hxxp://google[.]com

Resubmissions

30-06-2024 13:52

240630-q6h53ayepg 4

30-06-2024 13:49

240630-q4th1ssclp 1

30-06-2024 13:44

240630-q1ycsssbqr 8

Analysis

max time kernel
179s
max time network
261s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
30-06-2024 13:44

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

http://google.com

Score

8^/10

bootkit persistence

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

MEMZ.exeMEMZ.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation	MEMZ.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation	MEMZ.exe

Executes dropped EXE 7 IoCs

Processes:

MEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid process

2556 MEMZ.exe
4392 MEMZ.exe
5068 MEMZ.exe
4932 MEMZ.exe
4492 MEMZ.exe
1928 MEMZ.exe
1744 MEMZ.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

148 raw.githubusercontent.com
149 raw.githubusercontent.com
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1542.003

Processes:

MEMZ.exe

description ioc process

File opened for modification \??\PhysicalDrive0 MEMZ.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
2556	MEMZ.exe
4392	MEMZ.exe
5068	MEMZ.exe
4932	MEMZ.exe
4492	MEMZ.exe
1928	MEMZ.exe
1744	MEMZ.exe

flow	ioc
148	raw.githubusercontent.com
149	raw.githubusercontent.com

description	ioc	process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 1 IoCs

Processes:

msedge.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\Unconfirmed 452902.crdownload:SmartScreen msedge.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 452902.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid	process
2968	msedge.exe
2968	msedge.exe
3948	msedge.exe
3948	msedge.exe
2304	identity_helper.exe
2304	identity_helper.exe
4912	msedge.exe
4912	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
4392	MEMZ.exe
4392	MEMZ.exe
4392	MEMZ.exe
4392	MEMZ.exe
4392	MEMZ.exe
4392	MEMZ.exe
4392	MEMZ.exe
4392	MEMZ.exe
4392	MEMZ.exe
5068	MEMZ.exe
4392	MEMZ.exe
5068	MEMZ.exe
4932	MEMZ.exe
4932	MEMZ.exe
4392	MEMZ.exe
4392	MEMZ.exe
5068	MEMZ.exe
5068	MEMZ.exe
4932	MEMZ.exe
4932	MEMZ.exe
4392	MEMZ.exe
4392	MEMZ.exe
1928	MEMZ.exe
4392	MEMZ.exe
4392	MEMZ.exe
1928	MEMZ.exe
4492	MEMZ.exe
4932	MEMZ.exe
4932	MEMZ.exe
4492	MEMZ.exe
5068	MEMZ.exe
5068	MEMZ.exe
4932	MEMZ.exe
5068	MEMZ.exe
4932	MEMZ.exe
5068	MEMZ.exe
4492	MEMZ.exe
4492	MEMZ.exe
4392	MEMZ.exe
4392	MEMZ.exe
1928	MEMZ.exe
1928	MEMZ.exe
4392	MEMZ.exe
4492	MEMZ.exe
4392	MEMZ.exe
4492	MEMZ.exe
5068	MEMZ.exe
5068	MEMZ.exe
4932	MEMZ.exe
4932	MEMZ.exe
4492	MEMZ.exe
1928	MEMZ.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

Processes:

msedge.exe

pid process

3948 msedge.exe
3948 msedge.exe
3948 msedge.exe
3948 msedge.exe
3948 msedge.exe
3948 msedge.exe
3948 msedge.exe
3948 msedge.exe
3948 msedge.exe
3948 msedge.exe
3948 msedge.exe
3948 msedge.exe
3948 msedge.exe

Suspicious use of FindShellTrayWindow 35 IoCs

Processes:

msedge.exe

pid	process
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3948 wrote to memory of 4576	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 4576	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 3644	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 3644	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 3644	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 3644	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 3644	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 3644	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 3644	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 3644	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 3644	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 3644	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 3644	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 3644	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 3644	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 3644	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 3644	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 3644	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 3644	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 3644	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 3644	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 3644	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 3644	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 3644	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 3644	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 3644	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 3644	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 3644	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 3644	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 3644	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 3644	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 3644	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 3644	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 3644	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 3644	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 3644	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 3644	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 3644	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 3644	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 3644	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 3644	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 3644	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 2968	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 2968	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 4180	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 4180	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 4180	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 4180	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 4180	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 4180	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 4180	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 4180	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 4180	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 4180	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 4180	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 4180	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 4180	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 4180	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 4180	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 4180	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 4180	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 4180	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 4180	3948	msedge.exe	msedge.exe
PID 3948 wrote to memory of 4180	3948	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb750746f8,0x7ffb75074708,0x7ffb75074718
2⤵
PID:4576

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,403215280270951158,12305879170170539414,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
2⤵
PID:3644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,403215280270951158,12305879170170539414,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,403215280270951158,12305879170170539414,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8
2⤵
PID:4180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,403215280270951158,12305879170170539414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
2⤵
PID:3188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,403215280270951158,12305879170170539414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
2⤵
PID:2000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,403215280270951158,12305879170170539414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
2⤵
PID:788

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,403215280270951158,12305879170170539414,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 /prefetch:8
2⤵
PID:3916

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,403215280270951158,12305879170170539414,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2304

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,403215280270951158,12305879170170539414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
2⤵
PID:3236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,403215280270951158,12305879170170539414,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3720 /prefetch:1
2⤵
PID:4676

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,403215280270951158,12305879170170539414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
2⤵
PID:3364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,403215280270951158,12305879170170539414,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
2⤵
PID:2044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,403215280270951158,12305879170170539414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3004 /prefetch:1
2⤵
PID:2324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,403215280270951158,12305879170170539414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
2⤵
PID:4312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,403215280270951158,12305879170170539414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
2⤵
PID:1020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2192,403215280270951158,12305879170170539414,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3356 /prefetch:8
2⤵
PID:2680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,403215280270951158,12305879170170539414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2968 /prefetch:1
2⤵
PID:3404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2192,403215280270951158,12305879170170539414,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6476 /prefetch:8
2⤵
PID:5028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2192,403215280270951158,12305879170170539414,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6616 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4912

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
PID:2556

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:4392

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:5068

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:4932

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:4492

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:1928

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /main
3⤵
- Checks computer location settings
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:1744

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
4⤵
PID:4532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic
4⤵
PID:5988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffb750746f8,0x7ffb75074708,0x7ffb75074718
5⤵
PID:6008

C:\Windows\SysWOW64\Taskmgr.exe
"C:\Windows\System32\Taskmgr.exe"
4⤵
PID:5996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/
4⤵
PID:5016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb750746f8,0x7ffb75074708,0x7ffb75074718
5⤵
PID:3080

C:\Windows\SysWOW64\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
4⤵
PID:4396

C:\Windows\system32\mmc.exe
"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
5⤵
PID:3732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,403215280270951158,12305879170170539414,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2264 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,403215280270951158,12305879170170539414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
2⤵
PID:5832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,403215280270951158,12305879170170539414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
2⤵
PID:5704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,403215280270951158,12305879170170539414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
2⤵
PID:5940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,403215280270951158,12305879170170539414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1
2⤵
PID:5172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,403215280270951158,12305879170170539414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
2⤵
PID:4292

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,403215280270951158,12305879170170539414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
2⤵
PID:5720

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault92dd20b3h3a12h4a7bha6f3h7b87bba38696
1⤵
PID:5352

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffb750746f8,0x7ffb75074708,0x7ffb75074718
2⤵
PID:5376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,6057872578060042292,11106350498324725743,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
2⤵
PID:5672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,6057872578060042292,11106350498324725743,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
2⤵
PID:5680

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5840

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5896

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:6120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault42599689h4a63h48fehb59dh23b8e675fd26
1⤵
PID:5460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb750746f8,0x7ffb75074708,0x7ffb75074718
2⤵
PID:4252

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,601207921595752442,15276282521361905580,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
2⤵
PID:1788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault02d5d62eh9a03h4a4ch91ebhf4362d5698ab
1⤵
PID:5864

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb750746f8,0x7ffb75074708,0x7ffb75074718
2⤵
PID:2532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,17301539797377637298,932754112151218642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3
2⤵
PID:5140

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5456

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe"
1⤵
PID:376

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
2⤵
PID:5360

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
2⤵
PID:2108

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
2⤵
PID:5800

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
2⤵
PID:2336

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
2⤵
PID:1308

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /main
2⤵
PID:3912

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
3⤵
PID:5200

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
81e892ca5c5683efdf9135fe0f2adb15

SHA1
39159b30226d98a465ece1da28dc87088b20ecad

SHA256
830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17

SHA512
c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
56067634f68231081c4bd5bdbfcc202f

SHA1
5582776da6ffc75bb0973840fc3d15598bc09eb1

SHA256
8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4

SHA512
c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
61152360dd4155de78e35bcb70cbddb0

SHA1
c19e688af4a0b7c88b4610c1e5908f59febf4d20

SHA256
2a786f6d8d500d31d6fe066ca2029eb05e2ef67210482e4f1b633b919fe13a74

SHA512
6f5b439d5c5d03156c3b7b68995d0742285eb354c4cf90eec40c174d29592db86ac17d49916dd51c6b844b13091b33d909c4675725863c780aecd6a1535930b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
c51429cd2212d9d64b0a2f085a41f58c

SHA1
74eb0757c77b4fcf5bec2c52a3873e52dff3f3b2

SHA256
5e1fd13113391bba631bd9718657d92411a94f3e9d8a57bb155c1994f81cdd25

SHA512
cc77aa318dea967594874faab9a3d825af1cfba08d8bdfb5953c9e8100a1548044b24274a79181b95ecd21fb7b6608cfebf3c0d9645e16acad3d142735a55682

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
18c9b1875209b8fc245ca9fa69d0ce83

SHA1
3a1706f28085242e1f803e1b4c6b517eec7eb6fb

SHA256
dda61018b5d372d59608fd24faf78b15967e7acd83e3f7f76fc6f93dfa8a24a4

SHA512
b64c1297ddb419e095156d9a72e885477b749cd7527edb44a25cbc4a40704045c90c790dd52374dc4332c4cc95223427f73f23ee1a8a37d67669b6d21167f6c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b
Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
c1bafae7be6c327549132d3984c0c57a

SHA1
0cf3dba7e6097a92541ddec78e472a3eac88542a

SHA256
327de316e988176b882b8535958bbd36f320a9e81a894aa38dc286fd203be596

SHA512
58aeab362e36dce01e598002dcac8f04f2675ab85a2b9386379672ae7d53a701c7f859f6003ae305339fa92367d0f8b71fd7cdd41a52277b3b126ca88188b098

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
216B

MD5
e84b67c9e083fa1079507260795e97f3

SHA1
4addab4b5ad39e9ee9866577ad5237ca753a7529

SHA256
e3c1fe1d9a38cececf4bebab9573d82a57ecc7d79f02481cd015326e70b70421

SHA512
c0b0a0280a5d1220d781fcf83fa79b129ba846e37b0fe6989849eb785cad49a9b55e5cc05549659ecac3e343dc8173354652f414dd8924edecbfbc5f0c658509

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
05761958949bef1b7f043c7850b178bb

SHA1
3a152df32fa5242d52dd7d2b756455dab384d1a2

SHA256
2b21ee5785b6c2a7818e484806f5baa78bed691399aa6bf623f93eadb8328f5f

SHA512
cffd03f545e860e2d58b83621c70a5f169d3086bfd0cc3240fc420a0c03bf7b49e1d4b551ba3debf7c7b69274508e393cf3633e827156915c034d2beb9ca0de8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
4f2b7819f4b1d22c35f144256bc62206

SHA1
7ea25ec187b521d240c0dfbf6db4c65381ea3e17

SHA256
ae321e1b96daae3ba3f1b9827b030954c594f483bf294b91c59f50a55da5bb55

SHA512
c93c3e75d4753800a687c949719518f89e6a28d2b0391ebe0b9448f034010703194527f92fe335598a37276dc5a70d974fa306df0d1dd12a41a007d8319376f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
021f298436df7fa68c1527552844ee58

SHA1
44357c317d1560df0aa5deb40ec4a142831c9446

SHA256
afbd6aa79c4c492c99f0d77d33ed11385cea17209ad496dd5c135e13c6f48372

SHA512
a0e5984dc17a104531f3f4f85ad4c1b6e0fd844617c098ddc1387bdff132163cb60833f796d9b424c81f9564660232caee1a3981f8fd72970f29287a24a6b833

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
02f8d35db1d0200f547dc50f1485e99a

SHA1
1f205f0f8bd628d64463f6db3121b31e7bb24ba5

SHA256
72385328cd8cbf31f29444bc7295683aa5986c5e41aa78bd25b2dd4b3f872961

SHA512
6ba37e845131f6d52d7868d27e692c847d961e9a1e13f3d286c0a25017cce2ab9418f1512c5d4ae8de332b7fe69845ed2d5ef688a1d49b7eb362a439c0942556

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
1f712469ba96774443f6c018481a0895

SHA1
b6acfbd6d1e7dbb5086ef62b69123a846c7d1646

SHA256
d751eb2a21658d2a58d0a1ff845131a2a562f5b9b4fd10b03f89c14e21c2649c

SHA512
ae73e531a7762a49a8a2ad081f5422714fba5b08249fe258f032f1345d9b6eb078dbaf1e54dc28b6ce2abbc9d9f1109d39e860d06b00f3b199e45ca8d38ae989

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
12cfb47617b81b4c9d2a45d38ea13bc7

SHA1
19970db619daa42a073255d6b19430fb6aa82808

SHA256
c08fd7f21bb0cac7c7c7b44360983ef0adcb664bce4eeaf02b9450dae7b611cb

SHA512
7534e09aed316b8a43f1347488b3b1de0e42359239c35c8d31b847999ab394e02cbd272baa03d2aa6b0541afc2353a7b58e6a9e191659b9492be14db0e56c968

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
48a7d692ed1526b0db6f899c97079801

SHA1
04c8c678c1d7a868c63340860d3fbd040b118bf7

SHA256
297955a1ae0fec6dc2f6f58e6af3272dd098d8bf38a619d58e00dce770b1dec2

SHA512
ef3d6ac17b96224a122fbca3df10b1cdb17ff55229dcda0c90b44d39e5d95d27a545026f256c935881ac17dbfa96171ff49a2d92a1a22ffef209c3297de6a6d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
51726b2e3f3feb9ee24a7d3e58ee2f36

SHA1
24189b4086bfb6c9aae309d1119ce5ac72615f9c

SHA256
382f2f84ceaf2a0afe4ad020259564dc73d72b06b50f10c27ed1aaae5616cf7b

SHA512
ff836a065e1939370c9c976b7ae9f1938eabafb54f293c10fe0c8d73479dc9f335d49d9bfb5c0719cbed997ce1226a5b40c154d95140fa2d0750968e6a0cf74a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
26B

MD5
2892eee3e20e19a9ba77be6913508a54

SHA1
7c4ef82faa28393c739c517d706ac6919a8ffc49

SHA256
4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2

SHA512
b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57dd8f.TMP
Filesize
90B

MD5
4e88603d49dcba1fb08cb42f64f542e9

SHA1
d6a6324fbd9fe1ad950c5ffb2a97941c76cd9578

SHA256
d70b39041b2c6161cfb3de109f03a87ff7b02087eda95afebb71ac9d46bd1107

SHA512
254ae821d31fbed9810129f2dbdab9e76529bf1dc65faeab0804c4174d0811cf2c2ebe57a4b7abe3256808c907b225ee1e9e63142fb0d8e66d6c83872fb2be38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
dee71cff34b0b4a229ffc3a4d23a3ba5

SHA1
ec0a3823942485ba196408570454f188b76fa312

SHA256
bf5689446695232b1975e587960ad189cc51392c39914f48fbe6457e268afead

SHA512
0334777c07ef1d01c4fd6e1dccfed57d9270165dc64f83a50cbe58e151fc1e2adfc1ba4ce28f06b61cfc17115f528e3408e22c0de93aa5aeb9692857726ab00b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
27ba5712e5f26dae99960639176a0489

SHA1
7f9093634d8531a5f06a14f4ec1dc00ee37639ec

SHA256
e8a11c9b57d8b7d56cd91502d98f3c1ec300f4980bd4f12cc2370dd3b5335383

SHA512
12643c83a5825d7e3adc9f75a96269ac04eed78f3c41f330562f2a023220329d13a0e746afbae2c9a89eb56311b8964d174f456e5551a8cee29397f6d9878b49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
f3f8cb0cea24e73b598b09ba3708286e

SHA1
a9377948eab46c3ff761081dc8093d9b70714aa6

SHA256
1a02ea4c782ef0af620e3ce6188d16e076865c078a624963fe8a1bcbc1cf49d0

SHA512
2dbb368421a1a37ea0d70d9023601b050affc47e4f91b7e0f81671a614de2b528bebcee35c4aa1353a83d9e89c705f0a4cb0d036456d5ee8b1109121768af219

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
372B

MD5
043fd6ce6c1c3867e4d37d74d4c25102

SHA1
38d695cfe10dc41fac6c60d399cc6e2b750cf563

SHA256
0d42041355c347e73c210dfad439b294d6dc928137077dd90c106c61359482a3

SHA512
5d40e9b73cb2767c536869991d3255d7e6cd0a4cb6899440f08f99fb81c70f5aa5c71ed2ac7a0a797c54bda6a723057867f36e846926dc912a8f6ff2e3985513

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
954207ad95fed52e26326257e1069dba

SHA1
b42c612cb6ad76f3c7728042372d5ae58ab898a4

SHA256
7827b43bec90544a89c8d87c34edd88ee565e94a6f21ac6557f50048719a7402

SHA512
ee98e2e5a344501e41017d9a3336c4d1d451473878faa01354083eadf48676121ff25ab4761ddd48fc632b70ed98614da0f18afa5002f10c0bc805df77a9c149

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e2af.TMP
Filesize
204B

MD5
829aa3497e6e99fa90377b4965fa95f5

SHA1
b17eb1f36af241c367704b5d29c89289fdbffeaf

SHA256
c990753d5affe846f17a3dd168b5b78bd09d806953463afc5c9ca0698b5067b4

SHA512
3fa7b1aac557a2c596fc644d7cb136dad54ad13b4d1d82aea5ffb51e05acde5506307a4242f4bc3f0b33a90a6771aebfb4b609545da0ffa4436e94773cdfa874

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\af2502bf-4806-4ef6-b358-78fd13b96b57.tmp
Filesize
6KB

MD5
9cb9effdd2646ba83cd9eef746e5defb

SHA1
d9054c3bdba70aff749011fb79175c132531ad1c

SHA256
f4f761a9a583b08483cac642141a8c82d3db48ac525cc63f66ac381096f26515

SHA512
fa898780ff9103d67fdaacfb0e90d5785295c52d19d1ae4aee5c6dcbdfd6e65559f7268a5bd5927bc1a7cfcfef4a8278baa9e10e588457cc683fb61d5895e3be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
49eda681822f0409b4a6784001b5d2fb

SHA1
92673105fdabe0aead24e8d8945605f610ec694c

SHA256
8576a462dacefebe5e99f9378bb2b78ae1710b647cfedd2b8de87832f4b9ef12

SHA512
ceb4d28255288c83af5b2dc451cb57ef707ec81f010555ad7d4d66765116c08b06904124fd483f55f40f20d2f262bcea401d857fdbf457144b81a620b0a6d801

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
adb11be339c9b6f759f1533bd14377ce

SHA1
5ec95cf6945d6332b2a993c9b059db2e668786e0

SHA256
35af71e21414b475a2a55529b6ed925aa66fc47cbaee9f5538374e7f27f811cb

SHA512
cc50edd496e5623262b497ab497a6efc3f620b6886d0300d401ac3b2265674d8012f34c8d416c1bdeff49ea8e246e469ae96d06967c3a44f65aff3d8460bb760

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
ebf0771ce56d5442673700c647144940

SHA1
0d6f426836a9281a6c54b840c067f2e81eaa9d09

SHA256
85541d55d31a508137906e492104f351b188e3cc87dca2a12bd402db04558771

SHA512
26837985ba4a3ea4a35bdcf9a10b2d480adfbd1deb0dcaa1b057ad60275e66194249ba3e03778e8edb8778fd738e9cc6e102ad7624459b8e23bafca43c095541

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
1fd0e0de4f65eb51d37a15533a105326

SHA1
ec015b0c7b50119f5f20d3f29196a68a74519ae4

SHA256
8e096b7190720f635c46996d39197b300eaa02b8ca78adecf4fb0f261a87183b

SHA512
c0fc9570048e6640fbf128af66196d90e6c6b0a80c6e4d22194b5ade519c87019b25add5850d33267a0e0eb2e8a7a0d830dc3d26ca8c2316143f517e5c7cc331

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
f81589873790ecd14410a4275388c3d4

SHA1
98e02a4ca1972a1b1a960184931f0f3d73d8e173

SHA256
bd86be7eea60325472dd494bb6cf932c3d3363b761bd5450a63662ad1ef2c317

SHA512
67d6e4adb73e8447df0f00a2893616e3ed8398f17fd8e49e764ab3008f82b668fa081f4353f8256adb5d349504afd1551a7f134ff5e57de15acff67acc9b80d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
fcf01a96a3750b2b33f2419ce7e29603

SHA1
3b28614f3f90ea7b104ad3dbac95542232ea62d3

SHA256
4a05aa1cd1740ce96c0b18ada72a19087ace8ce508438854e2cd0ccd8d9488b3

SHA512
67384abec1a501358a1dfc5320a9b1915d52cc330f1af0615758ee30f9ed070ea63c88895e0d931586e0be2b2f206ae43c92b393c8b30f0c97a74f761c070df2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
5b6444b555477a4d89d3ec10837a205e

SHA1
47b39fd4ff72ac9c31df53de5217c4c05f61cb18

SHA256
46eb61f81d16001ca3a4772b044bee0ca427c0dccfac288458ceb05d1bb77714

SHA512
f0e4e70a9f0341d51641b3ae1e387fecfbfa69903ec576f0b5ba9cd3ed5c1927b1f3a681a3406fe64f3f492a4098ad27c5abf6e4252060e7b92ddb6f0fb3d5bb

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe
Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\note.txt
Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
\??\pipe\LOCAL\crashpad_3948_NUJRJHHSULJWJVGR
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/5996-712-0x00000000057D0000-0x00000000057D1000-memory.dmp

Filesize
4KB

Download
memory/5996-700-0x00000000057D0000-0x00000000057D1000-memory.dmp

Filesize
4KB

Download
memory/5996-701-0x00000000057D0000-0x00000000057D1000-memory.dmp

Filesize
4KB

Download
memory/5996-711-0x00000000057D0000-0x00000000057D1000-memory.dmp

Filesize
4KB

Download
memory/5996-710-0x00000000057D0000-0x00000000057D1000-memory.dmp

Filesize
4KB

Download
memory/5996-709-0x00000000057D0000-0x00000000057D1000-memory.dmp

Filesize
4KB

Download
memory/5996-708-0x00000000057D0000-0x00000000057D1000-memory.dmp

Filesize
4KB

Download
memory/5996-706-0x00000000057D0000-0x00000000057D1000-memory.dmp

Filesize
4KB

Download
memory/5996-707-0x00000000057D0000-0x00000000057D1000-memory.dmp

Filesize
4KB

Download
memory/5996-702-0x00000000057D0000-0x00000000057D1000-memory.dmp

Filesize
4KB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads