hxxp://exe[.]io

Analysis

max time kernel
294s
max time network
275s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
06/03/2024, 01:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://exe.io

Score

8^/10

bootkit persistence

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 8 IoCs

pid	Process
1068	MEMZ.exe
1728	MEMZ.exe
4800	MEMZ.exe
2112	MEMZ.exe
4896	MEMZ.exe
4872	MEMZ.exe
1416	MEMZ.exe
1464	MEMZ.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
166	raw.githubusercontent.com
167	raw.githubusercontent.com

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133541613292766369"	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\MEMZ.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2360	chrome.exe
2360	chrome.exe
4952	chrome.exe
4952	chrome.exe
4800	MEMZ.exe
4800	MEMZ.exe
4800	MEMZ.exe
4800	MEMZ.exe
4800	MEMZ.exe
4800	MEMZ.exe
4800	MEMZ.exe
4800	MEMZ.exe
4800	MEMZ.exe
4800	MEMZ.exe
4800	MEMZ.exe
4800	MEMZ.exe
4800	MEMZ.exe
4800	MEMZ.exe
4800	MEMZ.exe
4800	MEMZ.exe
4800	MEMZ.exe
4800	MEMZ.exe
4800	MEMZ.exe
4800	MEMZ.exe
4800	MEMZ.exe
4800	MEMZ.exe
4800	MEMZ.exe
4800	MEMZ.exe
4800	MEMZ.exe
4800	MEMZ.exe
4800	MEMZ.exe
4800	MEMZ.exe
4800	MEMZ.exe
4800	MEMZ.exe
4800	MEMZ.exe
4800	MEMZ.exe
4800	MEMZ.exe
4800	MEMZ.exe
4800	MEMZ.exe
4800	MEMZ.exe
4800	MEMZ.exe
4800	MEMZ.exe
4800	MEMZ.exe
4800	MEMZ.exe
4800	MEMZ.exe
4800	MEMZ.exe
4800	MEMZ.exe
4800	MEMZ.exe
4800	MEMZ.exe
4800	MEMZ.exe
4800	MEMZ.exe
4800	MEMZ.exe
4800	MEMZ.exe
4800	MEMZ.exe
4800	MEMZ.exe
4800	MEMZ.exe
4800	MEMZ.exe
4800	MEMZ.exe
4800	MEMZ.exe
4800	MEMZ.exe
4800	MEMZ.exe
4800	MEMZ.exe
4800	MEMZ.exe
4800	MEMZ.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe
Token: SeShutdownPrivilege	2360	chrome.exe
Token: SeCreatePagefilePrivilege	2360	chrome.exe

Suspicious use of FindShellTrayWindow 43 IoCs

pid	Process
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe

Suspicious use of SendNotifyMessage 16 IoCs

pid	Process
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe
2360	chrome.exe

Suspicious use of SetWindowsHookEx 44 IoCs

pid	Process
4872	MEMZ.exe
2112	MEMZ.exe
4800	MEMZ.exe
4896	MEMZ.exe
4800	MEMZ.exe
2112	MEMZ.exe
4872	MEMZ.exe
4896	MEMZ.exe
2112	MEMZ.exe
4800	MEMZ.exe
4872	MEMZ.exe
4896	MEMZ.exe
4872	MEMZ.exe
4896	MEMZ.exe
4800	MEMZ.exe
2112	MEMZ.exe
4872	MEMZ.exe
2112	MEMZ.exe
4800	MEMZ.exe
4896	MEMZ.exe
4872	MEMZ.exe
4896	MEMZ.exe
4800	MEMZ.exe
2112	MEMZ.exe
4872	MEMZ.exe
2112	MEMZ.exe
4800	MEMZ.exe
4896	MEMZ.exe
4872	MEMZ.exe
4896	MEMZ.exe
4800	MEMZ.exe
2112	MEMZ.exe
4872	MEMZ.exe
4896	MEMZ.exe
2112	MEMZ.exe
4800	MEMZ.exe
4896	MEMZ.exe
4872	MEMZ.exe
2112	MEMZ.exe
4800	MEMZ.exe
4896	MEMZ.exe
4872	MEMZ.exe
2112	MEMZ.exe
4800	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2360 wrote to memory of 800	2360	chrome.exe	78
PID 2360 wrote to memory of 800	2360	chrome.exe	78
PID 2360 wrote to memory of 4840	2360	chrome.exe	80
PID 2360 wrote to memory of 4840	2360	chrome.exe	80
PID 2360 wrote to memory of 4840	2360	chrome.exe	80
PID 2360 wrote to memory of 4840	2360	chrome.exe	80
PID 2360 wrote to memory of 4840	2360	chrome.exe	80
PID 2360 wrote to memory of 4840	2360	chrome.exe	80
PID 2360 wrote to memory of 4840	2360	chrome.exe	80
PID 2360 wrote to memory of 4840	2360	chrome.exe	80
PID 2360 wrote to memory of 4840	2360	chrome.exe	80
PID 2360 wrote to memory of 4840	2360	chrome.exe	80
PID 2360 wrote to memory of 4840	2360	chrome.exe	80
PID 2360 wrote to memory of 4840	2360	chrome.exe	80
PID 2360 wrote to memory of 4840	2360	chrome.exe	80
PID 2360 wrote to memory of 4840	2360	chrome.exe	80
PID 2360 wrote to memory of 4840	2360	chrome.exe	80
PID 2360 wrote to memory of 4840	2360	chrome.exe	80
PID 2360 wrote to memory of 4840	2360	chrome.exe	80
PID 2360 wrote to memory of 4840	2360	chrome.exe	80
PID 2360 wrote to memory of 4840	2360	chrome.exe	80
PID 2360 wrote to memory of 4840	2360	chrome.exe	80
PID 2360 wrote to memory of 4840	2360	chrome.exe	80
PID 2360 wrote to memory of 4840	2360	chrome.exe	80
PID 2360 wrote to memory of 4840	2360	chrome.exe	80
PID 2360 wrote to memory of 4840	2360	chrome.exe	80
PID 2360 wrote to memory of 4840	2360	chrome.exe	80
PID 2360 wrote to memory of 4840	2360	chrome.exe	80
PID 2360 wrote to memory of 4840	2360	chrome.exe	80
PID 2360 wrote to memory of 4840	2360	chrome.exe	80
PID 2360 wrote to memory of 4840	2360	chrome.exe	80
PID 2360 wrote to memory of 4840	2360	chrome.exe	80
PID 2360 wrote to memory of 4840	2360	chrome.exe	80
PID 2360 wrote to memory of 4840	2360	chrome.exe	80
PID 2360 wrote to memory of 4840	2360	chrome.exe	80
PID 2360 wrote to memory of 4840	2360	chrome.exe	80
PID 2360 wrote to memory of 4840	2360	chrome.exe	80
PID 2360 wrote to memory of 4840	2360	chrome.exe	80
PID 2360 wrote to memory of 4840	2360	chrome.exe	80
PID 2360 wrote to memory of 4840	2360	chrome.exe	80
PID 2360 wrote to memory of 3480	2360	chrome.exe	81
PID 2360 wrote to memory of 3480	2360	chrome.exe	81
PID 2360 wrote to memory of 4492	2360	chrome.exe	82
PID 2360 wrote to memory of 4492	2360	chrome.exe	82
PID 2360 wrote to memory of 4492	2360	chrome.exe	82
PID 2360 wrote to memory of 4492	2360	chrome.exe	82
PID 2360 wrote to memory of 4492	2360	chrome.exe	82
PID 2360 wrote to memory of 4492	2360	chrome.exe	82
PID 2360 wrote to memory of 4492	2360	chrome.exe	82
PID 2360 wrote to memory of 4492	2360	chrome.exe	82
PID 2360 wrote to memory of 4492	2360	chrome.exe	82
PID 2360 wrote to memory of 4492	2360	chrome.exe	82
PID 2360 wrote to memory of 4492	2360	chrome.exe	82
PID 2360 wrote to memory of 4492	2360	chrome.exe	82
PID 2360 wrote to memory of 4492	2360	chrome.exe	82
PID 2360 wrote to memory of 4492	2360	chrome.exe	82
PID 2360 wrote to memory of 4492	2360	chrome.exe	82
PID 2360 wrote to memory of 4492	2360	chrome.exe	82
PID 2360 wrote to memory of 4492	2360	chrome.exe	82
PID 2360 wrote to memory of 4492	2360	chrome.exe	82
PID 2360 wrote to memory of 4492	2360	chrome.exe	82
PID 2360 wrote to memory of 4492	2360	chrome.exe	82
PID 2360 wrote to memory of 4492	2360	chrome.exe	82
PID 2360 wrote to memory of 4492	2360	chrome.exe	82

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://exe.io
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff912129758,0x7ff912129768,0x7ff912129778
  2⤵
  PID:800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1844,i,16447146526403055485,1891889099467781422,131072 /prefetch:2
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1844,i,16447146526403055485,1891889099467781422,131072 /prefetch:8
  2⤵
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2156 --field-trial-handle=1844,i,16447146526403055485,1891889099467781422,131072 /prefetch:8
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2964 --field-trial-handle=1844,i,16447146526403055485,1891889099467781422,131072 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3108 --field-trial-handle=1844,i,16447146526403055485,1891889099467781422,131072 /prefetch:1
  2⤵
  PID:3096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4420 --field-trial-handle=1844,i,16447146526403055485,1891889099467781422,131072 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5028 --field-trial-handle=1844,i,16447146526403055485,1891889099467781422,131072 /prefetch:1
  2⤵
  PID:2636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 --field-trial-handle=1844,i,16447146526403055485,1891889099467781422,131072 /prefetch:8
  2⤵
  PID:3256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 --field-trial-handle=1844,i,16447146526403055485,1891889099467781422,131072 /prefetch:8
  2⤵
  PID:4160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5324 --field-trial-handle=1844,i,16447146526403055485,1891889099467781422,131072 /prefetch:1
  2⤵
  PID:2452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5488 --field-trial-handle=1844,i,16447146526403055485,1891889099467781422,131072 /prefetch:1
  2⤵
  PID:3620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4928 --field-trial-handle=1844,i,16447146526403055485,1891889099467781422,131072 /prefetch:1
  2⤵
  PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4548 --field-trial-handle=1844,i,16447146526403055485,1891889099467781422,131072 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4992 --field-trial-handle=1844,i,16447146526403055485,1891889099467781422,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3864 --field-trial-handle=1844,i,16447146526403055485,1891889099467781422,131072 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6120 --field-trial-handle=1844,i,16447146526403055485,1891889099467781422,131072 /prefetch:1
  2⤵
  PID:4700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6004 --field-trial-handle=1844,i,16447146526403055485,1891889099467781422,131072 /prefetch:1
  2⤵
  PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5944 --field-trial-handle=1844,i,16447146526403055485,1891889099467781422,131072 /prefetch:1
  2⤵
  PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5600 --field-trial-handle=1844,i,16447146526403055485,1891889099467781422,131072 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5588 --field-trial-handle=1844,i,16447146526403055485,1891889099467781422,131072 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 --field-trial-handle=1844,i,16447146526403055485,1891889099467781422,131072 /prefetch:8
  2⤵
  PID:4576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6232 --field-trial-handle=1844,i,16447146526403055485,1891889099467781422,131072 /prefetch:1
  2⤵
  PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6164 --field-trial-handle=1844,i,16447146526403055485,1891889099467781422,131072 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6364 --field-trial-handle=1844,i,16447146526403055485,1891889099467781422,131072 /prefetch:1
  2⤵
  PID:1892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5660 --field-trial-handle=1844,i,16447146526403055485,1891889099467781422,131072 /prefetch:1
  2⤵
  PID:2304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6368 --field-trial-handle=1844,i,16447146526403055485,1891889099467781422,131072 /prefetch:8
  2⤵
  PID:2904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6924 --field-trial-handle=1844,i,16447146526403055485,1891889099467781422,131072 /prefetch:8
  2⤵
  PID:3720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6648 --field-trial-handle=1844,i,16447146526403055485,1891889099467781422,131072 /prefetch:8
  2⤵
  PID:2800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6032 --field-trial-handle=1844,i,16447146526403055485,1891889099467781422,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:1188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6204 --field-trial-handle=1844,i,16447146526403055485,1891889099467781422,131072 /prefetch:8
  2⤵
  PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6160 --field-trial-handle=1844,i,16447146526403055485,1891889099467781422,131072 /prefetch:8
  2⤵
  PID:776
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe"
  2⤵
  - Executes dropped EXE
  PID:1068

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4932

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:3276

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:4440

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:1916

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
PID:996

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4452

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe"
1⤵
- Executes dropped EXE
PID:1728
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:4800
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2112
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4896
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4872
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
  2⤵
  - Executes dropped EXE
  PID:1416
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /main
  2⤵
  - Executes dropped EXE
  - Writes to the Master Boot Record (MBR)
  PID:1464
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe" \note.txt
    3⤵
    PID:4568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
195KB

MD5
89d79dbf26a3c2e22ddd95766fe3173d

SHA1
f38fd066eef4cf4e72a934548eafb5f6abb00b53

SHA256
367ef9ec8dc07f84fed51cac5c75dc1ac87688bbf8f5da8e17655e7917bd7b69

SHA512
ab7ce168e6f59e2250b82ec62857c2f2b08e5a548de85ac82177ac550729287ead40382a7c8a92fbce7f53b106d199b1c8adbb770e47287fc70ea0ea858faba6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
74KB

MD5
9803f15955d26c90ba1fe63dffd7293d

SHA1
f203c2e34084f217395e4877d465e4220376c5c9

SHA256
648a30c81d5149f64c4225f441c0a748dcf97da800c999af44d6cb34746b331f

SHA512
f28dff4263896889cc2c0d26839b4b12350a2c1b81f57aefa64b868d4141fc7d8535911cc21605c06948aa4337d1d2eff4f2eb4d24078782b44f5060b15f7e0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
40KB

MD5
d2d0c427f1d093c36a9fd6751a9a9d61

SHA1
dbd596ab1f2256ed3e3816be5eeb75d34f38f821

SHA256
b37bce0e0f504a7b54d3a01007169d4126c2a401be8f93afe35f665e62c3e34f

SHA512
b8418e074df9619ae62461b5c42fcc42d2ffb8b099e09ec0271bb481f8e1ad8d7655fd5149d8abdbce1d35226029f200623574946d6223df1c9c14c7824d63ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000044

Filesize
317KB

MD5
d9db88a97aae9e773567e35d236b9f8a

SHA1
1ccc9ac3eb194ef5514ddaedeafb1c636b0e20b0

SHA256
a78b2496280adcbb59ed65946b7bb4556b68b350dcb7dfb3db883d32a3b1276f

SHA512
45dc9818ae6cefd03e79761de3692bcc35e723f4a1f83bc555229fce9ddf1a0d2f8ba9b08eec38c70dbd8db79c3236801fd6e8b79f8c0e7bdb25873ab2fa66ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
62f1f6e62a046c79afbca86ce65073d0

SHA1
0e375f5713388d2db271257038a69ee3b87dfdc1

SHA256
6629473271c513749cb925404d1dc9582992f4e47101464680b27d44d28319ba

SHA512
cbf571338731664df62ec7e433bd5cd3a39b2a864a1ff6cb5a013ebe87a1a07e14464fc296aa253f32fe3188639510e0b8721f2e35982597ea51f5aa4761758f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
3a2410ffe0fe9cdcdab5db53100a91fd

SHA1
3d898fa1ad82d79bb058c63fe3970e8d56feecf0

SHA256
4028ca3f572dc054e44daff8193b5c537d216c77c80036ca3432cf0b2b8d4a17

SHA512
84053c7677c6ea7995fe4d1635ad75867c967e2d15d4a2f2c2d729cda66939e418892d30c0b687f6143934cc3743f4d1267dfa8195d4fb6cbeba80475cd6a98b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
f657863197ac79f388bd2c8a235abae6

SHA1
5408729d5bd046941dfcbbb889a940e336f4724c

SHA256
33038ebc45ba3711aba45fa0c03387c356fd41ee893e915571aed5ed6be62650

SHA512
35d976b7d52d864889a98cb4c834d538072e42a594ffd43296c544d6ab94d7202b2ba27290eb1db9bc3496127597484a57868ab0228ae5fe89dafceaf67f2210

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
1059782d3f6c7a835fc97f73db677a98

SHA1
7bd990bdd6bd72fb3195e96c422e56aa30bae7aa

SHA256
8d771c0f24d1376ac6d8b5abb05ac67730b2809084a08c692863255ed12f3a92

SHA512
4d4e1909a084c7cb837b7b252b70795814327adfd491cf37b0961f51cd20a9702f60033802d17cfba51dc30445856c327b9b46f2496b551a287e9de8ce9984a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
2151d2d20bfc4f95cbc5d933cb24a75e

SHA1
82949d8a77d7117163e1df08a58bab9ee97e2408

SHA256
0c39dda9c698d1f744032a46e2b4ba95814eea0efd12060938c78838169f7871

SHA512
c2e73313f241a154ba84cd512213e497b94635f54fbe06f2509dff5479cbed7e2cd6968c41ad4f2aaf7db6c45256ffa4bc71e60b8edc472be0e1aee9b14814a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
73365e1e9da4eaa678dc576f21cc6577

SHA1
6a5680eb7507568743b287aa26f05c737b0238d2

SHA256
0fc4cd085a0b8c597262c0806642d155f7da02c0387419ba1da4d15bba6b201e

SHA512
0821f933bff044769d77678c2f2f8943fde8b145cfffddb3a43b48982100eef313df52ca9126848ce4b5f69a133df3d6571dad13c1b7aed8fd8169c805a6d947

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
5a9ef8379ca37c9ec016f3a007c39d93

SHA1
1a945de8485f520f632a2943fb037102c4497cec

SHA256
f648203ea7625f02c4433bc800225773da8d6547bd8c5b838ec0556931c67624

SHA512
a499aaa9ea8d2da8a0bd5f77e07b876ad224d2e77e6cf491d0e845df46f6ed2293b853362fbb7ee95143c629b96c0c8ea7e2885c830d2d93ab929dc08656642e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
c42c223be0d45c6aea89932acec7b4c6

SHA1
e14472d1684b21eb867b821d76f33c20165fc641

SHA256
35532535dea74ac25a9b9b784ff7386b00177ffa57a89ac14ac0c0127d5dd9a1

SHA512
93845a3d59fb181a3ec11d006245af792649ac57b25f25732f832436a171fe1ad59819f6b409e7d4ae4c044d7cee59e2542a5f5c90cc9a3a27dad5319c517654

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
d7aa66b529484b4146e8f8ac566d9ea2

SHA1
990f2658a2f019a47b0204afe0f86d2379ff5acb

SHA256
07c5050e18e7b80090b55aaee049b1ea98867efaa7230334d84c2c9f21708dee

SHA512
a006f6029bfbce07b9378ae528b1521a6cefc722fa095cf1f9c0845730d23ab35f2a4b872fa68ac67fd7d936a17a428deca4109a993ecf226294aa16426cacf9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
9b1f2e1a47ed79e74269e0250213abea

SHA1
8831db132e7807313eada06b3ad44d175b80463c

SHA256
9661b4f07f4085cf969b64886f252e34b0b775f1877c1fa8a2e0c524ee5ccd15

SHA512
3368c5f297493ae6720685895e4e153e062af034d2fef820d0f053d913df9958feb467ff7cc572b7b5fa7ea66117577af85a2ee2d6182f3414f55f662cb0d25f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
d80fd5ab15c977c72e7b3c645df0448a

SHA1
6894b636287d4d5d1270d407e6a913f58edc58de

SHA256
7fb0b03e4e1a9a7adab50c24a6e3fd098c7647f6dc2adc24b7fd8666575178ef

SHA512
0f1f9991e54bb1dc3c9e97bb69bda99d86a676c540c0d7674737b1cc6c16da1ce3518b742fbc958cf62458fc2dbfa56f202e3d16a6eed9038cdf6b59d90f0f09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bce2f05e2aaa207b66698c12deecf8db

SHA1
37f6d671b750c4fa743eee08032599c7fc3ca34a

SHA256
cbce9aa166fb45093979361161a5cbfc00e3462de604c0a23b3689bdef3b41f4

SHA512
a42b827908a21a2b9da7cef5994210d2ed719e756d0a46476a8f3d966e867bc4a63adbef6d9b87a6554f01125e8b210639c9f40492119d6f56a829b5e7014b67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6e8dc505ee7ea2133fbca2599a14e1d8

SHA1
0b45832a0ede49708cb17124206ae01a706f8cd8

SHA256
08881a9123bd0d72a6527e5c0ac215b224b9e6614b7b963ad76cd4a2280b18bb

SHA512
1dc0a8516a3367385faf97e67634897a8001d3fb6fae512186dbb273bf40670b219359fa530eb049bea3f9af0f2beaa8bb7212a272f8db408f2b6e78ad904b53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
6327e13d4efa8c930d03f7e886efef02

SHA1
928dd04d7e548564c585083214d732d7d10108c9

SHA256
24eabd325eb2acc6e4a157626f051c1d4daa2e06e69ab1937f1566ad66599c3b

SHA512
3378d007cc5c1918e86c66fa6d3e64d571f4a71adcd4009d63e7422fbecb73ca99eb24dec6136e6ee39ad387496255c2a25d19563730906d74f8d91db22bf193

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c8efddb1856244f6facb344a163dfa4f

SHA1
703bbd9b1bd693d7e80cb6e88683ab48b429acf1

SHA256
0e326a13790f61a8d696a50c4f5d7c10dbe9f9fe5fd792d00412ed496335075e

SHA512
f2e9f104ebf21e67d90390dde227de991cad8689fcfeb9dfe873ff7ab66117f733ce0db9bc48a6ddbafb21feeb8e53da8c2babe15eb52494b9154ec96fb6435e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
f418e3b5602ce2310a0a44348f9f15ff

SHA1
40e4fca2fe5dbae9785cae5282a7682d185dc8e1

SHA256
c16aa40c8c29f8b0be1041359b9abc8d1f055ba5907e952d9b7a9689a7e62bdb

SHA512
686fb08911a11f724bd9dcc91d7067ed4a9d9e3537ae4b44bb9df3180b6acd48fe57cc384799efad7b30c91cb39a04d797135a1bc0f503df394c9fd7efe83f56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
14528b48a968995f3a6c6f196283ec8a

SHA1
020a3496a8797f35115f9715ef8c768a3d542e39

SHA256
e578bb546aeb6ad7aaccef2b3b1069ac9bed8958749e3b0618bcec3aab88dfe2

SHA512
74836a902588fd32e4ec717cf42f03ff2a5875e37d99e52de2f386e039a447eb4cb516e06f6ee951d5d459db2c070cc9a3ffbaefc4e221d306d285046c0e3fca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
a7d71547a9659325f5ef768c6c99bf38

SHA1
ad0468467239992ab32636bf5bafaea9a652cac9

SHA256
777e1b50a2bc478e23db08ca43223daf280bc31ee2139a08b7ce23d156ec2c70

SHA512
2affd08a0a7b1fc13e09c8b795f83cfbc2bf7c207cafff3815f2d53f9524a85f97d9ed44cf49638fed66686d38b1995116fb3145c5d2d67b456e862ffd070410

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1beb1e5ccf234f374326a918cb14a324

SHA1
99999b8201918fed88587e11e2c50df924215826

SHA256
3e4e777f2cfec541bf7b7e564ef78d6f7a4590320adfdbba1b57e18545dc4508

SHA512
bb14cb67dcdac9799aadaadc23db1b0ca43176fdd6e39c0bc44a22cbf940bff4e721b7401bc0dcd77ebc0c4a82357916130e51c7fa6cba3dc293d007a1b8e6cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c5077d1976134fd6a0726421eeb4f1fa

SHA1
6b1887e0d4553d901d3754e5e3d8f873485af117

SHA256
314ba8c46969857582e08782f99c8f7ffba2bd4f7ebe65ec9f7a4b9cbe1ff697

SHA512
d226dd93465b7bb157a09dc544dde1a39fc7adf88ec84ef56dc7d262666ad6203935cee40c9095ee56d27ded8c0222be04bf9556f6aa5038df06f4e860a8019b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
4753a3c1b37e210bddbbb3fa12a70ffc

SHA1
a955b1826e0f5c7c5af8f03f756377cb3e5c5a72

SHA256
7895e716e4017402718d1bbd58ee5ab0e7d21d79986b5dedbb144def33b8d3f1

SHA512
3e1220755443fb7183bad743b6fd6d8a7de187f875b3e0edc2493f7e87ee85c11517f2ddd0e934b522d6e54e23f4b7e3028b39e555013b0ebb3c0759bdb2aefb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d15431528ac38e31547b1d38e3a428dd

SHA1
57555db59ff8b6122a65d13d755d43570d2422c5

SHA256
b873b2dee95989c9128ed675b124a19aa91c1317f1989f4d512fe24dcf33af4c

SHA512
a3bf0b2a218b470c70d8c969863165ac9fa11c8c7b46b6c006729127fa37eeae01122f9c51dcc9d994327a2ec282cc403948de52be3eabced48c3f67a15420eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
fb2a51d24653978506d6147593e920fa

SHA1
ee6e29de6b2cd6f1167e81985a0d0ca8dfac76d7

SHA256
3c120c9a4d8684b8ff5e852e3ebb645dcb299b4087c2d654e18291fc27ffee79

SHA512
7dfe29ec6454a972a12c9bdc487b4523f1e3fe44a0c24754dd7d1d26cfdba31a2cb02e41f90d8c7ac30451c760c1ecb6386ab10ba62a61869a43a274a07b570b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ec14515e2517f68feafa65b34870a68b

SHA1
963173892aed0f58f303dc8cf5e05f65c79b214e

SHA256
7419028da0c30efa5999ceb5bf329a2fb57a2e30dab05d196ba0a6396c4783eb

SHA512
4549a5778b8d07b57c5ffcf66acf325e3628a29637bc228c17ee0425684fd8a26016b7dfd26fcfed3570fd071a37b5a68bf90b28cd6b478ea6087a394bdbab67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
09df92db65018c5fab0707085d280fc9

SHA1
abe445f9adf84bed91fa5ea51e6a47c7f00da681

SHA256
030943d4638740e19259605e4b703b739ccbe823201150440835efd363b12a6e

SHA512
c5c7d81b33123c370520af4423c2d43c821abb59672c9106f77987e1aa7ac56a7b550b13758923e2e6b47d82603bc0ba38561d1316da51556a1cb07e26738528

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
4ed1b54e2a1a98f217b4ff2a7e819881

SHA1
a31afe449dec2a0e4bcb10b50160facaeda72903

SHA256
fde38d7d94f7a3f9dfb313df35162f050d2b4569991c89de4cc5a80178a6350e

SHA512
ba052d46c03e854d31a7ec056e171f5d6d2d00bf5b8f402599495002eb14c695b7c174af422e4384ce04090c2079fc34895425bfb2d7d4e6eee3da26c7cfc80a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
81517aaaf42405ac8af9d46c859a0f1c

SHA1
dbdee18cbfae9b61de60e07eb551963936490123

SHA256
3d3c205e7bf1a4cb2f385bf39582dc8b910dc08dab636392d3a9143e6dbe5095

SHA512
734a18054c279657581403dc6b56809c95740cc583395ce3ef290bf0b13a2117fd9b0c9867f991c6ac357055551b5796a8c6cb4b7e8ca810a99bc6bc03570224

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f8e6bfb4360a433a0d1ea66c96a19860

SHA1
587012d10fb1dd7aa1913b9de44d8bbea89856f9

SHA256
154097784bc0f2c0708d569f150c51dbb5548bceb1648d372d6037dcc96ba876

SHA512
c3d35c73515e4bd321c2bf440a5a84fa98fad709548cab4f6aa2b7cd2462e43e055f716b422087850ce4ae8eaa35ec7d421f4b6d945cb16fb4f03d681b326128

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
3426e20f39f0d383d616642414f909eb

SHA1
07fa272c3ee7588b122f9628b08d22ba634163cb

SHA256
24e984ba085efe695bd4452d036f4696e3b9733f949c1483ac253b26ed1e7ab8

SHA512
32fd0db312ad360def9f1c0c90d8ba9719a40feee50d79e1b3ff8be1a298b3f1859864e668128aab0b77615c64ae594f08982f64f6ec0c5dc9f9c515b1e1b8c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
94275bde03760c160b707ba8806ef545

SHA1
aad8d87b0796de7baca00ab000b2b12a26427859

SHA256
c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968

SHA512
2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
8e9e2e8fc9e9a839a52b008150be7bb9

SHA1
59f385978b51ef2e98abebe7f72c3c43485c2300

SHA256
287489b7af9b862863e3e84bfbd5d89360a7642effcb850206107d8aea481c0d

SHA512
e269efe1e6bbaa13e3ac8a58475b32aede4b42e3f80d6252042e6abdcd8247458de9882359b48abc2bab9007fdcc46a05e7e62c940e0b9678047c4d2a48cf6b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5a7428.TMP

Filesize
120B

MD5
b46767a0ee0a2a79f6c66a877b3f88be

SHA1
e848d9e6d4f00695a1a4d7eebb1a02a152c55285

SHA256
5a4e4cb78f738609e6849d489afaf547d60b854b838ecf9eace35896576474f5

SHA512
396f318d0d2b867f1ffa29e862ed251276f4b40badda80ede6006366262182ec3f2cfe1f2e4a94e060fd3af2d717876768abf3cdce2ebb791eeedf1f404ed4d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
f367fbcb566193fc920181662b479c9a

SHA1
04dd489f7407b513df5aa744696f0a1d1676b3a4

SHA256
3deec3dac5e3ee12f06808850bc55b4e9f03298fe7a9224f90e602fc79a0c086

SHA512
24e7f67a2575a3bbad4dc9aea4c4602d2a451f372c53d652920e6f1e09e286c97bbaa0e7e879d63e1f3b02cbf13eba02b8e1abcc7d33f713d97d00c211fc3dd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
126efb5feb386afbac2dd71e0e01add6

SHA1
dda0719386a70a9e15bfde56dcb30d4f168f7604

SHA256
88811b1024d216794a33ee7d2a43627ff01554cda9b224108f844233604a312b

SHA512
b0404c77dda640a4e9d9e9572d4391f2c54596ea81f0da0b19a164e86a80f0762a93474105f5101049e9e08107564fa1c4c8408effac3f9df08d2fe1926560f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
94KB

MD5
f7e404f0e466cfc7348812054da042b0

SHA1
e4fb8f62c2dd6d5a8bf530d2169417a742c26615

SHA256
1d9e1932d89d2901daeddb39453e028611aedd8ea91d2d48bbe3f1247b987f4d

SHA512
b0055d31f942e7d20494cd8aab86455d31fcc2a8b9620b6c850d6fe3050112cfd462545116dacf498916aa0d8a019f8303363fc43618c1c1f1743e18bac21516

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5a3029.TMP

Filesize
93KB

MD5
8fc4edb1ee35b29612a9f10f523067c3

SHA1
efe3a5d43d0c85f4dd4a01811d1c1d758e1614b7

SHA256
1fa543d1c95345ce24ad595edc7ff2c13bbbe53f02a12747690f06b098ae541f

SHA512
8e6b98e3f58098f1a634c208401269f133f5ed86e86795bd030e7f2181f82c2607e61fc77462ceddc59dcf62ecf7650fb3366a12e780ea0ec067c51230e094bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe

Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit