28358e4aabf4a4f1d0fd93badb9325f2a9b7586ef2db60106550c0ac459c9e0d

Resubmissions

18-04-2024 19:30

240418-x7t3aaea4z 3

18-04-2024 19:27

240418-x55q1adh8v 3

Analysis

max time kernel
356s
max time network
335s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
18-04-2024 19:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aa.jpg
Size

91KB
MD5

ebb0041d79a4459d0b8821e7a7d797d6
SHA1

d46a758da82b233cccfc7ee1dd2fa5cef9a02779
SHA256

28358e4aabf4a4f1d0fd93badb9325f2a9b7586ef2db60106550c0ac459c9e0d
SHA512

d90786bbff170a792ea6da0bca4b68eaa80238b1b9eb4b83e0036760e978bb2bdcb0264e44094015ca69319a4c8d6c305706330999fca6d4ccf48b2c0dcc9537
SSDEEP

1536:1dDF/5o2URzdYigpFz3zlNeucEXh/Gj8l99fBYH8wT3ZAepD4rhhzn2QD:1z/5o26g3XlNe1EXhr99Zk8HepD4rPD

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133579422555990511"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3198953144-1466794930-246379610-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe
Token: SeShutdownPrivilege	1532	chrome.exe
Token: SeCreatePagefilePrivilege	1532	chrome.exe

Suspicious use of FindShellTrayWindow 37 IoCs

pid	Process
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
4304	MEMZ-Clean.exe
3688	MEMZ-Clean.exe
1792	MEMZ-Clean.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1532	chrome.exe
1792	MEMZ-Clean.exe
1792	MEMZ-Clean.exe
4304	MEMZ-Clean.exe
4304	MEMZ-Clean.exe
3688	MEMZ-Clean.exe
3688	MEMZ-Clean.exe
3688	MEMZ-Clean.exe
3688	MEMZ-Clean.exe
1792	MEMZ-Clean.exe
1792	MEMZ-Clean.exe
4304	MEMZ-Clean.exe
4304	MEMZ-Clean.exe
3688	MEMZ-Clean.exe
3688	MEMZ-Clean.exe
1792	MEMZ-Clean.exe
1792	MEMZ-Clean.exe
4304	MEMZ-Clean.exe
4304	MEMZ-Clean.exe
3688	MEMZ-Clean.exe
3688	MEMZ-Clean.exe
4304	MEMZ-Clean.exe
4304	MEMZ-Clean.exe
1792	MEMZ-Clean.exe
1792	MEMZ-Clean.exe
4304	MEMZ-Clean.exe
4304	MEMZ-Clean.exe
3688	MEMZ-Clean.exe
3688	MEMZ-Clean.exe
1792	MEMZ-Clean.exe
1792	MEMZ-Clean.exe
4304	MEMZ-Clean.exe
4304	MEMZ-Clean.exe
3688	MEMZ-Clean.exe
3688	MEMZ-Clean.exe
1792	MEMZ-Clean.exe
1792	MEMZ-Clean.exe
4304	MEMZ-Clean.exe
4304	MEMZ-Clean.exe
3688	MEMZ-Clean.exe
3688	MEMZ-Clean.exe

Suspicious use of SetWindowsHookEx 9 IoCs

pid	Process
1792	MEMZ-Clean.exe
4304	MEMZ-Clean.exe
3688	MEMZ-Clean.exe
1792	MEMZ-Clean.exe
3688	MEMZ-Clean.exe
4304	MEMZ-Clean.exe
4304	MEMZ-Clean.exe
4304	MEMZ-Clean.exe
4304	MEMZ-Clean.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1532 wrote to memory of 3308	1532	chrome.exe	93
PID 1532 wrote to memory of 3308	1532	chrome.exe	93
PID 1532 wrote to memory of 1768	1532	chrome.exe	94
PID 1532 wrote to memory of 1768	1532	chrome.exe	94
PID 1532 wrote to memory of 1768	1532	chrome.exe	94
PID 1532 wrote to memory of 1768	1532	chrome.exe	94
PID 1532 wrote to memory of 1768	1532	chrome.exe	94
PID 1532 wrote to memory of 1768	1532	chrome.exe	94
PID 1532 wrote to memory of 1768	1532	chrome.exe	94
PID 1532 wrote to memory of 1768	1532	chrome.exe	94
PID 1532 wrote to memory of 1768	1532	chrome.exe	94
PID 1532 wrote to memory of 1768	1532	chrome.exe	94
PID 1532 wrote to memory of 1768	1532	chrome.exe	94
PID 1532 wrote to memory of 1768	1532	chrome.exe	94
PID 1532 wrote to memory of 1768	1532	chrome.exe	94
PID 1532 wrote to memory of 1768	1532	chrome.exe	94
PID 1532 wrote to memory of 1768	1532	chrome.exe	94
PID 1532 wrote to memory of 1768	1532	chrome.exe	94
PID 1532 wrote to memory of 1768	1532	chrome.exe	94
PID 1532 wrote to memory of 1768	1532	chrome.exe	94
PID 1532 wrote to memory of 1768	1532	chrome.exe	94
PID 1532 wrote to memory of 1768	1532	chrome.exe	94
PID 1532 wrote to memory of 1768	1532	chrome.exe	94
PID 1532 wrote to memory of 1768	1532	chrome.exe	94
PID 1532 wrote to memory of 1768	1532	chrome.exe	94
PID 1532 wrote to memory of 1768	1532	chrome.exe	94
PID 1532 wrote to memory of 1768	1532	chrome.exe	94
PID 1532 wrote to memory of 1768	1532	chrome.exe	94
PID 1532 wrote to memory of 1768	1532	chrome.exe	94
PID 1532 wrote to memory of 1768	1532	chrome.exe	94
PID 1532 wrote to memory of 1768	1532	chrome.exe	94
PID 1532 wrote to memory of 1768	1532	chrome.exe	94
PID 1532 wrote to memory of 1768	1532	chrome.exe	94
PID 1532 wrote to memory of 2452	1532	chrome.exe	95
PID 1532 wrote to memory of 2452	1532	chrome.exe	95
PID 1532 wrote to memory of 4108	1532	chrome.exe	96
PID 1532 wrote to memory of 4108	1532	chrome.exe	96
PID 1532 wrote to memory of 4108	1532	chrome.exe	96
PID 1532 wrote to memory of 4108	1532	chrome.exe	96
PID 1532 wrote to memory of 4108	1532	chrome.exe	96
PID 1532 wrote to memory of 4108	1532	chrome.exe	96
PID 1532 wrote to memory of 4108	1532	chrome.exe	96
PID 1532 wrote to memory of 4108	1532	chrome.exe	96
PID 1532 wrote to memory of 4108	1532	chrome.exe	96
PID 1532 wrote to memory of 4108	1532	chrome.exe	96
PID 1532 wrote to memory of 4108	1532	chrome.exe	96
PID 1532 wrote to memory of 4108	1532	chrome.exe	96
PID 1532 wrote to memory of 4108	1532	chrome.exe	96
PID 1532 wrote to memory of 4108	1532	chrome.exe	96
PID 1532 wrote to memory of 4108	1532	chrome.exe	96
PID 1532 wrote to memory of 4108	1532	chrome.exe	96
PID 1532 wrote to memory of 4108	1532	chrome.exe	96
PID 1532 wrote to memory of 4108	1532	chrome.exe	96
PID 1532 wrote to memory of 4108	1532	chrome.exe	96
PID 1532 wrote to memory of 4108	1532	chrome.exe	96
PID 1532 wrote to memory of 4108	1532	chrome.exe	96
PID 1532 wrote to memory of 4108	1532	chrome.exe	96
PID 1532 wrote to memory of 4108	1532	chrome.exe	96
PID 1532 wrote to memory of 4108	1532	chrome.exe	96
PID 1532 wrote to memory of 4108	1532	chrome.exe	96
PID 1532 wrote to memory of 4108	1532	chrome.exe	96
PID 1532 wrote to memory of 4108	1532	chrome.exe	96
PID 1532 wrote to memory of 4108	1532	chrome.exe	96
PID 1532 wrote to memory of 4108	1532	chrome.exe	96

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\aa.jpg
1⤵
PID:2612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffeccebab58,0x7ffeccebab68,0x7ffeccebab78
  2⤵
  PID:3308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1936,i,8264225397210212117,6931410478247401652,131072 /prefetch:2
  2⤵
  PID:1768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1936,i,8264225397210212117,6931410478247401652,131072 /prefetch:8
  2⤵
  PID:2452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2124 --field-trial-handle=1936,i,8264225397210212117,6931410478247401652,131072 /prefetch:8
  2⤵
  PID:4108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3064 --field-trial-handle=1936,i,8264225397210212117,6931410478247401652,131072 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3100 --field-trial-handle=1936,i,8264225397210212117,6931410478247401652,131072 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4384 --field-trial-handle=1936,i,8264225397210212117,6931410478247401652,131072 /prefetch:1
  2⤵
  PID:904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4544 --field-trial-handle=1936,i,8264225397210212117,6931410478247401652,131072 /prefetch:8
  2⤵
  PID:1516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4200 --field-trial-handle=1936,i,8264225397210212117,6931410478247401652,131072 /prefetch:8
  2⤵
  PID:4496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4800 --field-trial-handle=1936,i,8264225397210212117,6931410478247401652,131072 /prefetch:8
  2⤵
  PID:2344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4828 --field-trial-handle=1936,i,8264225397210212117,6931410478247401652,131072 /prefetch:8
  2⤵
  PID:668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 --field-trial-handle=1936,i,8264225397210212117,6931410478247401652,131072 /prefetch:8
  2⤵
  PID:1332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2768 --field-trial-handle=1936,i,8264225397210212117,6931410478247401652,131072 /prefetch:1
  2⤵
  PID:3264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3412 --field-trial-handle=1936,i,8264225397210212117,6931410478247401652,131072 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3472 --field-trial-handle=1936,i,8264225397210212117,6931410478247401652,131072 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4240 --field-trial-handle=1936,i,8264225397210212117,6931410478247401652,131072 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4196 --field-trial-handle=1936,i,8264225397210212117,6931410478247401652,131072 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4444 --field-trial-handle=1936,i,8264225397210212117,6931410478247401652,131072 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=1900 --field-trial-handle=1936,i,8264225397210212117,6931410478247401652,131072 /prefetch:1
  2⤵
  PID:2280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4360 --field-trial-handle=1936,i,8264225397210212117,6931410478247401652,131072 /prefetch:1
  2⤵
  PID:452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5196 --field-trial-handle=1936,i,8264225397210212117,6931410478247401652,131072 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4908 --field-trial-handle=1936,i,8264225397210212117,6931410478247401652,131072 /prefetch:8
  2⤵
  PID:3520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 --field-trial-handle=1936,i,8264225397210212117,6931410478247401652,131072 /prefetch:8
  2⤵
  PID:2336

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4872

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3316

C:\Users\Admin\Desktop\MEMZ-Clean.exe
"C:\Users\Admin\Desktop\MEMZ-Clean.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1792

C:\Users\Admin\Desktop\MEMZ-Clean.exe
"C:\Users\Admin\Desktop\MEMZ-Clean.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3688

C:\Users\Admin\Desktop\MEMZ-Clean.exe
"C:\Users\Admin\Desktop\MEMZ-Clean.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4304

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x154 0x49c
1⤵
PID:2936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

Filesize
40KB

MD5
56e6be029d77f578e709c24b614846c9

SHA1
489c375c9f3497c386174d83cad05129e537ba2f

SHA256
25f1d7fee2bd9cf97933b907f627a6ff47534b2ad58fb99676f17b472fb1cbba

SHA512
efe69b930590d01364af98e68539d8bda4538ca7becb19b8b38f6ad6838c3f42778bd5625afb6f76c12aa360b6d3a13d42419bc0a198cd4c043852130a90e8bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

Filesize
67KB

MD5
6e52a644708109836adae5b691622755

SHA1
fa6729b150828dba23c6cadd92c6b524529ccb9e

SHA256
9584d23dd0aed936a7ebb26fa2c9683d6f2290978cd080768924ec4a9202db9e

SHA512
6f8dfb1240cc28056181eaaccb156801493867a919f7c9ae386dd971eb08525d82876fedcdedb387bc7b42bae5896d0868c4ff813bb0e8db9f8fb98811d5dbbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
3820e6b79e4f8544e952a4e4363d0d82

SHA1
015c3bfc25084b49826e7cfc7ec7dbba9020df25

SHA256
d7f5b611b65e41a872c9a191a0d32f757db9613db9d94440697aa2f3f099a47c

SHA512
bf0e2b0f0a59b8a4a28e0bb0240e56f78422a1f3be670c8a1850fa7d67f8eabbeccba02bd2c330455311593215733c929a371533fc8d51c7328d6a40741692c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
99ba32154e14f9442d4fc6d538823a4b

SHA1
b314fe443f8e3594484d8705a5fa6f8f229c1615

SHA256
663254880e10aadfd141cd80ace21fc0b979fb1f9baae2df15031ab6c7c2b132

SHA512
44ebbbbeca3b90720b995ae7859aa584b9c6bb5df559976f37c62d3370c6321ea519bb694364e0a4a010e559d63ba88b527da0c8657f5059062ded5cd2f24798

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
a96fa4abb1c6725b72c5871093b7db51

SHA1
572b18e5d46fc792a4674a4c4cddfe58e8aff9a8

SHA256
7a88b42cb432274bb77796ad54a938c71730b8b7bcd6735433b4953094269cb9

SHA512
817e2cd25b662f4168f9aa7f4d58e76c19caf3200ed83a2d3a08e30b6d2278ed087949d738d5c5c36dd01a83ca27d29de7c521ded62d772a47bedb2be86f6130

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
7c1edc99c36690d2cb2bad7b946d49c9

SHA1
f1e4bdc854a669590958b5cc5b37d8991e099d33

SHA256
bd772d6d572d03ef2fe7bf1c2c8d64242fcbb3275957e073fa729efefec0d0cb

SHA512
224475f9f9c2864a90e9e4711aa8daa9af0387de7bfc83d9d5844b45c8e017cede56f7b178cf5aee446849789210ff809f16df019b8b322650c1ca66642ca50b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
3d89e16c93b0d2b0bc9bd4f4acc59aa0

SHA1
30a997302467605bc7ce532cff767ce187c46eb0

SHA256
8c05e56e496fc3f369ad0dc34be8bb5bc9117f22d60f2db458d245db54ac8108

SHA512
170ca5c0039e11635834ba801dfee5c67e97b8feae88b43c0d4f7603c5e0939000cc89a98b4142aea4e0eb581b9048736edad22308c4233892b9621e0098a3e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fe8e6447e3e114f3114f964325c938d2

SHA1
7ef3ccebc67c47f2edb28c0d0e1cc73abd1d754f

SHA256
2302e1110a936a5e62578856f874e2b120057953963bc56a5bda2bcf0ce0683a

SHA512
c87457476346a90fd1bd7f24ec475b14b674971c819516cae3c7ca7ffd7cbaf76b6666ac197a2c4a6d8fdfcca0980556f554a541601ccd14c52d5dfa346e31ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ff309b5335dba29d1fcd93095acaafc2

SHA1
6957c2dfc8f19745c70398feaa81a41e7b7ffd3d

SHA256
4d09d35c68159e41d593e8c4ead1cf392b80989e24cbae415726bc7e7d7228f6

SHA512
1635266407f755df1639bca57d8413b30449dc43830f07a6ef53a2d931364e28a52b038354c8bfc4a83167cab24f115c2603001bef20547326ddc27270470779

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5f81e1bb595fbcae1aa9b865b99202bd

SHA1
86176554b9dd7578a0842ed7e0e6bc7681b8b207

SHA256
f453da017cb98d472cc460062df4e8bf231b5d25241ce822f87fe52f13026173

SHA512
a786713b62dd0167126a7c01ede924482e5e0f40c0760d5f33ab6b88d7c7da9f8d77739052252d53a327dfd7a3a2622b207c34cb8c5c2a6639d8f5b4ada451ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1d546b241a989151a1ea3ff52960af46

SHA1
ee738628d70a522eb7e3f292586d65181946e17b

SHA256
352bf3d893a04ee2ba8b34a891bcbb8cd52063885af63c01c702548a28775d06

SHA512
ea381cfcaa0cfe4da8f17a6933a7c1aa21e892b296f6e01ebe54138dc299fe12fa2f8c15669ea7075303fb1d38199e9ac2c4bb71ae8a3d823e5f44f343fde706

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9a27f46f5cda4b53843d854e0a463cbd

SHA1
7d2130e8f5b8cac58b38c49f04bfb5a998ad4ff6

SHA256
f51df34a679803ad67de31ab72a1645022c59c16f9f5de9396f7396f9162dc90

SHA512
ecf1ba69346f2b1f60b35e9e92fa6ec7062f51ca0c7b7b29ac5b003f913c6a8de1b957ee3ea676a41d89a294b833d05c290b0844e9a18a89adf6574bb228eb09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
652ea00f3dcf803f2b4b78b2429e0383

SHA1
97b5decbb0ee37603374b7d963448264277cac06

SHA256
17ba166742f2f84b7de741b8821c0cb4b57c3a086e6a23d4651d19374d53c94d

SHA512
bf725e0daca9599ae5288c617bdf5e6ba72bb3775de22cd0e7c31a0cdd89db5b3d81bdffe4091270eea92ea01806d3d3fe3bb96c22409e82a2f40a4fcf86cf9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
4f8e8f58c4bf41b3d7cab41ed25ed05a

SHA1
70b7fd05219257617400b80d6023cd6427e2e609

SHA256
301cef7a8670232613392ad826761ba93b92520b774fd691e300118816181070

SHA512
fdb8603c78a975cd9b34b9848d01d3a6058e3d7e1cc92a067077a519c67e22a1c587353c1087a91bdcb923d305d958503d7449102d2b3143db5c5b584e853e2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
25a99569d5ae3bd2eb9f432ce82252ac

SHA1
3a18e891c6daecec108f2b0562946723e873a09a

SHA256
15257406ecb8b4d406bf81521e1c6887624c8d2cb94ee45be26a4c6708e9063d

SHA512
26d5085d36041469a2a7c1dc766fe59114de7dee447c372687740e77ca288ced5d8e7abba61a88e3283c43ceace7bbbcf96fd09039cf0433ec98b92fd2f39cab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
7e40e2b57032f28a254d503841175a50

SHA1
f29b9ed65edd821cd3962edf0930e1a1f89bf3af

SHA256
e019e2c7b80166737ef8c5d08a950d87a89274088281e2ed875e35f587f3e389

SHA512
dd1a7abea317aa4b80f0d68bb71f8aab804ebfb818bc36188f2902322f83629461461ac30239fe5dc9944c4957cbf0c690a9d41b4195f5f29224f692aedfab8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
5b441ebde2169bed4ffb638dbacacb30

SHA1
4c059af8fa43a7a5ebebe752cf517bd7295e35f9

SHA256
9fb0c57570f5770add1cce1fa46574b6ed1540538255fe7fc48165e300f26db6

SHA512
150dcb26722d0fe00e26e8a0e3f05354816eae067c036d2786f05ed7709b999bd1fb0c7929c16cc3303f080a39dbe45a9e10bd95c084572b2903745053bee331

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
33ef326c1e8eb7fb238a1f2497daa16e

SHA1
82fcb90e17cc9273bc13fbef0a06f8bc4076d929

SHA256
b40439cb9b1c02e949a6b21f224c959269ace4a41f89cc5f9aa41366afb62326

SHA512
e2a6aca13b3c8d12da1ee43a1feb6107b5f18fc4d7044adb69e7d551d2b839fbecf008f3f02e090d5896cc980a7d3010c3d65c586184ec97eb1e3aaa049ee05a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe586d5b.TMP

Filesize
120B

MD5
cb619b93ba64ee2f84b0f5c510e01d33

SHA1
c9504e41f57b503c4b0f61853458174de376276e

SHA256
c7c41e38d0c246d4222b551913da876aaa69478521d2fc8ac51a23dbb749bece

SHA512
8712b342dd739a35dc78378453b7b202f8e485a924dbae5d4b2f48acf9f2ae95b2ae962f2b0e697ec063bb6b9fb9be59d1ae08a8bee382c06d7183ffb3a41991

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
252KB

MD5
ef0832629449857f1faeec1e338d29b2

SHA1
eda5a489ae02b0754e62970167b83ceca61f81c6

SHA256
54231e3e935eb535452c9a5a049098e94a5de98e2e272a8701f08b1c7106abf2

SHA512
36685999f76728261b76e1551c9ea26d0c74e2769789f4625a9a9ada381d8ee538df5f8d35fbb08d7c1a343b6d388867a7063913ea591c6133e67ebfc02b8f7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
252KB

MD5
9231e84c9239c6bac0aab479ab5d6067

SHA1
b519551829fb3066fb6ed283fe68fa59bd9c7cf6

SHA256
9668a3b201316b586d426d932fbeaf410ddf91c52f527dd5a14ba534d77a0ae4

SHA512
c5ad1a828361709653fbe9e0db27740783868288658f0419753bf67080c2b2659c915afb4d244a1c90d931ab947f423e2f1549cba61d8326c0dff272fdadd30d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
252KB

MD5
ca8725cf9906118914b12ad0f7b95b76

SHA1
74653455142335929b7400321a46b30b41cc3594

SHA256
27142e7718951227d493703edd59d0a5412c3156a4a3f0b768812d601835127c

SHA512
3094418a604211db16235cf9a04eeb4ca95175058c185dd257b6406bacfa21271cd4ffb5863bd83d178b6da2aac0ed41a3c96ed862b8eecbc9e6b06835230cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
252KB

MD5
81e1539111447d3665d84e6ef0046f61

SHA1
f7c6296bf6ffe472639c9bd236f735fbfeb378e1

SHA256
651e4abbdb27b9787f80d4450e7bf9e6b72b2eb0b169097e35383be53a855176

SHA512
86bac7c9aadba5c787f96967448ff2f0b45b94e0c1b0c1f561812bf627b4cb72c7437b1988a2e81d39adacaf533eea5fdd88a257d596b1ad49cc1c7b54b9c23b

Download Submit
C:\Users\Admin\Downloads\MEMZ 4.0 Clean.zip

Filesize
12KB

MD5
8f40ab355ce87d20b87de8b224242bfc

SHA1
15fe66eced37a3a90821464702725e408644af77

SHA256
2f1c3f37c6468ebb385731ae5867a7a142ebd58cbb6791f3208a19504cc7e822

SHA512
3c1add73c2d1d83e08df101af0fcdeb524b7037f5b16c2cb5aef9fb5e6a1b5fc56398bf69b5379bb1181ddd6da0f930aa9b5c9cb05522d062e9f95b47ed301d2

Download Submit