hxxp://google[.]co[.]uk

Analysis

max time kernel
398s
max time network
1712s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
02-04-2023 15:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.co.uk

Score

8^/10

bootkit persistence

Malware Config

Signatures

Downloads MZ/PE file
Executes dropped EXE 7 IoCs

Processes:

MEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid process

2116 MEMZ.exe
1732 MEMZ.exe
2132 MEMZ.exe
1864 MEMZ.exe
2260 MEMZ.exe
2280 MEMZ.exe
2712 MEMZ.exe
Loads dropped DLL 1 IoCs

Processes:

MEMZ.exe

pid process

2116 MEMZ.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

MEMZ.exe

description ioc process

File opened for modification \??\PhysicalDrive0 MEMZ.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

pid	process
2116	MEMZ.exe
1732	MEMZ.exe
2132	MEMZ.exe
1864	MEMZ.exe
2260	MEMZ.exe
2280	MEMZ.exe
2712	MEMZ.exe

pid	process
2116	MEMZ.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

chrome.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid	process
2032	chrome.exe
2032	chrome.exe
1864	MEMZ.exe
1732	MEMZ.exe
2260	MEMZ.exe
2280	MEMZ.exe
2132	MEMZ.exe
1864	MEMZ.exe
2260	MEMZ.exe
1732	MEMZ.exe
2280	MEMZ.exe
2132	MEMZ.exe
2260	MEMZ.exe
1864	MEMZ.exe
1732	MEMZ.exe
2280	MEMZ.exe
2132	MEMZ.exe
1864	MEMZ.exe
2260	MEMZ.exe
2280	MEMZ.exe
1732	MEMZ.exe
2132	MEMZ.exe
2260	MEMZ.exe
1864	MEMZ.exe
2280	MEMZ.exe
1732	MEMZ.exe
2132	MEMZ.exe
1864	MEMZ.exe
2260	MEMZ.exe
2280	MEMZ.exe
1732	MEMZ.exe
2132	MEMZ.exe
2032	chrome.exe
2032	chrome.exe
2260	MEMZ.exe
1864	MEMZ.exe
2280	MEMZ.exe
2132	MEMZ.exe
1732	MEMZ.exe
2260	MEMZ.exe
2280	MEMZ.exe
1864	MEMZ.exe
2132	MEMZ.exe
1732	MEMZ.exe
2260	MEMZ.exe
2280	MEMZ.exe
1864	MEMZ.exe
2132	MEMZ.exe
1732	MEMZ.exe
2260	MEMZ.exe
2280	MEMZ.exe
1864	MEMZ.exe
2132	MEMZ.exe
1732	MEMZ.exe
2260	MEMZ.exe
2280	MEMZ.exe
1864	MEMZ.exe
2132	MEMZ.exe
1732	MEMZ.exe
2260	MEMZ.exe
2280	MEMZ.exe
1864	MEMZ.exe
2132	MEMZ.exe
1732	MEMZ.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

taskmgr.exe

pid process

1976 taskmgr.exe

pid	process
1976	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe
Token: SeShutdownPrivilege	2032	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exeSndVol.exetaskmgr.exe

pid	process
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2884	SndVol.exe
2884	SndVol.exe
1976	taskmgr.exe
1976	taskmgr.exe
1976	taskmgr.exe
1976	taskmgr.exe
1976	taskmgr.exe
1976	taskmgr.exe
1976	taskmgr.exe
1976	taskmgr.exe
1976	taskmgr.exe
1976	taskmgr.exe
1976	taskmgr.exe
1976	taskmgr.exe
1976	taskmgr.exe
1976	taskmgr.exe
1976	taskmgr.exe
1976	taskmgr.exe
1976	taskmgr.exe
1976	taskmgr.exe
1976	taskmgr.exe
1976	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

chrome.exeSndVol.exetaskmgr.exe

pid	process
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2032	chrome.exe
2884	SndVol.exe
2884	SndVol.exe
2884	SndVol.exe
2884	SndVol.exe
1976	taskmgr.exe
1976	taskmgr.exe
1976	taskmgr.exe
1976	taskmgr.exe
1976	taskmgr.exe
1976	taskmgr.exe
1976	taskmgr.exe
1976	taskmgr.exe
1976	taskmgr.exe
1976	taskmgr.exe
1976	taskmgr.exe
1976	taskmgr.exe
1976	taskmgr.exe
1976	taskmgr.exe
1976	taskmgr.exe
1976	taskmgr.exe
1976	taskmgr.exe
1976	taskmgr.exe
1976	taskmgr.exe
1976	taskmgr.exe
1976	taskmgr.exe
1976	taskmgr.exe
1976	taskmgr.exe
1976	taskmgr.exe
1976	taskmgr.exe
1976	taskmgr.exe
1976	taskmgr.exe
1976	taskmgr.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

MEMZ.exe

pid process

2712 MEMZ.exe

pid	process
2712	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2032 wrote to memory of 2020	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 2020	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 2020	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 1516	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 1516	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 1516	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 1516	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 1516	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 1516	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 1516	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 1516	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 1516	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 1516	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 1516	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 1516	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 1516	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 1516	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 1516	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 1516	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 1516	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 1516	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 1516	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 1516	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 1516	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 1516	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 1516	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 1516	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 1516	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 1516	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 1516	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 1516	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 1516	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 1516	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 1516	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 1516	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 1516	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 1516	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 1516	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 1516	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 1516	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 1516	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 1516	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 2028	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 2028	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 2028	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 1136	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 1136	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 1136	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 1136	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 1136	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 1136	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 1136	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 1136	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 1136	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 1136	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 1136	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 1136	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 1136	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 1136	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 1136	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 1136	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 1136	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 1136	2032	chrome.exe	chrome.exe
PID 2032 wrote to memory of 1136	2032	chrome.exe	chrome.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://google.co.uk
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fefabc9758,0x7fefabc9768,0x7fefabc9778
2⤵
PID:2020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1192 --field-trial-handle=1344,i,16144335917316394989,3564679740894383292,131072 /prefetch:2
2⤵
PID:1516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1548 --field-trial-handle=1344,i,16144335917316394989,3564679740894383292,131072 /prefetch:8
2⤵
PID:2028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1648 --field-trial-handle=1344,i,16144335917316394989,3564679740894383292,131072 /prefetch:8
2⤵
PID:1136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2252 --field-trial-handle=1344,i,16144335917316394989,3564679740894383292,131072 /prefetch:1
2⤵
PID:1820

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2228 --field-trial-handle=1344,i,16144335917316394989,3564679740894383292,131072 /prefetch:1
2⤵
PID:1320

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3272 --field-trial-handle=1344,i,16144335917316394989,3564679740894383292,131072 /prefetch:1
2⤵
PID:1288

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1188 --field-trial-handle=1344,i,16144335917316394989,3564679740894383292,131072 /prefetch:2
2⤵
PID:2140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3736 --field-trial-handle=1344,i,16144335917316394989,3564679740894383292,131072 /prefetch:1
2⤵
PID:2852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4204 --field-trial-handle=1344,i,16144335917316394989,3564679740894383292,131072 /prefetch:1
2⤵
PID:2108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4420 --field-trial-handle=1344,i,16144335917316394989,3564679740894383292,131072 /prefetch:1
2⤵
PID:3036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4568 --field-trial-handle=1344,i,16144335917316394989,3564679740894383292,131072 /prefetch:1
2⤵
PID:2432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2336 --field-trial-handle=1344,i,16144335917316394989,3564679740894383292,131072 /prefetch:1
2⤵
PID:2152

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4316 --field-trial-handle=1344,i,16144335917316394989,3564679740894383292,131072 /prefetch:1
2⤵
PID:1496

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2268 --field-trial-handle=1344,i,16144335917316394989,3564679740894383292,131072 /prefetch:8
2⤵
PID:2312

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2752 --field-trial-handle=1344,i,16144335917316394989,3564679740894383292,131072 /prefetch:8
2⤵
PID:2320

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2776 --field-trial-handle=1344,i,16144335917316394989,3564679740894383292,131072 /prefetch:8
2⤵
PID:2404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5288 --field-trial-handle=1344,i,16144335917316394989,3564679740894383292,131072 /prefetch:8
2⤵
PID:1140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5344 --field-trial-handle=1344,i,16144335917316394989,3564679740894383292,131072 /prefetch:8
2⤵
PID:2460

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2116

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2280

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2132

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2260

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:1732

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:1864

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /main
3⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
PID:2712

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
4⤵
PID:1880

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
4⤵
PID:2168

C:\Windows\SysWOW64\taskmgr.exe
"C:\Windows\System32\taskmgr.exe"
4⤵
PID:2092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3564 --field-trial-handle=1344,i,16144335917316394989,3564679740894383292,131072 /prefetch:8
2⤵
PID:2128

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1464

C:\Windows\system32\SndVol.exe
SndVol.exe -f 45548694 15872
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2884

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x524
1⤵
PID:2944

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1976

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
61KB

MD5
e71c8443ae0bc2e282c73faead0a6dd3

SHA1
0c110c1b01e68edfacaeae64781a37b1995fa94b

SHA256
95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

SHA512
b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
304B

MD5
a3f862a6c36db93ad6c022ae1cbddbff

SHA1
26af251cb9e6022901c0e78ded92bf5cff677c08

SHA256
671cf3706def540048bcb740922796e6360cad2ad8ad209392b24121889f3df7

SHA512
1b97ba80b8d016bc128d4adf5aaa72d2e4c0b9faafb9fc59498bad224fec6674ceefc040a565eee106ad950e704a1dee96103e58bbf962b245edc659f6a1d030

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
304B

MD5
590cae64256e8e0a668f05d338e130f4

SHA1
e8f2c94e718d80f69dd0ab7d6299b30415eb709f

SHA256
29996e174f5b221db036d7994dcdfc1cd2aabd66f160b977882a69dc732e3b60

SHA512
5d50c7b4989dffc506edcb92a79b7414083db5f2c996e61e22169116c3b0806a87e92be211b5d96cb8c0eeaae57915cb34f834e2b37e1a24e9a1a808235c8e21

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
304B

MD5
3709e1a145a635db6fdd2822874328c4

SHA1
ae032a1b5d428374e67b56cf15d87bdd444f6e60

SHA256
e6f720ad84e8a1fba2cba40a01f42ba9de52732c5a81366d0cf676e140014cbd

SHA512
d3855868ac95a09614d2295961f796b25bb5ee21d43205502d7f78ef2bfd80e2549c91fb062f999183d015b54325479370e9240f489b5fd179648e2dc168095c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
304B

MD5
9d34bcd58ac51887b33e888ab89b96b9

SHA1
563222d73c35b429af2f75587d9075c6143f0c31

SHA256
9efd378a1817b2f044239c61fc5c6adc865e991df2c1c371ef46616b5b290873

SHA512
c0313432992b213e3756812d8b4bd298802be539cec210ea9064f5b665d3f891f5e582b8991c6da2176191d1c5e5151c4ebfe952431fd7da51d734a2b063bbe3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\1a33bf5d-b60b-451a-8e3b-d5a5178c2f4e.tmp
Filesize
5KB

MD5
e618ea78b30f8a944206614c0232969f

SHA1
62635bf48158dd49a215eac0ea86fe03c32a3f56

SHA256
38a7884a96fca6ee00cfbe4ab642c6048c2c9e282b9bd8a152271d70b65f6e06

SHA512
eb86e1302905acdcee81c99274ec24ace3a992c32dc5af4d8042042253208bd6bb49c2041c81b858147d4d4c03a20da1e9dee6dc512a4afe33895f6c2adf2250

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\9983feb2-b94f-4fcc-9651-c6152bd598dc.tmp
Filesize
5KB

MD5
1d64837751e01d7a0d41e4cebb9a4132

SHA1
b64d21c27ca070d5ee0302c6fb42157fb2a92597

SHA256
3867b5c9afb678382cf47711c58cfa9d795b01666ed64464c7623ae8cf61c3e3

SHA512
b92440f1dcc8147e631a3547b7c6eed773ff37ea64e6cf63a9dc3106483e5f0d6b03b8cb8156610fa9313e4aad68f8255d24dec8b584ac5a8be0234ebf2500bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
Filesize
37KB

MD5
47ae9b25af86702d77c7895ac6f6b57c

SHA1
f56f78729b99247a975620a1103cac3ee9f313a5

SHA256
9bde79a1b0866f68d6baa43f920e971b5feb35a8e0af7ffadc114366f8538224

SHA512
72b5296e3dd1c5b4c42d8c3e4a56693819779167b9f02bc2d5f5a626b519a9cf10bee59846d614c929c42094b65d13039f6024f6cb1c023e740969aaefd060c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
45e088a407da7a187d07e100d2b21d3c

SHA1
b83ea0b770aa8647dce038f652c0cb6f751afe57

SHA256
78c4838fbda7d7cb0306c23c6efc41ab298d014797d6d53d097c5ede9b98457d

SHA512
94df229a83dc78241213b24e146af7f34697fb9ad48a2726ccbebddb3b7856b1e7c280bed20e0ee28ad0d74ae141dfe81a1d0717d01754f63febbb6412cc987b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\1a289b79-c900-44af-9188-5ae65d47ce6a.tmp
Filesize
8KB

MD5
808cf798984b0fc93df9da5146d35d2b

SHA1
a0eb8967a668718712b757d4da1dbbf7d8e38d2c

SHA256
2552f1f53c984d4bf030bb446de2ca36a5ab63912fb56cf8d1f266e45ff6d1cf

SHA512
de8fcb694a9965f8d5a72f222b1591f2781c9c6d75ebbd4456a2f898d5a48e29e9f712c3b2a1b2c81d0e6b6b3ece3269b85dd076d12f40c4023424fdd23cff12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\9d807ede-ea0b-4442-b5e0-90ae025e1882.tmp
Filesize
9KB

MD5
8d3862408fe825ba47b32c3acc9f5f21

SHA1
33061767abb83b69f724cc3b145f172fa37e7ef8

SHA256
9884d52d250ebd8062709fd4c6b80eec462c20404b6b950a456170f9650d8e3e

SHA512
23d397aa0190d6066c9c738faedd096aa2605f04bf31512bfabab75033ec2dafa922bbf110ea77cdc1ff77da9c8df7650719b5dc026c9b3de00013ad84ffb90d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
7KB

MD5
2ba0cb5bfda1f7962748e2e35b4e02aa

SHA1
078537b0e31d34d0b697ee639e3719bcc840d49a

SHA256
98a8c6541cece4910c983f6fcc2b784ef2d3c8bd5179b81565265ca8b051835c

SHA512
5f75d7a133bce254c145fc4e043ad4ad70731dfa9eb5b1df0af60a97c014383422a36574d310657c92c8f6da7f62371c48802470b027c5aca348f9b50b8ef28a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
525B

MD5
bdd0b6b6cd486acf4c7905017ab67eea

SHA1
f851e5b363384991df5fe8877a071a7a4cf1a98d

SHA256
c722011daae4f42782e6d54be2347479ea03bbf552fea89be4d01b8562e65033

SHA512
03108b53969997f869fca78133f42a8b113aea180c9cb53ce45a03dfe5673cc390abcc75a2f0daddb73650203e78253703a456035482535bc613ed7a68e86208

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
c19d73a2a12c8f77d71d59b23b56a250

SHA1
35b54135063428ecfdf29f54985435210bc1b117

SHA256
9cb9c8f4631196519a359a4370529f58ffabf791fb2c116b4f6951840906c71a

SHA512
86b0b352e8ae54ebdb356cfa057e74d1375050d489f2f0476f8b5cf05934ad6e4c13fb328c41792be59bca3740cfb3c37dc610a8fb0ac45f9d48ad453dbc839f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
f7734a99278a45e3bf80798a4b1d8859

SHA1
37c7276d84e86cbf85dda3532876bf1af4616313

SHA256
26c22230eb644b8389835c8ce48f9f060a862932edbd0f741ee7fa1f05b4d5ae

SHA512
8618c1a49f9acf25cb9769e0917af2112af2ed4c21f0f7438aaeb3de9da9432e432e66d70d4dd1fa4728975d2dbcde66194f271559a194391d87da92d6ce20c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
a9e3c6b7eb0661304a638e2cea71dc94

SHA1
b460469e9754d044e0d9cffe954ca85721e6b5ef

SHA256
2ee8c672a86ac51561363025fd88cf6d99595120bdda80a2e14fe88766a9a641

SHA512
18d8fc7a0a7a91434d3993c85502d6097e6f9fd077dd1f2dc1673777a87471e1b79a088447c6914a715d4d7f6ed85df25d6c2f5b72ded1bef7d1470f22f79634

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
525B

MD5
461f83949af02427d2e950260ab889ae

SHA1
5bae9c8ed5083e27c5008149b4190e2b2a1dc3c6

SHA256
b3d4f36a7271f3327613cdee404efcc37c2a9bc94311eec15b729ac6b8b43fda

SHA512
5e687f6b29aa8268bfdbbfa39b1bc9dcefa7c3b73556c81b0c3579d590ae014bd5f05afc9ca56663c1692b9767124ccc766cfbafe039dc6774b1b3df1710fd38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
687B

MD5
d9f0e4fb85f58b360c55738ac01112cc

SHA1
612b8e268874c3babfbfbcbdbc562a211c7fb314

SHA256
acc6d4f23fdc725b3b4b5de8699712da9e5f9c60ddc7e141134d1270406aa2f6

SHA512
f04586f335e632c7fcd14da32add6b8f83032157fb36f8b1207cec75d6c9623555fe176bc8e54c134bb026d27614f4062e49c1875321ea04ca41b4727abe3cf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
4KB

MD5
06654ef4aa2b4970112223b0c737a0ac

SHA1
460c7126fcad2676ce60a8de0c1e6e72a7727de9

SHA256
66ddf319bd2368709807a3eaa2f0d3f9d7344f7cd466156370b95a2e660a0768

SHA512
aa94b973f55309217a4c3a8f09603220230c602c6e950ac084ccb6ef35414eaf20dc62ba145070bd3c9804fc683718029a03942d1baef277caf54e8699005337

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
f7ec20c92d303f703733d9b648e39cd5

SHA1
91abda57b5d6a0ef9e348d16ce6208ceb167f842

SHA256
ee51df155273a1a8ab3f9610a4aabc6b16064b7fd0679331b086bce02e0b95c8

SHA512
adb02e2390c53c36a3300a3de7904add81d6730819c2f6eb8d998c0f0ba0eead9809fc97c2c3b687844c25c58286c94c2ccdfb7c371f117bca3b2e40f398d8a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
4KB

MD5
1977909c889e7c534b623aaa3cba8485

SHA1
5753590b78df2dc7c9a3dadde4b0616a3730d497

SHA256
e7e9909b6f426ada5daa31cfecd9f443982bbfd3c6758f83e3d4566779e90701

SHA512
f4830067135e7d2d8d4ced98819608d89e7e5623bea056b72eaff0e39aef14f49efd2346927b0ffa1edeb7d5e72f63a214eec7a703e78e94a1cec915c1a85ad5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
4KB

MD5
eada801d0aa09e7e31e5f58e56555bac

SHA1
36f80d63a96228ec9dbe7df073c80199c355a49a

SHA256
f0e828d22880c09d31229107434a197378135db64ef5bd06717be7f036c9d051

SHA512
85f22cc107105de753ac2537105e183aee001b5d5c95f5f549a3568e220d42eac440e313108605b7c24d7b0b1d39e8676c96098e464674abcd14304b8aafab70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
120B

MD5
8a21406c1e97b1a31cf1092a38ba3ca3

SHA1
08b0f05e5c4bf52b9e6894130570a4549883fbb2

SHA256
0e26fc1337ddb05a1424a581d399966a6a8a5d3543a38aa16f21f2afb3e6c1a8

SHA512
000e9c325ba5f7e4b173d514a9230ccfe90729777dcc45a96ed0cc2a68c1319cf62bd3a399ec53dc0531548a87d1f9298666b6f6d5b9e96110b8edc5ec739a93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000004.dbtmp
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarCA1B.tmp
Filesize
161KB

MD5
be2bec6e8c5653136d3e72fe53c98aa3

SHA1
a8182d6db17c14671c3d5766c72e58d87c0810de

SHA256
1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

SHA512
0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe
Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe
Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe
Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe
Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe
Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe
Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe
Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe
Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe
Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\note.txt
Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
\??\pipe\crashpad_2032_QUTNWCYPBKUSJUVU
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\Users\Admin\Downloads\MEMZ.exe
Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
memory/1976-960-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1976-959-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1976-985-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2884-958-0x0000000000300000-0x0000000000301000-memory.dmp

Filesize
4KB

Download