48c0d78f60e73a397e46314ce6fba1c05cc32580de5edb5e7e8ff3289c5b47d9

Analysis

max time kernel
159s
max time network
169s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
31-03-2023 17:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

download.js
Size

10KB
MD5

e72bc0f8a2e083f4688c9d99b0c1ce2a
SHA1

69ed473102e0e3b8ce235ead1155c1273823da8e
SHA256

48c0d78f60e73a397e46314ce6fba1c05cc32580de5edb5e7e8ff3289c5b47d9
SHA512

8848a42b1b7eb3d50515f8f4722169b505a59e8755a27abab329b74bc5b72b3882fcacb565547800654ad742a322dcc46715c9ca285a8a68bb3c411fbe13a1bd
SSDEEP

192:7YaCiN6A7eAmQZl5U3/EjCD2gOWlJiEuxBUaEFwP+6JttQximQ:7YMTZl5e/jD2gOiuxJEFwF4ximQ

Score

8^/10

bootkit persistence

Malware Config

Signatures

Downloads MZ/PE file
Executes dropped EXE 7 IoCs

Processes:

MEMZ (1).exeMEMZ (1).exeMEMZ (1).exeMEMZ (1).exeMEMZ (1).exeMEMZ (1).exeMEMZ (1).exe

pid process

4744 MEMZ (1).exe
1272 MEMZ (1).exe
1460 MEMZ (1).exe
2116 MEMZ (1).exe
4872 MEMZ (1).exe
1772 MEMZ (1).exe
5112 MEMZ (1).exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

MEMZ (1).exe

description ioc process

File opened for modification \??\PhysicalDrive0 MEMZ (1).exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

pid	process
4744	MEMZ (1).exe
1272	MEMZ (1).exe
1460	MEMZ (1).exe
2116	MEMZ (1).exe
4872	MEMZ (1).exe
1772	MEMZ (1).exe
5112	MEMZ (1).exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	MEMZ (1).exe

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exechrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133247644647528260"	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

chrome.exechrome.exeMEMZ (1).exeMEMZ (1).exeMEMZ (1).exeMEMZ (1).exeMEMZ (1).exe

pid	process
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
1984	chrome.exe
1984	chrome.exe
1272	MEMZ (1).exe
1272	MEMZ (1).exe
1772	MEMZ (1).exe
1772	MEMZ (1).exe
1460	MEMZ (1).exe
2116	MEMZ (1).exe
1460	MEMZ (1).exe
2116	MEMZ (1).exe
1272	MEMZ (1).exe
4872	MEMZ (1).exe
1272	MEMZ (1).exe
4872	MEMZ (1).exe
1772	MEMZ (1).exe
1772	MEMZ (1).exe
1272	MEMZ (1).exe
1272	MEMZ (1).exe
1460	MEMZ (1).exe
1460	MEMZ (1).exe
2116	MEMZ (1).exe
2116	MEMZ (1).exe
1460	MEMZ (1).exe
1460	MEMZ (1).exe
1272	MEMZ (1).exe
1272	MEMZ (1).exe
1772	MEMZ (1).exe
1772	MEMZ (1).exe
4872	MEMZ (1).exe
4872	MEMZ (1).exe
1272	MEMZ (1).exe
1460	MEMZ (1).exe
1460	MEMZ (1).exe
1272	MEMZ (1).exe
2116	MEMZ (1).exe
2116	MEMZ (1).exe
1272	MEMZ (1).exe
1272	MEMZ (1).exe
1460	MEMZ (1).exe
1460	MEMZ (1).exe
4872	MEMZ (1).exe
1772	MEMZ (1).exe
4872	MEMZ (1).exe
1772	MEMZ (1).exe
2116	MEMZ (1).exe
2116	MEMZ (1).exe
2116	MEMZ (1).exe
2116	MEMZ (1).exe
4872	MEMZ (1).exe
1772	MEMZ (1).exe
4872	MEMZ (1).exe
1772	MEMZ (1).exe
1460	MEMZ (1).exe
1460	MEMZ (1).exe
1272	MEMZ (1).exe
1272	MEMZ (1).exe
2116	MEMZ (1).exe
2116	MEMZ (1).exe
2116	MEMZ (1).exe
2116	MEMZ (1).exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 33 IoCs

Processes:

chrome.exe

pid	process
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe
Token: SeShutdownPrivilege	3508	chrome.exe
Token: SeCreatePagefilePrivilege	3508	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exe

pid	process
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

Processes:

chrome.exe

pid	process
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe
3508	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exechrome.exe

description	pid	process	target process
PID 3508 wrote to memory of 3932	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3932	3508	chrome.exe	chrome.exe
PID 3456 wrote to memory of 4020	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 4020	3456	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3792	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3792	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3792	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3792	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3792	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3792	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3792	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3792	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3792	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3792	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3792	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3792	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3792	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3792	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3792	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3792	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3792	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3792	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3792	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3792	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3792	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3792	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3792	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3792	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3792	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3792	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3792	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3792	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3792	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3792	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3792	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3792	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3792	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3792	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3792	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3792	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3792	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3792	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3232	3508	chrome.exe	chrome.exe
PID 3508 wrote to memory of 3232	3508	chrome.exe	chrome.exe
PID 3456 wrote to memory of 3732	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 3732	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 3732	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 3732	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 3732	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 3732	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 3732	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 3732	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 3732	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 3732	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 3732	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 3732	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 3732	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 3732	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 3732	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 3732	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 3732	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 3732	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 3732	3456	chrome.exe	chrome.exe
PID 3456 wrote to memory of 3732	3456	chrome.exe	chrome.exe

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\download.js
1⤵
PID:4448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fff3f9d9758,0x7fff3f9d9768,0x7fff3f9d9778
2⤵
PID:3932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1824 --field-trial-handle=1860,i,3277379188042105932,4932816247159358409,131072 /prefetch:8
2⤵
PID:3232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1612 --field-trial-handle=1860,i,3277379188042105932,4932816247159358409,131072 /prefetch:2
2⤵
PID:3792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2100 --field-trial-handle=1860,i,3277379188042105932,4932816247159358409,131072 /prefetch:8
2⤵
PID:4888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1820 --field-trial-handle=1860,i,3277379188042105932,4932816247159358409,131072 /prefetch:1
2⤵
PID:4728

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3224 --field-trial-handle=1860,i,3277379188042105932,4932816247159358409,131072 /prefetch:1
2⤵
PID:4760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3916 --field-trial-handle=1860,i,3277379188042105932,4932816247159358409,131072 /prefetch:1
2⤵
PID:3340

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4536 --field-trial-handle=1860,i,3277379188042105932,4932816247159358409,131072 /prefetch:8
2⤵
PID:816

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4728 --field-trial-handle=1860,i,3277379188042105932,4932816247159358409,131072 /prefetch:8
2⤵
PID:792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4876 --field-trial-handle=1860,i,3277379188042105932,4932816247159358409,131072 /prefetch:8
2⤵
PID:2184

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4684 --field-trial-handle=1860,i,3277379188042105932,4932816247159358409,131072 /prefetch:8
2⤵
PID:32

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4604 --field-trial-handle=1860,i,3277379188042105932,4932816247159358409,131072 /prefetch:8
2⤵
PID:2068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4800 --field-trial-handle=1860,i,3277379188042105932,4932816247159358409,131072 /prefetch:1
2⤵
PID:3520

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5188 --field-trial-handle=1860,i,3277379188042105932,4932816247159358409,131072 /prefetch:1
2⤵
PID:700

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5424 --field-trial-handle=1860,i,3277379188042105932,4932816247159358409,131072 /prefetch:1
2⤵
PID:4048

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4656 --field-trial-handle=1860,i,3277379188042105932,4932816247159358409,131072 /prefetch:1
2⤵
PID:4176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3912 --field-trial-handle=1860,i,3277379188042105932,4932816247159358409,131072 /prefetch:1
2⤵
PID:3156

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5940 --field-trial-handle=1860,i,3277379188042105932,4932816247159358409,131072 /prefetch:1
2⤵
PID:4884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5980 --field-trial-handle=1860,i,3277379188042105932,4932816247159358409,131072 /prefetch:1
2⤵
PID:1460

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6184 --field-trial-handle=1860,i,3277379188042105932,4932816247159358409,131072 /prefetch:1
2⤵
PID:2652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5100 --field-trial-handle=1860,i,3277379188042105932,4932816247159358409,131072 /prefetch:8
2⤵
PID:1984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4636 --field-trial-handle=1860,i,3277379188042105932,4932816247159358409,131072 /prefetch:8
2⤵
PID:1416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=7024 --field-trial-handle=1860,i,3277379188042105932,4932816247159358409,131072 /prefetch:1
2⤵
PID:4016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6880 --field-trial-handle=1860,i,3277379188042105932,4932816247159358409,131072 /prefetch:1
2⤵
PID:168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6720 --field-trial-handle=1860,i,3277379188042105932,4932816247159358409,131072 /prefetch:1
2⤵
PID:4448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6580 --field-trial-handle=1860,i,3277379188042105932,4932816247159358409,131072 /prefetch:1
2⤵
PID:4520

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4648 --field-trial-handle=1860,i,3277379188042105932,4932816247159358409,131072 /prefetch:1
2⤵
PID:1560

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=3884 --field-trial-handle=1860,i,3277379188042105932,4932816247159358409,131072 /prefetch:1
2⤵
PID:1308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6008 --field-trial-handle=1860,i,3277379188042105932,4932816247159358409,131072 /prefetch:8
2⤵
PID:1984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5124 --field-trial-handle=1860,i,3277379188042105932,4932816247159358409,131072 /prefetch:8
2⤵
PID:2492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=6068 --field-trial-handle=1860,i,3277379188042105932,4932816247159358409,131072 /prefetch:1
2⤵
PID:2372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6824 --field-trial-handle=1860,i,3277379188042105932,4932816247159358409,131072 /prefetch:1
2⤵
PID:3480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=2508 --field-trial-handle=1860,i,3277379188042105932,4932816247159358409,131072 /prefetch:1
2⤵
PID:744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=2584 --field-trial-handle=1860,i,3277379188042105932,4932816247159358409,131072 /prefetch:1
2⤵
PID:4660

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=5884 --field-trial-handle=1860,i,3277379188042105932,4932816247159358409,131072 /prefetch:1
2⤵
PID:3124

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=5780 --field-trial-handle=1860,i,3277379188042105932,4932816247159358409,131072 /prefetch:1
2⤵
PID:1540

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=8084 --field-trial-handle=1860,i,3277379188042105932,4932816247159358409,131072 /prefetch:1
2⤵
PID:1468

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=6076 --field-trial-handle=1860,i,3277379188042105932,4932816247159358409,131072 /prefetch:1
2⤵
PID:2184

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=7356 --field-trial-handle=1860,i,3277379188042105932,4932816247159358409,131072 /prefetch:1
2⤵
PID:2936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=7248 --field-trial-handle=1860,i,3277379188042105932,4932816247159358409,131072 /prefetch:1
2⤵
PID:4884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=5924 --field-trial-handle=1860,i,3277379188042105932,4932816247159358409,131072 /prefetch:1
2⤵
PID:4348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=6216 --field-trial-handle=1860,i,3277379188042105932,4932816247159358409,131072 /prefetch:1
2⤵
PID:2212

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6508 --field-trial-handle=1860,i,3277379188042105932,4932816247159358409,131072 /prefetch:8
2⤵
PID:4868

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=5248 --field-trial-handle=1860,i,3277379188042105932,4932816247159358409,131072 /prefetch:1
2⤵
PID:4320

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=2432 --field-trial-handle=1860,i,3277379188042105932,4932816247159358409,131072 /prefetch:1
2⤵
PID:2392

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=7432 --field-trial-handle=1860,i,3277379188042105932,4932816247159358409,131072 /prefetch:1
2⤵
PID:4680

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=5088 --field-trial-handle=1860,i,3277379188042105932,4932816247159358409,131072 /prefetch:1
2⤵
PID:3928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7136 --field-trial-handle=1860,i,3277379188042105932,4932816247159358409,131072 /prefetch:8
2⤵
PID:1264

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4016 --field-trial-handle=1860,i,3277379188042105932,4932816247159358409,131072 /prefetch:8
2⤵
PID:1744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6056 --field-trial-handle=1860,i,3277379188042105932,4932816247159358409,131072 /prefetch:8
2⤵
PID:4764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6464 --field-trial-handle=1860,i,3277379188042105932,4932816247159358409,131072 /prefetch:8
2⤵
PID:3680

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7064 --field-trial-handle=1860,i,3277379188042105932,4932816247159358409,131072 /prefetch:8
2⤵
PID:1316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=8180 --field-trial-handle=1860,i,3277379188042105932,4932816247159358409,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 --field-trial-handle=1860,i,3277379188042105932,4932816247159358409,131072 /prefetch:8
2⤵
PID:4656

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5268 --field-trial-handle=1860,i,3277379188042105932,4932816247159358409,131072 /prefetch:8
2⤵
PID:2936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8180 --field-trial-handle=1860,i,3277379188042105932,4932816247159358409,131072 /prefetch:8
2⤵
PID:2212

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 --field-trial-handle=1860,i,3277379188042105932,4932816247159358409,131072 /prefetch:8
2⤵
PID:748

C:\Users\Admin\Downloads\MEMZ (1).exe
"C:\Users\Admin\Downloads\MEMZ (1).exe"
2⤵
- Executes dropped EXE
PID:4744

C:\Users\Admin\Downloads\MEMZ (1).exe
"C:\Users\Admin\Downloads\MEMZ (1).exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:1272

C:\Users\Admin\Downloads\MEMZ (1).exe
"C:\Users\Admin\Downloads\MEMZ (1).exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:1460

C:\Users\Admin\Downloads\MEMZ (1).exe
"C:\Users\Admin\Downloads\MEMZ (1).exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2116

C:\Users\Admin\Downloads\MEMZ (1).exe
"C:\Users\Admin\Downloads\MEMZ (1).exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:4872

C:\Users\Admin\Downloads\MEMZ (1).exe
"C:\Users\Admin\Downloads\MEMZ (1).exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:1772

C:\Users\Admin\Downloads\MEMZ (1).exe
"C:\Users\Admin\Downloads\MEMZ (1).exe" /main
3⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:5112

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
4⤵
PID:316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:3456

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc8,0xcc,0xd0,0xa4,0xd4,0x7fff3f9d9758,0x7fff3f9d9768,0x7fff3f9d9778
2⤵
PID:4020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1976 --field-trial-handle=1784,i,10110694356307847612,17757832209326215151,131072 /prefetch:8
2⤵
PID:4880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1588 --field-trial-handle=1784,i,10110694356307847612,17757832209326215151,131072 /prefetch:2
2⤵
PID:3732

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4992

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1108

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
dd9a2eda3b4beca49d44d01d9398aafb

SHA1
0f2ff6332faf3710a198dae6461efb10c5033159

SHA256
af77621dced9da095af2cf51a0a9001ba1d62fb7adcd9efd36cd5ddced60cc6b

SHA512
85e7a21bbaa741ae8d43e600957dd543480202ea61c212e891fee3810bfb8e7690636cfb11adbfc0079c4948eab4573ce7929b331d69cf5f4a4559705631691e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
dd9a2eda3b4beca49d44d01d9398aafb

SHA1
0f2ff6332faf3710a198dae6461efb10c5033159

SHA256
af77621dced9da095af2cf51a0a9001ba1d62fb7adcd9efd36cd5ddced60cc6b

SHA512
85e7a21bbaa741ae8d43e600957dd543480202ea61c212e891fee3810bfb8e7690636cfb11adbfc0079c4948eab4573ce7929b331d69cf5f4a4559705631691e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
dd9a2eda3b4beca49d44d01d9398aafb

SHA1
0f2ff6332faf3710a198dae6461efb10c5033159

SHA256
af77621dced9da095af2cf51a0a9001ba1d62fb7adcd9efd36cd5ddced60cc6b

SHA512
85e7a21bbaa741ae8d43e600957dd543480202ea61c212e891fee3810bfb8e7690636cfb11adbfc0079c4948eab4573ce7929b331d69cf5f4a4559705631691e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
dd9a2eda3b4beca49d44d01d9398aafb

SHA1
0f2ff6332faf3710a198dae6461efb10c5033159

SHA256
af77621dced9da095af2cf51a0a9001ba1d62fb7adcd9efd36cd5ddced60cc6b

SHA512
85e7a21bbaa741ae8d43e600957dd543480202ea61c212e891fee3810bfb8e7690636cfb11adbfc0079c4948eab4573ce7929b331d69cf5f4a4559705631691e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c
Filesize
37KB

MD5
47ae9b25af86702d77c7895ac6f6b57c

SHA1
f56f78729b99247a975620a1103cac3ee9f313a5

SHA256
9bde79a1b0866f68d6baa43f920e971b5feb35a8e0af7ffadc114366f8538224

SHA512
72b5296e3dd1c5b4c42d8c3e4a56693819779167b9f02bc2d5f5a626b519a9cf10bee59846d614c929c42094b65d13039f6024f6cb1c023e740969aaefd060c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003e
Filesize
28KB

MD5
cfbcb456046b4239bb79f0de0b9284a5

SHA1
45b6f241b0e66b3fc10bec2298583d294b5771df

SHA256
58cdc3b7ee6af16e90cf815751ea9013e2bbff279ae2eb4e19a8b184414aeb02

SHA512
20ed0badaddf298cf7460be03751d77b9d2ca616b6b190ec48a44f2d7a14cca16f85f39cd05c70a13b5fe29a7555c8590565ff0bfc99439885d0ccb786cbca79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003f
Filesize
43KB

MD5
9ba86ce3e3ae75b84a9760f2333e019c

SHA1
5d6fdf9494024d8b1e0d8d11dfd93fddae356de6

SHA256
7025926b114bd40b5af92a64f007852e332c813a02db861fd11fbfd22b3010f1

SHA512
cfcd8e9d6d749dc4329799b4b4080499089aad613c2623a9d85a295d8bdd3491d4f8b723382c6d6d5f48c8988589b59d81bb201c41831864cbb5ceef5ced9e3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000043
Filesize
19KB

MD5
ca7fbbfd120e3e329633044190bbf134

SHA1
d17f81e03dd827554ddd207ea081fb46b3415445

SHA256
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db

SHA512
ab85f774403008f9f493e5988a66c4f325cbcfcb9205cc3ca23b87d8a99c0e68b9aaa1bf7625b4f191dd557b78ef26bb51fe1c75e95debf236f39d9ed1b4a59f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000044
Filesize
86KB

MD5
d2ebe4c863a6fcd793b1af7b5abae430

SHA1
1cc395e96633a0a683951a372388c1a8ce264d8d

SHA256
61fa26983a099f4886f082c9830738345db83b156c6f2ec651852c678386da0c

SHA512
3121ab03c482280bc0bc0f955d539ceaa543557f15a9fcc57d9a0da4f07eb3e70b6ed066296f7b70c9a9e2629f564e73a908ec14fe187dcfc5c9924ccea5ddd0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005a
Filesize
48KB

MD5
1e7768364a8db1e88535d1ca1ee9cd6b

SHA1
90d26fec8305c95cc5f6fa4b2398456d88627570

SHA256
eb24872de47889683879df871844b6468d59bb8126f106189b44bbe305853a0a

SHA512
a47fa27c6b7fe18bb7e82ce09f30d3cebc32a8cd63da4ca822ceeb1ac90569bf64e66632367673c1da9e3983c330f26a6edd7696e5e6e1814cfedef017d0fa19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
dd912c83a5a87efbd70ec74d94d51cb6

SHA1
46d97ec78728c1499d24388c5b443b60da32ea89

SHA256
f07ccafa89f6be080ab477e234aa424361add693085c306ae0492b8664ac449c

SHA512
b210308f7d57ca72e1245bccfecb784411fbb1424764e7daf0e2d628164c6b2e39da8f1e7f3e54bb3f46d6cf14525753491dd1db030e9062be44e5e14a471d3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\Paths\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\000001.dbtmp
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001
Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
7KB

MD5
1a674f74f7c644573fecc4876c29ad8b

SHA1
408795e860819a2a2cb73cf7bacee4a3036befd4

SHA256
1374ce5fa5e2deff15b62d437291b2c36d02684be14baf8759d7fa51b8ffe479

SHA512
31a4539e979ac304b83e2c407de9f1020a1397b10f6bffb4b08321fdac642fb166e5fa7ca70d7fd652e49f888af794e746e53d24dd758c55ececa7fd5a445c84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
14KB

MD5
2c7f143ebe5b6502b17f4754ecd0c3e9

SHA1
c0d773b22d1f30076f2650ea92a3e1a705b1f55a

SHA256
4080dfb36d4f70624aa3bbea6f4e38849bffcc395a87df0e1d56956098e21d9a

SHA512
2a65797c9dff330f0559d743631bb768aa0f669434d1999439d2aabed9861824a532f16e9ff35bc5ac9aa643efed7960078552d8499f725891710757375aa406

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
371B

MD5
ecc75d8d5bbebc4c38fb2fc7277c7d49

SHA1
b348f0770ea6c3cd6bc601f31a39613c01a85ef3

SHA256
403c89aee8c2c3ec0e1e3f8d14fc1176ce577b041ed7598572c56cbe642cdfea

SHA512
6b9649fe9da53a4067e2069295ac023d62468fe8665b5ce84353144644db8ffbda4eec65907c441ae634798bd12a4ade1de818c2428129e72e6a25149edd2155

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
f25e8ce764acdf88194e0ba7d48182dc

SHA1
06ae6f4996cfdb3a03ca18dfd706987527d44003

SHA256
248057744b620d504b9927af6c3bf8216a4466b88c762e34705c8334b570eeef

SHA512
d79add14a504cbc4263f255bcad229759d89b03ed36c11850f4a9241f1a7bb43dbb367ec031927f57b86dec1df2f2c83a0cd53ccdb5313c813a48bf3eeed6443

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
4KB

MD5
5b3286a39b2aed5638030a785301ef22

SHA1
48ad6b48cb576926e944f9e264b3fefef928614a

SHA256
a0137e4854d01d476b4a543a785f3eb561ae392e256179bed1eb96742784456f

SHA512
8c7c993feeab6707dcbeb7a3c4b92ff753260165991e7d3d1d760fc05a9c18117e1c8d268ae6fb702379f64c319a1f6007522ea839c74dc4e588ea564c56095a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
4KB

MD5
0139112fb13e33455b798422371098af

SHA1
6664e497d4895153e262e514c4e06af845421c2b

SHA256
512774c298d7f07850d516f81c419fab10e9ad328d79d990bbf71ed0bf01d75b

SHA512
fe05dc13f4f9d2ac1f50ecac3a3f74c2b229d3e3a9932cac16e3d0edcbc665a54398bfe1667f0581cd9690476c4562517f3b1850e48739ce6fd7b87f3d840d9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
ecd2ad66c9295ca35f4a956cb33587e6

SHA1
76a8273122a6cb8694f295d43192e4e867411199

SHA256
78b34ceeaa0eee98c92977576e592dee75ffa900332d5ff71cb1916ca4197a0e

SHA512
a9243e060144d1c3f3d0a079e00afa7f9ec6c4cea7f415694bebdcb7f535b5d575f48c747422252007bade6edd4ca9130a015c6b986ba254c96be3c52e7eb8df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
e6ed4bf923d50a2cfab332dfdd200082

SHA1
be3b64bf7e90f97b54b3978e5ccb33747f1a0f68

SHA256
91c1e2ab5e0e865cd770c950ee46a63905f7676813a1d4fbaf2d8d8a51a10c7e

SHA512
44c3638538021a7d327436aa73d132aea31c3719063fe104b4b7cbf5d162029af62fdae315a2a5cb7b15355d04429268b1bf3d995a0de1c7c68a6f5c58c1ced7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
71694c821f984c1f64dc36029b7fd3fa

SHA1
79d26210435b8f61d21d297ba8e34ebb9bd35bc2

SHA256
a47768ad2ff8d973b7f447e358a536a067b72163cf7bc3432c473b57d7b3ab09

SHA512
09d3ea370d0d61eeae5c6a92039e03f4edd67c8898c6b19cb2ef865b18a664dd950b42de1a49c5cf9dfed629610e8e4ceab13d07718bad09d92d59fb36f9cad4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
3KB

MD5
7d6ca193e23fa7f91373e1929acbfb94

SHA1
bf8cfb89a751be59b868f9c2f8da0fa5a8b3645d

SHA256
7d0f08c7877574f38e0f10b722334cb471ee56a33f5b5cc9495ec678a30df19d

SHA512
a26b4e3bf0bcf90a7b6f3af71897663a11d61eb544cf110048d6367454ffb4caef8a61f74b53a5236d91008c704e086438b755f1a2298c5487b4d8b065eef70f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
6f8d9317e2dcbe6497a1efe241275982

SHA1
42c3eb8792ef03160d89b87a1d857992c395ea19

SHA256
df3db47f547ac2f102361369fb786c80fa2329349353e55ef8f83aba1ba60aa1

SHA512
fc963c60dc45881da4acf8a242720580f52b977e7a8f2758a357976a3820b48c16ffe8c2b38d70af441b21d5a86fceccc2403ff190ddae64c30721abfbadbd0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
4KB

MD5
bbbbe31e04843fab7657fa347b063351

SHA1
d516c0f97bf48d93441f5ab1397ee738f8e627b9

SHA256
b98609c95df022e75cafc18a2fea6dcd04dd046a72bbf4410a2c4f395b708ea1

SHA512
1bdb2400a951fa1ea893ae07dc6c47cb7bcf2f2707c5a50d5010d3998f79cf8274d6499ca513c1cdbc54046a4441d76d076e329a357b6e609c1d3d8cced6c406

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
2298f85fa3214a5731916bd74e39114c

SHA1
8f57e7702f69ae24a35fdeb7ef1ff48c9e916e6e

SHA256
3bbb2d2a04afa8e938a17d759a64e59e290ec9c405082845d67ea3156c9eb8fe

SHA512
12b89689a236b984fff491226dc2ca02e913f2ee5fcdb803f4a2328e20a1ac399d6ffc381ccdd3a125968009449698fad0ed64de7ed60380537869ea731ce9d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
ffb9be4b0c39754f455db3baa55eed36

SHA1
96c69ad668cfae54e0c4034246971e490522aea3

SHA256
91c24fc758f8edf083f96569d7366e963815ed9e3a42ced87575ac49e7b880a8

SHA512
d356ff228d82d424c157bc9b9bc2ad7e496ca5fff0e912cbfcde9fd378a45e6e6d32fee366855eaf2f051e52e0a4715fa3d66a72400046010d2da113724a22b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
2cd67d0649ec74424d60a2b12c07af05

SHA1
f635cd69b7ba8b927d44f274dcf04e17cee2558e

SHA256
e29bb6155615eda2d5685315ad1fc7401afc319378302de72291995bc43cf146

SHA512
ab775f97af7dd6b737bcc770034b742704f342398c8db4b1e98a3039c0f3f3175623f922cbe7471ee9349bfea86fe2184c8f7911e3db87785023c0f24d937260

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
261ca17d301f39485fc13643ae99e736

SHA1
146f9b3cd8c2f27de301d62688114baccbc62b3f

SHA256
0f02916426fbec66b4c9180b82e2a3c70d72f873b421573ef5a3ca2561502483

SHA512
a6ae42d4b483e218358c54b4419a826dda0d2d3216b71725b4287ac8b0b16ae680239f07e36e9a79d2bdfd50e085cfbff23393bb322bf03f908713e0634ddf67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
597242cf012f49bb6f32cab1219cda3c

SHA1
2a81e6631eafee7583c65f661075f1b87224d192

SHA256
c8f4a606d3e7baa369aced4d997a10009ed723bf3050fe07b6a38b7e3408eeed

SHA512
07fa28590cebc82b611cfda3d8c5c8285f7d75ae1a94429646c89ccb0f2ba930b08021d433b4de9fc857099535a342a7e5c3294d1efb80aeeaa730f6b45b0d09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
20cea8eb274eee7dbc71a41ab2e04d5c

SHA1
d02e258cb95a80f85aa8f86fc5cf8d43dae36197

SHA256
154122db49521570e0f831a4e19e4384f207ba818464f8bf78ea6047e34df3c0

SHA512
81724d74444ee84399cae247052f871aea017aef1d2c76d24e1b3c65f3c81f24f6b6c860b507bc746876ec3bb312307bd8211f289cc3e837c81e71abdf0e2a1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
e5b4b4b674467e475949fffd45a24825

SHA1
fee282afbb740b0df432ad255b02ef0837ee6ec1

SHA256
140faa4b3be9e62cd5a40d878a746104f55b2fdb992a3d666db68b985f9bc5e2

SHA512
38e5192315a257a5ffd529dd7c70d818bc64f8971c700de34ebac486d2fbef7fe88c6a00e626ee68d0af8d40bf78372675f4667d068b6ca5c39b37a1565bf378

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
120B

MD5
d7d7513ef82ca534cb62203f8c598dee

SHA1
a201b4a44dca90c0186edf8ff1059e9f396220ed

SHA256
8d4df7798d2e7f115fc407cdbeba78aef16616728a3e5e2c7ca35e727c93d2cc

SHA512
c4854a155072d29a8a677f5c653500382ec4cc58d96998520cdfd252fce09a4f123dd250c03882662cd71019d24f9bbb1d18b3c869d983fc1ab6f05ec626280b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe571751.TMP
Filesize
120B

MD5
02831dadd555d256485af888aeca069c

SHA1
2a7cdcc297fb6ec9b339dfd59c4862924a5e5954

SHA256
f18d436f59f830ec2de4dcf4661d1c81a77a3f52035af671bfca9003510d5031

SHA512
78e5a30a053781d0d6f96e87574d93dac6b7a305db30a17d8aa6fba5017285f6b4c22a050f92f2aad635ebc3e5eee63b847e845c912c198bad6b516ca94b452b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
72KB

MD5
399a7039db22588540a4d78b424fed7f

SHA1
067d26c6a2cd28e43668dc0cefe67f10cfb9105f

SHA256
ea9da6fe57fda6d076426bbf5d91cb01d8ab1fb12c04fb184f8881d4dfc288e9

SHA512
82f8fba3246ac2163c486de1732657e48e93949aec0cee053dbe29b99a37a8ad15cc5b27c14ba17f341d6e657bd6bd8e6f33aea1ebdeb3befd82ddf2cc410c2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
72KB

MD5
399a7039db22588540a4d78b424fed7f

SHA1
067d26c6a2cd28e43668dc0cefe67f10cfb9105f

SHA256
ea9da6fe57fda6d076426bbf5d91cb01d8ab1fb12c04fb184f8881d4dfc288e9

SHA512
82f8fba3246ac2163c486de1732657e48e93949aec0cee053dbe29b99a37a8ad15cc5b27c14ba17f341d6e657bd6bd8e6f33aea1ebdeb3befd82ddf2cc410c2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
72KB

MD5
74669420c5bd7e1ab768bfe923e99179

SHA1
78c821e46f1f6fc2905ba8f36ef86d11a75bc6c9

SHA256
d599c77f8737e6e58ede2e3377bf173db1910205d0cc24c97a191dbb5dd99cb7

SHA512
b761bf9d4a2e0f6b9834089b5d4b600efecb6de3cca9095fb20be73b944d59e4042494846f1574c95f48cf600a2404dfe1e41d2f1c9ebb42c091a90d7c783fbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
73KB

MD5
eb00b8084b0c9b31f8baeb7df15240d3

SHA1
223d690c3facb650eb09ef4775f6e0fe37f45b53

SHA256
1ce92abb99356935bd026ef365b755f79241c4c14906472c9ed6f71e672dccdf

SHA512
188f329b36a2b51950388bbef389c45ba4ee84a6de2192bda3caafbf679b519e74a151a0aee80abe159d5f40eb34074003f1b2f28c229e75ccfa5a5987d26efe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
73KB

MD5
5e99a85b57af9820155a4eb9a8c5fa46

SHA1
eb26be59f95aea74f53560e5c935b5545a03ddbc

SHA256
d84e7dde5f8fd0fa3fa2382c7c23e0b29a916fb7cde42bd4e706237dbf06ab83

SHA512
b11a61e30e5ddee535e2cbd53c8a38a4396472a281e8eb1b2f4295e3fc2f109ec0afb7add03f091b916b1cf9951c436cfe20acd092ed5be0869dfab5f235ac6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
73KB

MD5
fe5cdbac3a97df8cf329b4e50f312d1b

SHA1
ce934c2922fe31381cd44e34dfcc02ab17bd8c45

SHA256
8e9b0b271433d76f4820dae51612f83a752c295874b51feb35aa07cee0b0610d

SHA512
af5a8fded5d43a37307c558eab32abdb70dd6d9647c3ff7634f57146359c29dafe9d7d8eddbe67a8354b3ea3c443f2d93d954907c644c7f51bb839f46fe2ea5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
73KB

MD5
73ad9026e5fa404be5a5d21bd617c1b7

SHA1
8a4865146517df0861b30280b22cececf139e785

SHA256
878671397c432ebb057ec0a2d8934cae78601f95f0170d6a951bdf891f975945

SHA512
619893c3ef28e0b358e98b787f81a9f344cd83f55f29de3f5382f5bdc7ee0090cd323768d8fa11a8e66b977d72d7513dcad715a3722c422adf2945d721a3d351

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
98KB

MD5
f289fab77b1c7a189ab62708d1c19ba0

SHA1
76d5637cea5131c789b94e92fbfe098e2a73b2ba

SHA256
5ed0753a5883b31eebb85a2e5a04369f496d6245b764ee551b675dd629bf67e5

SHA512
f4596c16accc8723a6e7a819fca82e6df0abe8f6ff41a5aaae968573421c5df0ae87ef2e04c21b231623513a0abd52c901f4207d907c3f1cd945ea882f8d81ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
100KB

MD5
a2b3dbf485c0ab574f9a87a11f640782

SHA1
3df5bae97ef88d8c16b324f703189524d41f3e80

SHA256
50cf9bbd3f3e50a1303636f85b67867d5cc0d3e9e52a3e8d63bcfcaaf96a95d3

SHA512
0f753c169cf1ee50a245ba08120a0296e8a47fffc4128eab480fb304c12a2c44a25749b04e9a6039f04cf4d9ee34e126edaf52c5a07d8ed2f5b12f8c4347030c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
114KB

MD5
34bc15cd6222b10e439f2d5364398889

SHA1
d85b9664304281ebc983920990a85d1be3cf5d77

SHA256
79321d6359973c45ad23b652eba012b146308a9a010ca59fbea88443cd045dc8

SHA512
c624b155f4df677ef6781466cfea9b64d0dcf05f3749663b35ce14bcdbdcf3284221d2ec466094ca80758e8d12ba031c1478bf866ff67ae9ea62adec858974cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5766f7.TMP
Filesize
93KB

MD5
6bb3036e8c2e035dfee52d1d03bc00fe

SHA1
8ae233ce8825b35bc39ab597a591d8b369cc6c7c

SHA256
b3f0f32262e2a01135ed3ada8eb1a4aeb1cf055fc3bc1b6882eb1ab6789a91cb

SHA512
13ad039231fc098bc33c4c5ca3e9766a94b9d45ee6d685b817370ed2e4d9d0d0508fb0d48964eb61bbb53212682c34c2acbdea3f14f78d903c8516f98e7949c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\MEMZ (1).exe
Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\Users\Admin\Downloads\MEMZ (1).exe
Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\Users\Admin\Downloads\MEMZ (1).exe
Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
\??\pipe\crashpad_3456_ONOAYZEIVTOUDYUE
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\crashpad_3508_HJPYNOMAVCQUCCLE
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit