963738cbabe125e577f8deabdff6ff591aa489674ebae489b1b240a48ee41db5

Analysis

max time kernel
139s
max time network
147s
platform
windows10-1703_x64
resource
win10-20231215-en
resource tags

arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system
submitted
12-02-2024 18:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.js
Size

86KB
MD5

1e90dc3a51711d84fbbed91249450396
SHA1

d098f09b2ce1473878c01b40276cd3acb0f2d0b1
SHA256

963738cbabe125e577f8deabdff6ff591aa489674ebae489b1b240a48ee41db5
SHA512

64da4612f8dfeb620226915ba3cf0825279bc66a5d9f0bf37f836ab96512a11cb31bf40c8b589e44d641e4f012d310704129776c3b5bb8823b23a41e1bd7f570
SSDEEP

1536:1qhuYqLNkFYWu3QJU8KQkeSVN0NtseYcEbhGkIcjm:0huYq5kSQJicEoAjm

Score

8^/10

bootkit persistence

Malware Config

Signatures

Downloads MZ/PE file
Executes dropped EXE 7 IoCs

Processes:

MEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid process

2676 MEMZ.exe
4524 MEMZ.exe
864 MEMZ.exe
2120 MEMZ.exe
308 MEMZ.exe
3488 MEMZ.exe
3244 MEMZ.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

76 raw.githubusercontent.com
77 raw.githubusercontent.com
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1542.003

Processes:

MEMZ.exe

description ioc process

File opened for modification \??\PhysicalDrive0 MEMZ.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
2676	MEMZ.exe
4524	MEMZ.exe
864	MEMZ.exe
2120	MEMZ.exe
308	MEMZ.exe
3488	MEMZ.exe
3244	MEMZ.exe

flow	ioc
76	raw.githubusercontent.com
77	raw.githubusercontent.com

description	ioc	process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 17 IoCs

Processes:

LogonUI.exechrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133522373474291259"	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe

Runs regedit.exe 1 IoCs

Processes:

regedit.exe

pid process

3328 regedit.exe

pid	process
3328	regedit.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

chrome.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid	process
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
308	MEMZ.exe
4524	MEMZ.exe
4524	MEMZ.exe
308	MEMZ.exe
2120	MEMZ.exe
864	MEMZ.exe
864	MEMZ.exe
2120	MEMZ.exe
2120	MEMZ.exe
2120	MEMZ.exe
864	MEMZ.exe
864	MEMZ.exe
308	MEMZ.exe
308	MEMZ.exe
3488	MEMZ.exe
3488	MEMZ.exe
4524	MEMZ.exe
4524	MEMZ.exe
4524	MEMZ.exe
4524	MEMZ.exe
3488	MEMZ.exe
3488	MEMZ.exe
864	MEMZ.exe
864	MEMZ.exe
308	MEMZ.exe
308	MEMZ.exe
2120	MEMZ.exe
2120	MEMZ.exe
4524	MEMZ.exe
4524	MEMZ.exe
308	MEMZ.exe
308	MEMZ.exe
2120	MEMZ.exe
2120	MEMZ.exe
864	MEMZ.exe
3488	MEMZ.exe
3488	MEMZ.exe
864	MEMZ.exe
4524	MEMZ.exe
4524	MEMZ.exe
864	MEMZ.exe
864	MEMZ.exe
3488	MEMZ.exe
3488	MEMZ.exe
308	MEMZ.exe
308	MEMZ.exe
2120	MEMZ.exe
2120	MEMZ.exe
2120	MEMZ.exe
308	MEMZ.exe
2120	MEMZ.exe
308	MEMZ.exe
3488	MEMZ.exe
3488	MEMZ.exe
864	MEMZ.exe
864	MEMZ.exe
4524	MEMZ.exe
4524	MEMZ.exe
4524	MEMZ.exe
4524	MEMZ.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

chrome.exe

pid process

496 chrome.exe
496 chrome.exe
496 chrome.exe
496 chrome.exe
496 chrome.exe
496 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	496	chrome.exe
Token: SeCreatePagefilePrivilege	496	chrome.exe
Token: SeShutdownPrivilege	496	chrome.exe
Token: SeCreatePagefilePrivilege	496	chrome.exe
Token: SeShutdownPrivilege	496	chrome.exe
Token: SeCreatePagefilePrivilege	496	chrome.exe
Token: SeShutdownPrivilege	496	chrome.exe
Token: SeCreatePagefilePrivilege	496	chrome.exe
Token: SeShutdownPrivilege	496	chrome.exe
Token: SeCreatePagefilePrivilege	496	chrome.exe
Token: SeShutdownPrivilege	496	chrome.exe
Token: SeCreatePagefilePrivilege	496	chrome.exe
Token: SeShutdownPrivilege	496	chrome.exe
Token: SeCreatePagefilePrivilege	496	chrome.exe
Token: SeShutdownPrivilege	496	chrome.exe
Token: SeCreatePagefilePrivilege	496	chrome.exe
Token: SeShutdownPrivilege	496	chrome.exe
Token: SeCreatePagefilePrivilege	496	chrome.exe
Token: SeShutdownPrivilege	496	chrome.exe
Token: SeCreatePagefilePrivilege	496	chrome.exe
Token: SeShutdownPrivilege	496	chrome.exe
Token: SeCreatePagefilePrivilege	496	chrome.exe
Token: SeShutdownPrivilege	496	chrome.exe
Token: SeCreatePagefilePrivilege	496	chrome.exe
Token: SeShutdownPrivilege	496	chrome.exe
Token: SeCreatePagefilePrivilege	496	chrome.exe
Token: SeShutdownPrivilege	496	chrome.exe
Token: SeCreatePagefilePrivilege	496	chrome.exe
Token: SeShutdownPrivilege	496	chrome.exe
Token: SeCreatePagefilePrivilege	496	chrome.exe
Token: SeShutdownPrivilege	496	chrome.exe
Token: SeCreatePagefilePrivilege	496	chrome.exe
Token: SeShutdownPrivilege	496	chrome.exe
Token: SeCreatePagefilePrivilege	496	chrome.exe
Token: SeShutdownPrivilege	496	chrome.exe
Token: SeCreatePagefilePrivilege	496	chrome.exe
Token: SeShutdownPrivilege	496	chrome.exe
Token: SeCreatePagefilePrivilege	496	chrome.exe
Token: SeShutdownPrivilege	496	chrome.exe
Token: SeCreatePagefilePrivilege	496	chrome.exe
Token: SeShutdownPrivilege	496	chrome.exe
Token: SeCreatePagefilePrivilege	496	chrome.exe
Token: SeShutdownPrivilege	496	chrome.exe
Token: SeCreatePagefilePrivilege	496	chrome.exe
Token: SeShutdownPrivilege	496	chrome.exe
Token: SeCreatePagefilePrivilege	496	chrome.exe
Token: SeShutdownPrivilege	496	chrome.exe
Token: SeCreatePagefilePrivilege	496	chrome.exe
Token: SeShutdownPrivilege	496	chrome.exe
Token: SeCreatePagefilePrivilege	496	chrome.exe
Token: SeShutdownPrivilege	496	chrome.exe
Token: SeCreatePagefilePrivilege	496	chrome.exe
Token: SeShutdownPrivilege	496	chrome.exe
Token: SeCreatePagefilePrivilege	496	chrome.exe
Token: SeShutdownPrivilege	496	chrome.exe
Token: SeCreatePagefilePrivilege	496	chrome.exe
Token: SeShutdownPrivilege	496	chrome.exe
Token: SeCreatePagefilePrivilege	496	chrome.exe
Token: SeShutdownPrivilege	496	chrome.exe
Token: SeCreatePagefilePrivilege	496	chrome.exe
Token: SeShutdownPrivilege	496	chrome.exe
Token: SeCreatePagefilePrivilege	496	chrome.exe
Token: SeShutdownPrivilege	496	chrome.exe
Token: SeCreatePagefilePrivilege	496	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

Processes:

chrome.exe

pid	process
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe
496	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

LogonUI.exe

pid process

3740 LogonUI.exe

pid	process
3740	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 496 wrote to memory of 4428	496	chrome.exe	chrome.exe
PID 496 wrote to memory of 4428	496	chrome.exe	chrome.exe
PID 496 wrote to memory of 4296	496	chrome.exe	chrome.exe
PID 496 wrote to memory of 4296	496	chrome.exe	chrome.exe
PID 496 wrote to memory of 4296	496	chrome.exe	chrome.exe
PID 496 wrote to memory of 4296	496	chrome.exe	chrome.exe
PID 496 wrote to memory of 4296	496	chrome.exe	chrome.exe
PID 496 wrote to memory of 4296	496	chrome.exe	chrome.exe
PID 496 wrote to memory of 4296	496	chrome.exe	chrome.exe
PID 496 wrote to memory of 4296	496	chrome.exe	chrome.exe
PID 496 wrote to memory of 4296	496	chrome.exe	chrome.exe
PID 496 wrote to memory of 4296	496	chrome.exe	chrome.exe
PID 496 wrote to memory of 4296	496	chrome.exe	chrome.exe
PID 496 wrote to memory of 4296	496	chrome.exe	chrome.exe
PID 496 wrote to memory of 4296	496	chrome.exe	chrome.exe
PID 496 wrote to memory of 4296	496	chrome.exe	chrome.exe
PID 496 wrote to memory of 4296	496	chrome.exe	chrome.exe
PID 496 wrote to memory of 4296	496	chrome.exe	chrome.exe
PID 496 wrote to memory of 4296	496	chrome.exe	chrome.exe
PID 496 wrote to memory of 4296	496	chrome.exe	chrome.exe
PID 496 wrote to memory of 4296	496	chrome.exe	chrome.exe
PID 496 wrote to memory of 4296	496	chrome.exe	chrome.exe
PID 496 wrote to memory of 4296	496	chrome.exe	chrome.exe
PID 496 wrote to memory of 4296	496	chrome.exe	chrome.exe
PID 496 wrote to memory of 4296	496	chrome.exe	chrome.exe
PID 496 wrote to memory of 4296	496	chrome.exe	chrome.exe
PID 496 wrote to memory of 4296	496	chrome.exe	chrome.exe
PID 496 wrote to memory of 4296	496	chrome.exe	chrome.exe
PID 496 wrote to memory of 4296	496	chrome.exe	chrome.exe
PID 496 wrote to memory of 4296	496	chrome.exe	chrome.exe
PID 496 wrote to memory of 4296	496	chrome.exe	chrome.exe
PID 496 wrote to memory of 4296	496	chrome.exe	chrome.exe
PID 496 wrote to memory of 4296	496	chrome.exe	chrome.exe
PID 496 wrote to memory of 4296	496	chrome.exe	chrome.exe
PID 496 wrote to memory of 4296	496	chrome.exe	chrome.exe
PID 496 wrote to memory of 4296	496	chrome.exe	chrome.exe
PID 496 wrote to memory of 4296	496	chrome.exe	chrome.exe
PID 496 wrote to memory of 4296	496	chrome.exe	chrome.exe
PID 496 wrote to memory of 4296	496	chrome.exe	chrome.exe
PID 496 wrote to memory of 4296	496	chrome.exe	chrome.exe
PID 496 wrote to memory of 4292	496	chrome.exe	chrome.exe
PID 496 wrote to memory of 4292	496	chrome.exe	chrome.exe
PID 496 wrote to memory of 4736	496	chrome.exe	chrome.exe
PID 496 wrote to memory of 4736	496	chrome.exe	chrome.exe
PID 496 wrote to memory of 4736	496	chrome.exe	chrome.exe
PID 496 wrote to memory of 4736	496	chrome.exe	chrome.exe
PID 496 wrote to memory of 4736	496	chrome.exe	chrome.exe
PID 496 wrote to memory of 4736	496	chrome.exe	chrome.exe
PID 496 wrote to memory of 4736	496	chrome.exe	chrome.exe
PID 496 wrote to memory of 4736	496	chrome.exe	chrome.exe
PID 496 wrote to memory of 4736	496	chrome.exe	chrome.exe
PID 496 wrote to memory of 4736	496	chrome.exe	chrome.exe
PID 496 wrote to memory of 4736	496	chrome.exe	chrome.exe
PID 496 wrote to memory of 4736	496	chrome.exe	chrome.exe
PID 496 wrote to memory of 4736	496	chrome.exe	chrome.exe
PID 496 wrote to memory of 4736	496	chrome.exe	chrome.exe
PID 496 wrote to memory of 4736	496	chrome.exe	chrome.exe
PID 496 wrote to memory of 4736	496	chrome.exe	chrome.exe
PID 496 wrote to memory of 4736	496	chrome.exe	chrome.exe
PID 496 wrote to memory of 4736	496	chrome.exe	chrome.exe
PID 496 wrote to memory of 4736	496	chrome.exe	chrome.exe
PID 496 wrote to memory of 4736	496	chrome.exe	chrome.exe
PID 496 wrote to memory of 4736	496	chrome.exe	chrome.exe
PID 496 wrote to memory of 4736	496	chrome.exe	chrome.exe

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\sample.js
1⤵
PID:3032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:496

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffd9eab9758,0x7ffd9eab9768,0x7ffd9eab9778
2⤵
PID:4428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1836 --field-trial-handle=1872,i,7205007710247805657,8628828655775088071,131072 /prefetch:8
2⤵
PID:4292

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1552 --field-trial-handle=1872,i,7205007710247805657,8628828655775088071,131072 /prefetch:2
2⤵
PID:4296

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2116 --field-trial-handle=1872,i,7205007710247805657,8628828655775088071,131072 /prefetch:8
2⤵
PID:4736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2752 --field-trial-handle=1872,i,7205007710247805657,8628828655775088071,131072 /prefetch:1
2⤵
PID:4456

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2760 --field-trial-handle=1872,i,7205007710247805657,8628828655775088071,131072 /prefetch:1
2⤵
PID:4448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3940 --field-trial-handle=1872,i,7205007710247805657,8628828655775088071,131072 /prefetch:1
2⤵
PID:3924

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4856 --field-trial-handle=1872,i,7205007710247805657,8628828655775088071,131072 /prefetch:8
2⤵
PID:3192

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 --field-trial-handle=1872,i,7205007710247805657,8628828655775088071,131072 /prefetch:8
2⤵
PID:3852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5028 --field-trial-handle=1872,i,7205007710247805657,8628828655775088071,131072 /prefetch:1
2⤵
PID:1208

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 --field-trial-handle=1872,i,7205007710247805657,8628828655775088071,131072 /prefetch:8
2⤵
PID:4120

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 --field-trial-handle=1872,i,7205007710247805657,8628828655775088071,131072 /prefetch:8
2⤵
PID:1980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3088 --field-trial-handle=1872,i,7205007710247805657,8628828655775088071,131072 /prefetch:1
2⤵
PID:2836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3096 --field-trial-handle=1872,i,7205007710247805657,8628828655775088071,131072 /prefetch:1
2⤵
PID:1772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2956 --field-trial-handle=1872,i,7205007710247805657,8628828655775088071,131072 /prefetch:8
2⤵
PID:4308

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5268 --field-trial-handle=1872,i,7205007710247805657,8628828655775088071,131072 /prefetch:8
2⤵
PID:4196

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5216 --field-trial-handle=1872,i,7205007710247805657,8628828655775088071,131072 /prefetch:8
2⤵
PID:2880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 --field-trial-handle=1872,i,7205007710247805657,8628828655775088071,131072 /prefetch:8
2⤵
PID:3232

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5384 --field-trial-handle=1872,i,7205007710247805657,8628828655775088071,131072 /prefetch:8
2⤵
PID:384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1604 --field-trial-handle=1872,i,7205007710247805657,8628828655775088071,131072 /prefetch:8
2⤵
PID:4188

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe"
2⤵
- Executes dropped EXE
PID:2676

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:4524

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:864

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:3488

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:308

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /main
3⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:3244

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
4⤵
PID:196

C:\Windows\SysWOW64\regedit.exe
"C:\Windows\System32\regedit.exe"
4⤵
- Runs regedit.exe
PID:3328

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2120

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 --field-trial-handle=1872,i,7205007710247805657,8628828655775088071,131072 /prefetch:8
2⤵
PID:3064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4360 --field-trial-handle=1872,i,7205007710247805657,8628828655775088071,131072 /prefetch:2
2⤵
PID:3652

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4424

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0 /state0:0xa3ae8855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:3740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
194KB

MD5
36104d04a9994182ba78be74c7ac3b0e

SHA1
0c049d44cd22468abb1d0711ec844e68297a7b3d

SHA256
ccde155056cdce86d7e51dfd4e8fb603e8d816224b1257adfcf9503139dd28f1

SHA512
8c115e3e5925fb01efd8dda889f4d5e890f6daaf40b10d5b8e3d9b19e15dadcb9dcf344f40c43f59a1f5428b3ee49e24e492cf0cb6826add1c03d21efdec52ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
5dacca8c24ee061b359b51c6156163de

SHA1
ebf0522d6602d1d11fd9012cb64ba25ed4bf96fb

SHA256
00f75c12ae2cacea82dad732e34e703074129e9226abc001509d05421b3b9208

SHA512
aa7cfe7de840990b03d87576711e3860b6d0a92288abbf2b92e9eb4f22bc45b23ebcc39f7c06acf85ac62a7a3c6895248b14d32b0f19681797a4fa0821efa228

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ef55a5acde31b1284952d0c07eb25a59

SHA1
ccc501382505fa70c4cc4420dfee180d9fe78472

SHA256
d301032bea09de904c31c238a88da13c18dfd8e0e5d40bc3195c274245c9b31f

SHA512
d556692cecc56a547a910fad4b21fea6baac08c215deacee4bbd8319f156d21905a37389f90d35cee5cd5b1840f9b559beee2ab8a496e8ba8332cc8fa5d6ee41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
9774b4909d876c1f6f6b432880ccfaf1

SHA1
8f2c42d9515e4d2b471ab53c2b835ebb42dda017

SHA256
9c40f322b9b37ceed44890733703ed3fd3a2ccc9fba3cc2e5e805c7552e6d51f

SHA512
95d8ac4c5cd32748a9a31437a38c5e2ed9f98838515344fea928fcd7873d2e4cbc060364e6e53930b23dfea8c07c65e4a41d77c9567ec5e26c872e1826d2693d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
3af9f35297d6de825fda80daf4f4975d

SHA1
ab79f7fd28f7468b4bde35f324e5467be8f7d850

SHA256
cd1c1515e27961a74ba354542f8eb6cfade0f64503df0dc0db018e78b524f815

SHA512
66c33a1676e82dcb69dfe76c88ca8afe05ed0aa8c83ba34d12e94a50c3e5f1744bcd1ec5fa1965a8a588c4426b25eab2d88b1c4502d2bed560bfaad32f7324b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
f58a990880e8f71c646f9f234b7206d8

SHA1
2ea783b4a54cb7c04177fc6be6408c8097a9b1c1

SHA256
71588c1771b393c9ee4cd34ead577fdc0f01238e15c069b5023c1ab3b2d2095b

SHA512
285853d1b2f76d8576b7be8f63ab94586611f4c1515a6b4ac59d2d6d27633f77ad67b14a4d6c3edbfed312f301e749276189bac24d63880e830a5feb971b99e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0301ba77233bea13268a4a591dffcafc

SHA1
03bb878779a3b2b233e5a41eb193682726209a86

SHA256
aa62a4ca1f10bcea7ea2d3e977c9b92320d72ad4d78cb4252b3c50ff42c771b5

SHA512
668971620115e04f6c851821b4f0af5140dc77704e190c7e9e7a8fa43a02e202e3c1995376fe043180c88482909f7beb1fc1b4c2b42d9ace06ec6cd0f1c69fb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
51e1d95dcab2c2867e67a14e8c71afec

SHA1
dddf4250b921643eb45c13b29a1dcd22b5949138

SHA256
133d4ece7138f7586571ceefe86590884ea050c92459656f29ee7ae20c7b0bc4

SHA512
7158d91b9477f97a2c382c675aa86213cdd8da5b5d693ff6c76e171a1d66840ee7b550ad638e524e95e3a0ae79e11d188b08e215e68c9a27cace3571a5f3d0a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c901d37a6f2303103f4578af1a63e001

SHA1
05d218d8aef0af46cf4e411bc5290dee929ed750

SHA256
bd23c53857aab3756e44cc780cd267fdd818eb258e9fbce0de3f458fadc6e509

SHA512
f7d80ac2c05d2023a3df280828f6554fb4d753c034ee22ed607407b2e175f78a3c3d7518e1d5d7904848d63f3b6f0f3ee900df62c37dec51930c995ff48df011

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5fb995e585a00152953b211c7bc1d9f7

SHA1
c0fe42c84acbe435b7c24ff3c456c91f4d69a084

SHA256
8cfde71903aacb6914059008d41528d62de216ab7bd1e974d3bd31a5f78c9023

SHA512
02636aa72e1d437b3a9adc4dff6672c483b8b8b9bcbdbc32eddce7a93c89ee984196b546251b3f3599878a2d093719869f25da28ddbed76c97217debd4e089c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e02a474237c04777255f0a9726dfc8bb

SHA1
d9dbf4ceee8425ca16063200b0d9db9039446c5f

SHA256
3226ebc5d7648f396b05915748c98a8fa225774020c48362891168d51002ab87

SHA512
1f98e0607225846ba635d324a636ae703b69ec00f61a866ef6e7216e7854f14b97ea2bbb210ea44379b72ec8169e15209987f122c82019155f813d4902af56e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
728d7e9333fd9cbf89c6dc41082e454c

SHA1
dcb2c8c4da4560ba40647d8b86df61b493f59abd

SHA256
4c55084258068c990b64305607b3b1422606c7ad6dd347500dd76e73c157460f

SHA512
32fffed0d82f7edb5f5a843c436d0277431c82d5a3e34f2eee0bc50ab1961aac6f7c5b36a37b6a5dde1b2c7b8883445b3eb06acef361c6701f85dea3d4fd7428

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8b31175f6fc2d97732ed2cfce2a4cbf9

SHA1
74a5a7c46722c5d1d21e88fc0f2caf6305719fb5

SHA256
009e897d3dd7837a7be9e355510eb61580b347fa6f322fd0a9b854711d722e27

SHA512
bf1efffc647b2635a3b540230d23b12d5a30f6097e55c3d2a123637a2f11ce9cc99acb5f9da6a0f6b1cee2e377eff919255e2f5b7dda26bb89eec15c0aadbb1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
cb6d86e3b48c40d00fb496e9b14054ee

SHA1
edddec77ced240812fc0c1db305745f29e4364fc

SHA256
7ba3550cbf17723394ab9769f4b6365818f3de46e891e41c1ca5d02216913c9f

SHA512
05aeac1c11a310726973bcf04118b2146065d01de8e25e3695a9f952d1192225763f949c3d884faa304e0577c1636740d532529e9421603a65a77a5559452d03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
163e68552394d4e7bfa9088a0ee3c77d

SHA1
52712fe508c61b392b215a0b20b8494c4ef511f3

SHA256
416972225a49610ad437accff3c0126ca3612e63d507cb4d475f5fb34e34454c

SHA512
c285e134e01553c8c1bc099a6ae22fdad6034913d4ce62143c8fe35477deb6dc3023f6a28199c7241b00a1c7cc4fa0f6c8cafe09023ac428849ecc6fdb6a65a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4af3a8d0944e6a8cefb70e65bd6395aa

SHA1
327727e0a33da30badf4e98b5cc8b01f7614eef4

SHA256
0b87021dd5672d24040b1e949acf44670804d0472b1d3e334478a2ff6e78ab98

SHA512
53c3f4c7bc826f81760baf96b0769734b470d019cba84639d6dcf1ba6aa7b0a0ee6f630248c2ff5f668ea6dccf1aee371920991b74c8ea5332a0f2c355d92583

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
5fa58b6bec347c6e27cdb68b009bbef1

SHA1
4093b0e33df4920ef8428bf70a98eb1e2b523736

SHA256
47c51499ffbc1f1d33101295907cbbffc0588147e593f235e0608ffef1787a7e

SHA512
d04f970d2d656089a5ae327797c76999223a475a014a4c0362ea104b5cf1474d12a12211a73558baff66a747c33fb1850ab41699e31474bd4b9c9030a94bda6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
258KB

MD5
d6711153518c718153b85618f9891efd

SHA1
206d8a4c9681a1a511b71c2af4f2a24a35754531

SHA256
0802d49588328df50011f8468b0cb57b6e24dc227410b31a5b637a5083c7edf6

SHA512
45408ff1f9bc4c12de58fc9911908935eef3d42f97e34aaff315567bdb71810dca7e84c96d08b9305897d46bbb75cf949c29bca7abecaa3184ae1683a93abb19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
240KB

MD5
b68f450421241d075966c2f3c8c34254

SHA1
e725ada13ca01ed1c7d9838080760d83104ee780

SHA256
a5a2ae946a5207643afc04f55176ef1cc0d581fb517ac42056229f08f0e6da9e

SHA512
186d60954b4ad684ceaed9a667918e5e6e8fda63c283b9cf059f8ce7af798118bce1c0903da92e64a9692cffe834b6d70b5fb1d2ca51de381fc46353f976a033

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
843a058426b6c4b4e5198a8326fa8602

SHA1
9d4aadad1b85281e2d232dba3c1ee93afeb523f0

SHA256
bf37cb917ea1fee009535239ad8a580a68aa42ce65e632b8284ef0adbb87cb6a

SHA512
d4915daadd796525858372fb73c00793c1a68d08129a111fe09ee75b4f8f6ad5fdd5937d81a619b0c5a8fc1ae11920b7996f61535c7cc6041534de4f4d746136

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
240KB

MD5
ed16e76f200a85f863778e2189dfd3c7

SHA1
0824131ed7945c44d2d73b729c9c57ef9b6d1c13

SHA256
be4f6250762084d81fe167e3916c7ee08e9a81581586ffc27538db0e5f18c9c4

SHA512
f7d1b00c8bf8180d6ba323b461fde7ea93b7999c9a78606b3133e275619a739515e0379082f0b045a83949aec16b39f7c626ce9f074e7d6a913f4ef382fe518e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
258KB

MD5
7869f98021651a730f1909fb1c043e1f

SHA1
5ce37ab4312957142f60d388c65a15b6dd91c0f8

SHA256
b27dd3c51282e3884c19354ff47f3b73352b14ae94fa2ee29126bb350af59ea0

SHA512
78cce7935e5406412f157ccd24606afa1649181df7e7e4c7e9dc2d57a2ddce57218c999ab6549078007c2c3d9b931e565d311d510ad08cf02a00da45d13e084e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
240KB

MD5
d7686788d62cf28e3345cd8b32d5b35d

SHA1
eff68c2bce84f3b59a44883565d0e160b964460b

SHA256
6bcccc9630ebcccc94836ab6f30a2a44f26ee1a3656478843f01c6db95bf6848

SHA512
3e657fe4f8074febe8ae336023dff0637005436ed97ef0ef37401a7f653d93366451595d768badcc7be7d2e1fc6c90d10154ad0e7fcfb45a4647435af1b5d5ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
106KB

MD5
a701a5f9c7e9a77eab20882c95676d89

SHA1
ecb302b52c1616f9630dda5c25711b42094a4ffa

SHA256
a58ff38252efb504d7217ffed2c11f9bfa1d2eb1ff50bb571986eb8f08864133

SHA512
8c31ad703954b6e4be2e10c8922af92042990ec5104b3e789af6115117a7a7b63c08d543e4452e79a2d7946621d865ebee894e60b47f084926bab4a6ebfd549c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe598ca6.TMP

Filesize
93KB

MD5
39928d0f9dbbc2e8ba8ef944d2269000

SHA1
1c1ddad24e3b325a880213c89a93f35db0e5b424

SHA256
1bea4469ba48244f1c4620d4254a4ffe051243354dc91cc4c9805bc7c4565c70

SHA512
84129a5cf140d8847cfa5ec607ba33ff928c60d54511ab9eb9839b5513c078364ddc1caa549614d9fbbba2926ce547acf86065896d76c71f928b1affdfed9ccf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe

Filesize
14KB

MD5
19dbec50735b5f2a72d4199c4e184960

SHA1
6fed7732f7cb6f59743795b2ab154a3676f4c822

SHA256
a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d

SHA512
aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
\??\pipe\crashpad_496_ZRTAONHXBOKVGYZP

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit