0985c1cc2f6ba12a6ea2771ad596b5fb5223e2a9eb51a51156181bf068551883

Analysis

max time kernel
419s
max time network
458s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
06/05/2023, 11:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Screenshot 2023-04-23 023837.png
Size

8KB
MD5

df6276a8df1d59944c9d986a72193db4
SHA1

a581ad3bc8b6908c83b56a3b70c05c58b067d76a
SHA256

0985c1cc2f6ba12a6ea2771ad596b5fb5223e2a9eb51a51156181bf068551883
SHA512

8db03edf4a3fb3fe7d21288dc83b0e00f8dc8b71659400891f706dc1b3c155eaf39fe91f27bab6754af833a1091f46ad9df1a7437f0644f6a72982db6258329c
SSDEEP

192:8gEl8MIJdHF7j6RRSIH2D5zD0pNb6FLwsjIdjFJt8D1t/A/Z7B:8LC5/KoXzD0pN25LsjvtC1uN

Score

6^/10

bootkit persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1067

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133278460516542265"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1004	chrome.exe
1004	chrome.exe
2880	MEMZ.exe
2880	MEMZ.exe
652	MEMZ.exe
652	MEMZ.exe
2880	MEMZ.exe
2880	MEMZ.exe
2880	MEMZ.exe
2880	MEMZ.exe
2724	MEMZ.exe
2724	MEMZ.exe
4916	MEMZ.exe
4916	MEMZ.exe
192	MEMZ.exe
192	MEMZ.exe
652	MEMZ.exe
652	MEMZ.exe
2724	MEMZ.exe
2724	MEMZ.exe
2724	MEMZ.exe
2724	MEMZ.exe
652	MEMZ.exe
652	MEMZ.exe
192	MEMZ.exe
192	MEMZ.exe
4916	MEMZ.exe
4916	MEMZ.exe
2880	MEMZ.exe
2880	MEMZ.exe
2880	MEMZ.exe
2880	MEMZ.exe
4916	MEMZ.exe
192	MEMZ.exe
4916	MEMZ.exe
192	MEMZ.exe
652	MEMZ.exe
652	MEMZ.exe
2724	MEMZ.exe
2724	MEMZ.exe
2880	MEMZ.exe
2880	MEMZ.exe
652	MEMZ.exe
652	MEMZ.exe
2724	MEMZ.exe
2724	MEMZ.exe
192	MEMZ.exe
192	MEMZ.exe
4916	MEMZ.exe
4916	MEMZ.exe
192	MEMZ.exe
192	MEMZ.exe
4916	MEMZ.exe
4916	MEMZ.exe
2724	MEMZ.exe
2724	MEMZ.exe
652	MEMZ.exe
652	MEMZ.exe
2880	MEMZ.exe
2880	MEMZ.exe
2880	MEMZ.exe
652	MEMZ.exe
652	MEMZ.exe
2880	MEMZ.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe
Token: SeShutdownPrivilege	1004	chrome.exe
Token: SeCreatePagefilePrivilege	1004	chrome.exe

Suspicious use of FindShellTrayWindow 61 IoCs

pid	Process
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe
1004	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2696 wrote to memory of 4088	2696	chrome.exe	69
PID 2696 wrote to memory of 4088	2696	chrome.exe	69
PID 1004 wrote to memory of 4036	1004	chrome.exe	71
PID 1004 wrote to memory of 4036	1004	chrome.exe	71
PID 2696 wrote to memory of 3816	2696	chrome.exe	74
PID 2696 wrote to memory of 3816	2696	chrome.exe	74
PID 2696 wrote to memory of 3816	2696	chrome.exe	74
PID 2696 wrote to memory of 3816	2696	chrome.exe	74
PID 2696 wrote to memory of 3816	2696	chrome.exe	74
PID 2696 wrote to memory of 3816	2696	chrome.exe	74
PID 2696 wrote to memory of 3816	2696	chrome.exe	74
PID 2696 wrote to memory of 3816	2696	chrome.exe	74
PID 2696 wrote to memory of 3816	2696	chrome.exe	74
PID 2696 wrote to memory of 3816	2696	chrome.exe	74
PID 2696 wrote to memory of 3816	2696	chrome.exe	74
PID 2696 wrote to memory of 3816	2696	chrome.exe	74
PID 2696 wrote to memory of 3816	2696	chrome.exe	74
PID 2696 wrote to memory of 3816	2696	chrome.exe	74
PID 2696 wrote to memory of 3816	2696	chrome.exe	74
PID 2696 wrote to memory of 3816	2696	chrome.exe	74
PID 2696 wrote to memory of 3816	2696	chrome.exe	74
PID 2696 wrote to memory of 3816	2696	chrome.exe	74
PID 2696 wrote to memory of 3816	2696	chrome.exe	74
PID 2696 wrote to memory of 3816	2696	chrome.exe	74
PID 2696 wrote to memory of 3816	2696	chrome.exe	74
PID 2696 wrote to memory of 3816	2696	chrome.exe	74
PID 2696 wrote to memory of 3816	2696	chrome.exe	74
PID 2696 wrote to memory of 3816	2696	chrome.exe	74
PID 2696 wrote to memory of 3816	2696	chrome.exe	74
PID 2696 wrote to memory of 3816	2696	chrome.exe	74
PID 2696 wrote to memory of 3816	2696	chrome.exe	74
PID 2696 wrote to memory of 3816	2696	chrome.exe	74
PID 2696 wrote to memory of 3816	2696	chrome.exe	74
PID 2696 wrote to memory of 3816	2696	chrome.exe	74
PID 2696 wrote to memory of 3816	2696	chrome.exe	74
PID 2696 wrote to memory of 3816	2696	chrome.exe	74
PID 2696 wrote to memory of 3816	2696	chrome.exe	74
PID 2696 wrote to memory of 3816	2696	chrome.exe	74
PID 2696 wrote to memory of 3816	2696	chrome.exe	74
PID 2696 wrote to memory of 3816	2696	chrome.exe	74
PID 2696 wrote to memory of 3816	2696	chrome.exe	74
PID 2696 wrote to memory of 3816	2696	chrome.exe	74
PID 1004 wrote to memory of 3808	1004	chrome.exe	73
PID 1004 wrote to memory of 3808	1004	chrome.exe	73
PID 1004 wrote to memory of 3808	1004	chrome.exe	73
PID 1004 wrote to memory of 3808	1004	chrome.exe	73
PID 1004 wrote to memory of 3808	1004	chrome.exe	73
PID 1004 wrote to memory of 3808	1004	chrome.exe	73
PID 1004 wrote to memory of 3808	1004	chrome.exe	73
PID 1004 wrote to memory of 3808	1004	chrome.exe	73
PID 1004 wrote to memory of 3808	1004	chrome.exe	73
PID 1004 wrote to memory of 3808	1004	chrome.exe	73
PID 1004 wrote to memory of 3808	1004	chrome.exe	73
PID 1004 wrote to memory of 3808	1004	chrome.exe	73
PID 1004 wrote to memory of 3808	1004	chrome.exe	73
PID 1004 wrote to memory of 3808	1004	chrome.exe	73
PID 1004 wrote to memory of 3808	1004	chrome.exe	73
PID 1004 wrote to memory of 3808	1004	chrome.exe	73
PID 1004 wrote to memory of 3808	1004	chrome.exe	73
PID 1004 wrote to memory of 3808	1004	chrome.exe	73
PID 1004 wrote to memory of 3808	1004	chrome.exe	73
PID 1004 wrote to memory of 3808	1004	chrome.exe	73
PID 1004 wrote to memory of 3808	1004	chrome.exe	73
PID 1004 wrote to memory of 3808	1004	chrome.exe	73

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Screenshot 2023-04-23 023837.png"
1⤵
PID:1680

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious use of WriteProcessMemory
PID:2696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd4,0xd8,0xdc,0xa8,0xe0,0x7ff8b7c29758,0x7ff8b7c29768,0x7ff8b7c29778
  2⤵
  PID:4088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1756,i,5205791750484388312,11517868650124697376,131072 /prefetch:2
  2⤵
  PID:3816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1756,i,5205791750484388312,11517868650124697376,131072 /prefetch:8
  2⤵
  PID:4028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff8b7c29758,0x7ff8b7c29768,0x7ff8b7c29778
  2⤵
  PID:4036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1520 --field-trial-handle=1780,i,3714188581320312599,10326216158110609714,131072 /prefetch:2
  2⤵
  PID:3808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2032 --field-trial-handle=1780,i,3714188581320312599,10326216158110609714,131072 /prefetch:8
  2⤵
  PID:3176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1948 --field-trial-handle=1780,i,3714188581320312599,10326216158110609714,131072 /prefetch:8
  2⤵
  PID:2436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2900 --field-trial-handle=1780,i,3714188581320312599,10326216158110609714,131072 /prefetch:1
  2⤵
  PID:3252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3048 --field-trial-handle=1780,i,3714188581320312599,10326216158110609714,131072 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4296 --field-trial-handle=1780,i,3714188581320312599,10326216158110609714,131072 /prefetch:1
  2⤵
  PID:1728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4488 --field-trial-handle=1780,i,3714188581320312599,10326216158110609714,131072 /prefetch:8
  2⤵
  PID:4476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4632 --field-trial-handle=1780,i,3714188581320312599,10326216158110609714,131072 /prefetch:8
  2⤵
  PID:532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4792 --field-trial-handle=1780,i,3714188581320312599,10326216158110609714,131072 /prefetch:8
  2⤵
  PID:3084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4608 --field-trial-handle=1780,i,3714188581320312599,10326216158110609714,131072 /prefetch:8
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 --field-trial-handle=1780,i,3714188581320312599,10326216158110609714,131072 /prefetch:8
  2⤵
  PID:1364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4756 --field-trial-handle=1780,i,3714188581320312599,10326216158110609714,131072 /prefetch:1
  2⤵
  PID:3824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5096 --field-trial-handle=1780,i,3714188581320312599,10326216158110609714,131072 /prefetch:1
  2⤵
  PID:900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4824 --field-trial-handle=1780,i,3714188581320312599,10326216158110609714,131072 /prefetch:1
  2⤵
  PID:2824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3704 --field-trial-handle=1780,i,3714188581320312599,10326216158110609714,131072 /prefetch:1
  2⤵
  PID:2948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1588 --field-trial-handle=1780,i,3714188581320312599,10326216158110609714,131072 /prefetch:8
  2⤵
  PID:2016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2556 --field-trial-handle=1780,i,3714188581320312599,10326216158110609714,131072 /prefetch:8
  2⤵
  PID:372

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4976

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1928

C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe"
1⤵
PID:4212
- C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:652
- C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2880
- C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:192
- C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2724
- C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4916
- C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe" /main
  2⤵
  - Writes to the Master Boot Record (MBR)
  PID:1472
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe" \note.txt
    3⤵
    PID:3436

C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe"
1⤵
PID:3096
- C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe" /watchdog
  2⤵
  PID:820
- C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe" /watchdog
  2⤵
  PID:5088
- C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe" /watchdog
  2⤵
  PID:4180
- C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe" /watchdog
  2⤵
  PID:1368
- C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe" /watchdog
  2⤵
  PID:1108
- C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe" /main
  2⤵
  PID:2608
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe" \note.txt
    3⤵
    PID:4312

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
5a8ecfb2661ff9e15e20f4efc7baa704

SHA1
2dda545f20156c55351e70c38234c2a2f5d559f9

SHA256
74417d0527faf935f9199a51acf01f09f7151db5ef3bb3856ee8483febf407a2

SHA512
22ce9cb31df4c2c1309e0c8f7fee386b61bfe209ae1cf3fd4ffb711bd6dedbbe5edfb7c5285162b629a30aacccf92229801d2fe748145f12322fd4076e56bbbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
5a8ecfb2661ff9e15e20f4efc7baa704

SHA1
2dda545f20156c55351e70c38234c2a2f5d559f9

SHA256
74417d0527faf935f9199a51acf01f09f7151db5ef3bb3856ee8483febf407a2

SHA512
22ce9cb31df4c2c1309e0c8f7fee386b61bfe209ae1cf3fd4ffb711bd6dedbbe5edfb7c5285162b629a30aacccf92229801d2fe748145f12322fd4076e56bbbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
5a8ecfb2661ff9e15e20f4efc7baa704

SHA1
2dda545f20156c55351e70c38234c2a2f5d559f9

SHA256
74417d0527faf935f9199a51acf01f09f7151db5ef3bb3856ee8483febf407a2

SHA512
22ce9cb31df4c2c1309e0c8f7fee386b61bfe209ae1cf3fd4ffb711bd6dedbbe5edfb7c5285162b629a30aacccf92229801d2fe748145f12322fd4076e56bbbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
5a8ecfb2661ff9e15e20f4efc7baa704

SHA1
2dda545f20156c55351e70c38234c2a2f5d559f9

SHA256
74417d0527faf935f9199a51acf01f09f7151db5ef3bb3856ee8483febf407a2

SHA512
22ce9cb31df4c2c1309e0c8f7fee386b61bfe209ae1cf3fd4ffb711bd6dedbbe5edfb7c5285162b629a30aacccf92229801d2fe748145f12322fd4076e56bbbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
37KB

MD5
519005befdbc6eedc73862996b59a9f7

SHA1
e9bad4dc75c55f583747dbc4abd80a95d5796528

SHA256
603abe3532b1cc1eb1c3da44f3679804dd463d07d4430d55c630aba986b17c44

SHA512
b210b12a78c6134d66b14f46f924ebc95328c10f92bfed22a361b2554eca21ee7892f7d9718ae7415074d753026682903beba2bd40b35a4eeb60bf186dcdf589

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
7a8f28b8edfeb10ff7769adb1f6dd6c9

SHA1
2f2dc79ed49d36cfe3d86455b6449f496a08a7be

SHA256
de3e39cecca8ffcdabc0be47e60b13a509d5de189afc65259112c7522af58406

SHA512
5baf6879012220b385003d44e218166eef88a08e3b74dc36d9f3b9aaaba6124fd471bbe3589f417dcc8e38b52e1f0308a09b37f426bc00e146c22bb8e4b2319b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
4ef98e4356f77e8e5044b1301619f73d

SHA1
005f445c931f1cc3a4a67ee4a98c4d01f9c7b09d

SHA256
9fc261cedd0f0bee1767db50fdd1140850d31d37e78ffb14563ff4b476c44c3d

SHA512
3f6733fc4653a52654e2fd6663b0a859bba9ec2353bc4386dab7fb228fa94253162d2b74fba411110d510efc0e0c2e4cb1332ba729648d52fe8c50bf8c97a230

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
66d237119a4ce4cce34f11775f141847

SHA1
3612c0009cd9ba36ad7367b00f3af6487257a073

SHA256
2f8332e0b7fbe8a0d088c7bc4af643d904e073d71ce06e6f71f9bb2791c26b53

SHA512
ace95c8c56e6de743607872abfcb45594eae24b8e9949d348a88e1988db7bdd5e6a6802fe57b829110d8daba34905811d46fd146d82039f0f3f96943b28c8029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cc1c2e3a36b5639ed36fbcd50a2c24ed

SHA1
803dfd46c1ad1bd44d12bf17b79292d4cfc5a96e

SHA256
254651e80689da9b5949bb478d047910f3d36d036d3cb089876278a3f0273598

SHA512
8eb37f0a0d2ee2e524091de54426dfe0dc6955b946c97967455e1e7cb0ab54923f6685cbcd71634e3bde3b4328bf094652431b37046058535c3540d6abc809a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
82ba4257de383fa0b0cf4fc6982e62ef

SHA1
e281160291a3dbfa17a355a19dc059df3cb5c77a

SHA256
9dc6fa7283a01925c5ccb1575e12f5f63cd5ce6b7d6d809f114d5aa3c7b1a384

SHA512
1d3e9d7d0b4a1ca20b9407c17756aca26aa8115ab7e7db145143f8992419145f681ccd7e5950a76e625872bf746e909f98ade7c34ca0f2d159538719c0bff080

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5a78bf8fd68b000f16f3a5d1d7b6699a

SHA1
9a21428a95b0e31577cff2f4b34810f39ac82ce7

SHA256
ff458acc6e6ae33c27b7c1ac4fd66533da6e4f56e22a48b94703673115779490

SHA512
80b8a97ca22c7b491eb184aefe7f8638872f4cb12bcbfecd640e50014f1cda7204f9acf25696a327a3fe693d1764b8c1ba63cd25c14f2ce9f55dbdce416f1885

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6388dd10bae4f92ae861dfc62e2d2804

SHA1
addbf50ac64c592f5799d4d8578f98dcc0c9ef69

SHA256
c5512a2d114d7484c36b0383f9f122e0c6330e426558708de0c008ce189bad22

SHA512
713b96ab973a3f2b42321931839bdab441aded9fb3e3c83061a94be8f30ca0f8221bbd808f2ca31b0483cfa32453eebd7977398fb15ca30410f19e53325c0f61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f28015f1dc6cce6b59bd9714cd30b8f3

SHA1
9d2b9f0bf551a065eb8a86b2ce9fcdeaf21bc619

SHA256
9b3c1f639f91e57f68f501f68116eb0a5acfbd9f430eb793d84603d6371da9d3

SHA512
6367c7a525ee3d39e662c4821e0320294fe9445f4dedd97436bed7a9134691a31ae499e886b7e746fb6c1342281f4d66ae50a51d3fe940b47b86e41eaffd07c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
21db3ca87a9c591b0181ea4ef855f76e

SHA1
720a6665d0fd74926d8c1b714e360cacbee51162

SHA256
84ca7f9df01945d33ac4717aaf3ae6cf249d50bf88081c9598757d3e1d50f05b

SHA512
eaff80951d144513c241f896eb0b15becdb62c9e24d3bded7cd3fdfb001b1b5a88f7cf53f527bc52ded25083f8cbd329358ca02fde7c04d493e13a0d9b962ba9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
3504bf15b11d71c141ddb979dd0853d7

SHA1
5e1bfa4bcadb98647bb5f367e1eeffbb6c4f2453

SHA256
b48734025031fbc1f076e5f69bf9495a10abdb20d816a00ce0f0690529a50a61

SHA512
241e7d84abd374343f684271a4fbe46c4ac58c3f139827f8d7f80fd0b7b41509ce1ab5ab7a9788952f72e02aaadb8ae3cdffa16f4a7cb842807244d0f3ef6dfe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9f230690852fffb65684733ca3055da7

SHA1
ac5ee5e6528ac72749dc1d05767882dc863bd71c

SHA256
6814d9f900324082a3736d4670c42c1b488016e5af6ede4f9123363e34dbd0ca

SHA512
2ce09cf9f22ab666f2c0c48ec80d011dd1b2f2e616c511261d75202af5f5950264540b30074e1d630fa0503de3f1c068ffc30526e9053e24c230406c15060e1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
be9ac4b9b8c919b7d12b8b269142182a

SHA1
070c51a1405a275bd73437a568d998aed59ad51f

SHA256
0a42ace6f9de4e8ed7a5098bae427ea5bee3460e47b83bf54f42005a664107d0

SHA512
a37ad960a02a955e5d1fdefaeafabd8319b0ddb97e25a25d0638e365f467863dde99ff7cd7aa5f0ad14b5caafbfa0182ccb144714200a23f922a955bc4a055d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5c306e.TMP

Filesize
120B

MD5
3212b2399f8903d9b3df7aaf9cbd38cb

SHA1
185164475e162c18adc99412b87ed56123f595a2

SHA256
e0b47c22c606a25f5d84cbe38b5229cf5135f4022a044f09ea5768d10ec76709

SHA512
f36e7f0bbf8db880c872dd9a6e4caac8ab09d92ab1ef683865e918e2705f18a0e0efc091549c02b8a29d5d57a9c1c9edebce18e8a1a2b3e861c2887953fbfa7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
71KB

MD5
06aebd8a6f5d9cf4cc29a7d02e9390de

SHA1
ac7642c2c8c8c22abd552f39c8e1eaa5291cd26d

SHA256
cc0b3b9d735aac9cf2706182beb30b67ad8345459b118c747a0d1634cc7062ee

SHA512
a9b5cade39a8de9af0cb93a9f461580d474a42fb136eee9552f336f16d9a7d82982bd7df58e827e7200858659d0a219d1bb1626980f0b64859e0109e4f84eee2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
71KB

MD5
06aebd8a6f5d9cf4cc29a7d02e9390de

SHA1
ac7642c2c8c8c22abd552f39c8e1eaa5291cd26d

SHA256
cc0b3b9d735aac9cf2706182beb30b67ad8345459b118c747a0d1634cc7062ee

SHA512
a9b5cade39a8de9af0cb93a9f461580d474a42fb136eee9552f336f16d9a7d82982bd7df58e827e7200858659d0a219d1bb1626980f0b64859e0109e4f84eee2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
148KB

MD5
51d46f7a67fcfbba5d713d7b26dec3e9

SHA1
c271a5f268031cdfc252b1d4b3d3f3d440c71008

SHA256
d5b3b8279f880c15cac9e52327da759f20a1051ded2e321fe93bdab61e28fe14

SHA512
6ce7c68e6574e255e880ce0d5eecf30e15b64160b56fdebc2f0994c8dda74b4aa36538c33a3e683b6ff7954587a8dc2cc19c1bb7f1c66700fdbe067bb316e76d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
149KB

MD5
8e2a494f0f0646d4fbafa640410c5c36

SHA1
0be35919bb5444b6c554a98e39caa139e2fce2de

SHA256
93a60139d49fb442d407f8aeb3647cd56f941a316e7036dd1569f31206defcd7

SHA512
8b3e11d5e7b922b374e1e670713259a61d9f621109042a61e42eae7856b062632c425cf94d02360623629967f750755f70c8fd442b221b4f20523efe10762fd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\MEMZ-virus-main.zip

Filesize
8KB

MD5
a043dc5c624d091f7c2600dd18b300b7

SHA1
4682f79dabfc6da05441e2b6d820382ff02b4c58

SHA256
0acffde0f952b44d500cf2689d6c9ab87e66ac7fa29a51f3c3e36a43ea5e694a

SHA512
ee4f691a6c7b6c047bca49723b65e5980a8f83cbbc129ddfd578b855430b78acf3d0e461238739cd64c8a5c9071fe132c10da3ac28085fc978b6a19ee1ca3313

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit