20ccc141899ba41aa27ea2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
d5cdd0c1083b7985a3149aa00248bf11

SHA1
aad635c11411d1096062c14585df5ffa5f335648

SHA256
1bba2da720a8e16b41350cc025b767927a036fa89ea68475bb6cf058c7673cec

SHA512
0b76b9113859675feccfed8b457e61558b975be238bb41921346df37bd86da3aa7e65ad839a148591b73c1ca5aecc855a7f8b613d098a249a61f5e99f9be3af9

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe

Filesize
12KB

MD5
9c642c5b111ee85a6bccffc7af896a51

SHA1
eca8571b994fd40e2018f48c214fab6472a98bab

SHA256
4bbf7589615ebdb6c769d6d2e7bdcb26072bac0cda6e225a4133ba8819e688d5

SHA512
23cc74b5a7bdf70ba789d1730a0009414cfb9c780544e3d8d841be58782b9a9a089969c4295a0da25d07285505992386486d6ff0524e75605b96bb99cd3aaa1c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\MEMZ 4.0 Clean\MEMZ 4.0 Clean\x

Filesize
4KB

MD5
20e335859ff991575cf1ddf538e5817c

SHA1
1e81b804d67d6c0e22c0cef7e1cb9f86ce0ef5ee

SHA256
88339750431112ed60cdf9bdb7697434ba9b38e2d15ad604c4462705bc1bdfcf

SHA512
012251b342722cf35ebec2c7d071db505a992d81fc4b3492cd87640b5c955dc084825fc5e72edc821f4c481867183f21d26cd904fe7f0373d1156332f87b031d

Download Submit
C:\Users\Admin\Downloads\MEMZ 4.0 Clean\MEMZ 4.0 Clean\x

Filesize
8KB

MD5
5ce1a2162bf5e16485f5e263b3cc5cf5

SHA1
e9ec3e06bef08fcf29be35c6a4b2217a8328133c

SHA256
0557ea4c5e309b16458ca32ac617b76d1a55f5f0103e368d05c0f0386b7a0a43

SHA512
ceb5e270bdbcab5be645e50705e3111a5c4751a7a865580d53fa86580025201264a49dd0ea9135b10cff28d7bb21b767ac5d4aff40e880a866ab35df273b5de1

Download Submit
C:\Users\Admin\Downloads\MEMZ 4.0 Clean\MEMZ 4.0 Clean\x.js

Filesize
448B

MD5
8eec8704d2a7bc80b95b7460c06f4854

SHA1
1b34585c1fa7ec0bd0505478ac9dbb8b8d19f326

SHA256
aa01b8864b43e92077a106ed3d4656a511f3ba1910fba40c78a32ee6a621d596

SHA512
e274b92810e9a30627a65f87448d784967a2fcfbf49858cbe6ccb841f09e0f53fde253ecc1ea0c7de491d8cc56a6cf8c79d1b7c657e72928cfb0479d11035210

Download Submit
C:\Users\Admin\Downloads\MEMZ 4.0 Clean\MEMZ 4.0 Clean\z.zip

Filesize
5KB

MD5
d2ea024b943caa1361833885b832d20b

SHA1
1e17c27a3260862645bdaff5cf82c44172d4df9a

SHA256
39df3364a3af6f7d360aa7e1345e27befc4be960e0e7e7e060b20f3389b80e76

SHA512
7b7cfb5e689feed6a52eedf36b89a7b5cc411191571c0af5e5d704b5f24bfa04afa62d1daab159a7e5702d80e56f3946bf32db0551d256419ca12cd3c57dcecb

Download Submit