Analysis

  • max time kernel
    132s
  • max time network
    145s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240412-en
  • resource tags

    arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    22/04/2024, 07:27

Errors

Reason
Machine shutdown: "{\"level\":\"info\",\"time\":\"2024-04-22T07:30:36Z\",\"message\":\"Dirty snapshot: /var/lib/sandbox/hatchvm/win11-20240412-en/instance_15-dirty.qcow2\"}"

General

  • Target

    https://link.brawlstars.com/en?extlink?action=voucher&code=page=https://a9fm.github.io/lightshot

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 9 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 41 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 34 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of SetWindowsHookEx 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://link.brawlstars.com/en?extlink?action=voucher&code=page=https://a9fm.github.io/lightshot
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1556
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdf66bab58,0x7ffdf66bab68,0x7ffdf66bab78
      2⤵
        PID:1076
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:2
        2⤵
          PID:828
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:8
          2⤵
            PID:1136
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2136 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:8
            2⤵
              PID:4720
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2996 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:1
              2⤵
                PID:3016
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3004 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:1
                2⤵
                  PID:1212
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4452 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:8
                  2⤵
                    PID:4036
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4508 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:8
                    2⤵
                      PID:248
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4464 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:1
                      2⤵
                        PID:1196
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3084 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:1
                        2⤵
                          PID:3100
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4080 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:1
                          2⤵
                            PID:3160
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3140 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:1
                            2⤵
                              PID:4240
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3536 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:1
                              2⤵
                                PID:1164
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4528 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:1
                                2⤵
                                  PID:2748
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4172 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:1
                                  2⤵
                                    PID:4396
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3156 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:1
                                    2⤵
                                      PID:4124
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3096 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:1
                                      2⤵
                                        PID:2176
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4580 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:1
                                        2⤵
                                          PID:4948
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4264 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:1
                                          2⤵
                                            PID:1584
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4684 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:1
                                            2⤵
                                              PID:1620
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4456 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:1
                                              2⤵
                                                PID:908
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4580 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:1
                                                2⤵
                                                  PID:2120
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4708 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:1
                                                  2⤵
                                                    PID:4748
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=3860 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:1
                                                    2⤵
                                                      PID:2136
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4672 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:1
                                                      2⤵
                                                        PID:3552
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4444 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:1
                                                        2⤵
                                                          PID:4048
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4656 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:1
                                                          2⤵
                                                            PID:3924
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=4192 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:1
                                                            2⤵
                                                              PID:1436
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=3536 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:1
                                                              2⤵
                                                                PID:3980
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=4764 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:1
                                                                2⤵
                                                                  PID:4396
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=4936 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:1
                                                                  2⤵
                                                                    PID:3120
                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5080 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:1
                                                                    2⤵
                                                                      PID:5116
                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=5028 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:1
                                                                      2⤵
                                                                        PID:4816
                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4136 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:8
                                                                        2⤵
                                                                          PID:4748
                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4224 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:8
                                                                          2⤵
                                                                            PID:3488
                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5236 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:8
                                                                            2⤵
                                                                              PID:4644
                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5232 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:8
                                                                              2⤵
                                                                                PID:3160
                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=4696 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:1
                                                                                2⤵
                                                                                  PID:2584
                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=2152 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:1
                                                                                  2⤵
                                                                                    PID:2480
                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=4552 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:1
                                                                                    2⤵
                                                                                      PID:2556
                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=2208 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:1
                                                                                      2⤵
                                                                                        PID:4536
                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=4700 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:1
                                                                                        2⤵
                                                                                          PID:832
                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=2632 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:1
                                                                                          2⤵
                                                                                            PID:5112
                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=4700 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:1
                                                                                            2⤵
                                                                                              PID:2428
                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=5168 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:1
                                                                                              2⤵
                                                                                                PID:3552
                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=4320 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:1
                                                                                                2⤵
                                                                                                  PID:4048
                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=4260 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:1
                                                                                                  2⤵
                                                                                                    PID:4220
                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5448 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:8
                                                                                                    2⤵
                                                                                                      PID:1780
                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=5444 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:1
                                                                                                      2⤵
                                                                                                        PID:3372
                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2704 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:8
                                                                                                        2⤵
                                                                                                          PID:3120
                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4200 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:8
                                                                                                          2⤵
                                                                                                            PID:2008
                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5328 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:8
                                                                                                            2⤵
                                                                                                              PID:5108
                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=5032 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:1
                                                                                                              2⤵
                                                                                                                PID:2504
                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=2224 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:1
                                                                                                                2⤵
                                                                                                                  PID:5052
                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=2160 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:1
                                                                                                                  2⤵
                                                                                                                    PID:2816
                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5112 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:8
                                                                                                                    2⤵
                                                                                                                      PID:3224
                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4980 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:8
                                                                                                                      2⤵
                                                                                                                        PID:232
                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:8
                                                                                                                        2⤵
                                                                                                                          PID:1436
                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4248 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:8
                                                                                                                          2⤵
                                                                                                                          • NTFS ADS
                                                                                                                          PID:4692
                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5404 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:8
                                                                                                                          2⤵
                                                                                                                            PID:3352
                                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2664 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:8
                                                                                                                            2⤵
                                                                                                                              PID:3056
                                                                                                                            • C:\Users\Admin\Downloads\MEMZ.exe
                                                                                                                              "C:\Users\Admin\Downloads\MEMZ.exe"
                                                                                                                              2⤵
                                                                                                                              • Executes dropped EXE
                                                                                                                              PID:1552
                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1460 --field-trial-handle=1748,i,16984136597786062953,7274197582980415387,131072 /prefetch:2
                                                                                                                              2⤵
                                                                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                                                                              PID:2824
                                                                                                                          • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                                                                                                                            "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                                                                                                                            1⤵
                                                                                                                              PID:3112
                                                                                                                            • C:\Windows\System32\rundll32.exe
                                                                                                                              C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                                                              1⤵
                                                                                                                                PID:4552
                                                                                                                              • C:\Users\Admin\Downloads\MEMZ.exe
                                                                                                                                "C:\Users\Admin\Downloads\MEMZ.exe"
                                                                                                                                1⤵
                                                                                                                                • Executes dropped EXE
                                                                                                                                PID:3840
                                                                                                                              • C:\Users\Admin\Downloads\MEMZ.exe
                                                                                                                                "C:\Users\Admin\Downloads\MEMZ.exe"
                                                                                                                                1⤵
                                                                                                                                • Executes dropped EXE
                                                                                                                                PID:3224
                                                                                                                                • C:\Users\Admin\Downloads\MEMZ.exe
                                                                                                                                  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
                                                                                                                                  2⤵
                                                                                                                                  • Executes dropped EXE
                                                                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                                                  PID:840
                                                                                                                                • C:\Users\Admin\Downloads\MEMZ.exe
                                                                                                                                  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
                                                                                                                                  2⤵
                                                                                                                                  • Executes dropped EXE
                                                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                                                  PID:1316
                                                                                                                                • C:\Users\Admin\Downloads\MEMZ.exe
                                                                                                                                  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
                                                                                                                                  2⤵
                                                                                                                                  • Executes dropped EXE
                                                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                                                  PID:872
                                                                                                                                • C:\Users\Admin\Downloads\MEMZ.exe
                                                                                                                                  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
                                                                                                                                  2⤵
                                                                                                                                  • Executes dropped EXE
                                                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                                                  PID:4516
                                                                                                                                • C:\Users\Admin\Downloads\MEMZ.exe
                                                                                                                                  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
                                                                                                                                  2⤵
                                                                                                                                  • Executes dropped EXE
                                                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                                                  PID:1208
                                                                                                                                • C:\Users\Admin\Downloads\MEMZ.exe
                                                                                                                                  "C:\Users\Admin\Downloads\MEMZ.exe" /main
                                                                                                                                  2⤵
                                                                                                                                  • Executes dropped EXE
                                                                                                                                  • Writes to the Master Boot Record (MBR)
                                                                                                                                  PID:3632
                                                                                                                                  • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                    "C:\Windows\System32\notepad.exe" \note.txt
                                                                                                                                    3⤵
                                                                                                                                      PID:3208

                                                                                                                                Network

                                                                                                                                      MITRE ATT&CK Enterprise v15

                                                                                                                                      Replay Monitor

                                                                                                                                      Loading Replay Monitor...

                                                                                                                                      Downloads

                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

                                                                                                                                        Filesize

                                                                                                                                        165KB

                                                                                                                                        MD5

                                                                                                                                        f1e41151a38a26c9258d8701ecaccba6

                                                                                                                                        SHA1

                                                                                                                                        dd5a051e06ec769a9ce25f05cea759d8d6a31914

                                                                                                                                        SHA256

                                                                                                                                        aded510c842cf36451d1bd8d7edd27cb6e83475a0cc326bbadd1828d9d3f4054

                                                                                                                                        SHA512

                                                                                                                                        27f7d07a4b363f30d3bccb36c53562dd4bc5394479fd1a25e69791022848ff7f8c0d824887779eb4187a57fdc837875e02c2fc0f8dc63d176fd48c2ecd829dfc

                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                                        Filesize

                                                                                                                                        3KB

                                                                                                                                        MD5

                                                                                                                                        b3189bbdffa4d84234709663baa50ed5

                                                                                                                                        SHA1

                                                                                                                                        0c8e6f2e97a8cd4d7f61ddca8110a22205c397af

                                                                                                                                        SHA256

                                                                                                                                        37d17018abb531ed41451df5158dd269c3e82be8beefd17f821dba30f5f454f4

                                                                                                                                        SHA512

                                                                                                                                        1f049aef61e6199d06420469e6fcfb9297efe9bdbd8645f13683c6ffdc71c86787e68bc16723eb3c1f8ae9c8f2da946c24cd99e6746c0d541b534a3359e75242

                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                                        Filesize

                                                                                                                                        264B

                                                                                                                                        MD5

                                                                                                                                        efffde07e3b72dc98e58724dcecc991e

                                                                                                                                        SHA1

                                                                                                                                        993e10bff8da84eb3f2e8b496caba1b5fff17737

                                                                                                                                        SHA256

                                                                                                                                        fe3007bba12218c477aac7fbb55fdbe6dc1fea2ee095662ed19ed8e6f5fa21d9

                                                                                                                                        SHA512

                                                                                                                                        9b378dc586fe144c7c6a20e2672e0aa0654feb30989b2ad0aadd1317dd149ce4916f079d5405995e9fc70f85d781ec127fedeb90b26962c5a815b95801443a0b

                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                                                        Filesize

                                                                                                                                        5KB

                                                                                                                                        MD5

                                                                                                                                        b04f1e432adac1ca9877ec0a9bf799dc

                                                                                                                                        SHA1

                                                                                                                                        5092b7cc2de30fbe7b9c7fcadb1665f1f91b4ec6

                                                                                                                                        SHA256

                                                                                                                                        f0c7aa220d5b9763c4b537e6f2e01777acd26fb0613a024fbc75fef76d4b2445

                                                                                                                                        SHA512

                                                                                                                                        07f7354edc0a31aec56edf624388d0932ffe6cd8989b9a0a857e5af065cb1a7d99f6fb0a07b589674df3840b7dd6496345a7ca9c6ad21d84bbe3f353820d4ded

                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                                                                                                                        Filesize

                                                                                                                                        2B

                                                                                                                                        MD5

                                                                                                                                        d751713988987e9331980363e24189ce

                                                                                                                                        SHA1

                                                                                                                                        97d170e1550eee4afc0af065b78cda302a97674c

                                                                                                                                        SHA256

                                                                                                                                        4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                                                                        SHA512

                                                                                                                                        b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                        Filesize

                                                                                                                                        1KB

                                                                                                                                        MD5

                                                                                                                                        cbc72b0651e1d916c4d1c4f582bcc62b

                                                                                                                                        SHA1

                                                                                                                                        012e0c2d5808600a736d674c9d6ed0c03959b631

                                                                                                                                        SHA256

                                                                                                                                        eabe129a0495e125e67c6cf9ca24313e5c99f76c4e75f0526b3f664213afc35e

                                                                                                                                        SHA512

                                                                                                                                        8e5a59abceb6a62f0c21cad8dccc05b16073e16a96526f29e65cd6c1397cecd4e8ffcdceeb6b25eec305a13eabf1a33b54cf3905d248d57c22cca6cd7e87fa7e

                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                        Filesize

                                                                                                                                        2KB

                                                                                                                                        MD5

                                                                                                                                        d41d5ceeb58c0621402ebd050e445352

                                                                                                                                        SHA1

                                                                                                                                        8782b38515480e4732986b3f1f8c9a6bdcce0c55

                                                                                                                                        SHA256

                                                                                                                                        e1dfd23a3cec58a5f3d8c3ac08840b181b53789e468dfeb2af9a532a4d914d05

                                                                                                                                        SHA512

                                                                                                                                        54febdbe4f61a7fe046fbee56aaaded2464ae3c307755f90bd9d13c9b2adbce422e7a2c8caf31c4563af9e9494604235233f114b6fe16b83f665b3d29c6f76ae

                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                        Filesize

                                                                                                                                        2KB

                                                                                                                                        MD5

                                                                                                                                        633cfc1d248ed3b2c24eb22910986c82

                                                                                                                                        SHA1

                                                                                                                                        bcd1710aaa3dc4784dbaaf6675f4d3647d0c1bd7

                                                                                                                                        SHA256

                                                                                                                                        3f8316545c5b9d8cbd85262692cd34aff59c07fbfec82306cb4d59e181f4601b

                                                                                                                                        SHA512

                                                                                                                                        b5bf63edd6b6a6b24b1c0dcacfcbda85d2c46bea8798dd0cdbec8051f89d3ae90f26321d69ef73ce972c069d015e8bd3568552db70497e55fd8f5e5e17ee6da3

                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                        Filesize

                                                                                                                                        1KB

                                                                                                                                        MD5

                                                                                                                                        303fefabdc622abdb0d6002ae109db86

                                                                                                                                        SHA1

                                                                                                                                        f4231a7618fc36d49064b670843dd0bb1717c42b

                                                                                                                                        SHA256

                                                                                                                                        5a3c433169eb804bb63cf28916cb34d531d8df009ddea04300beba1a181b3365

                                                                                                                                        SHA512

                                                                                                                                        2ea8f401809cd8733d5057dd658f387ddbbcc05949862e2c137cccc85514c7e402346883c33b0e08b960147b51e5c2dc6b6fba736b523eb37c432f09c3bac658

                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                        Filesize

                                                                                                                                        2KB

                                                                                                                                        MD5

                                                                                                                                        5c675ad868db757623c43f7e9e31d3d2

                                                                                                                                        SHA1

                                                                                                                                        09299fce98c80f1744ff4f0dc2cd4cec678e8f4a

                                                                                                                                        SHA256

                                                                                                                                        6e75015824740f864e854722621d8fe52f32d9838173647176f1b1686c6d579f

                                                                                                                                        SHA512

                                                                                                                                        a62c674fc17ff4b089b47a6d1df3dfe396547bee2edd517bd638d3da56d1d4acd62cf5a241089f1b859d72b6d039e787e86407082e6c69ee85cc489d608bddcc

                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                        Filesize

                                                                                                                                        1022B

                                                                                                                                        MD5

                                                                                                                                        2903eee3090890d460dfb24671c8883a

                                                                                                                                        SHA1

                                                                                                                                        8fb10db063673ba87d580501489c86b5368d2b9c

                                                                                                                                        SHA256

                                                                                                                                        ebbf451f29cd0353c319776ddbfda5946c1ab74653d97fa2ea7157af7fe27058

                                                                                                                                        SHA512

                                                                                                                                        fb577877549aaea573154a30e5d6b55ffb5a794d7f5c534a266b95165e4bea2efd464d4031f626f2b7b0f3b73aaf3271121f13411bacf73526102ecdd334ed61

                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                        Filesize

                                                                                                                                        1022B

                                                                                                                                        MD5

                                                                                                                                        a27a71304de9cbd618c81e3f8f7cc3d1

                                                                                                                                        SHA1

                                                                                                                                        6c15b20e865f92b8d00b323461026d231d0c2843

                                                                                                                                        SHA256

                                                                                                                                        6ffd8660d5c51d5f7b984dbda1b7ee1f3d77b89f1d5aebd91a527ab7d78847e3

                                                                                                                                        SHA512

                                                                                                                                        b4276d821c588c794ef1c0187aa03d87bac321329e7a2320f2fee3cbb656911c069d39b09768ee0420a2e505e4eba3acd9c7bc198360a9225fef353d61f94b96

                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                        Filesize

                                                                                                                                        8KB

                                                                                                                                        MD5

                                                                                                                                        f1ffbf80491ef82cf4af98118dfa327a

                                                                                                                                        SHA1

                                                                                                                                        669fc42c9a5297156aa78f8f54fd2e680088425f

                                                                                                                                        SHA256

                                                                                                                                        2db6fbf010141b2c1222c0ee1907ee6db09424e0f7a0ce779ec398c81acd7791

                                                                                                                                        SHA512

                                                                                                                                        41a23fc7e4ffbd25d90d97ff8ee4538b422c11a61d63bc9700b9bf049ed911125a30fef3d6eddcbb17bae6eda0defc52da5c44350c493ba34bc9eac7f9ae9b91

                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                        Filesize

                                                                                                                                        8KB

                                                                                                                                        MD5

                                                                                                                                        73f0dac3dc3d8f8780a2116631001b6d

                                                                                                                                        SHA1

                                                                                                                                        1caf04115074019514ed97cabe4efe6835f3e698

                                                                                                                                        SHA256

                                                                                                                                        14521f86f4a53dbf7bbf01a2c035c55eb15857858a71663cf31df7cbd2cb7899

                                                                                                                                        SHA512

                                                                                                                                        93308e1e68cc1696c97bc39dd03d063a5fe1a36bbb1380a6bebec29a32056f784e8a0c42b24065abfbfacbe47adae8943c087689fd06bae123ebdd0e313046e3

                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                        Filesize

                                                                                                                                        7KB

                                                                                                                                        MD5

                                                                                                                                        b8a18c3045c50e2875ac2137bac32058

                                                                                                                                        SHA1

                                                                                                                                        10a51ce1a6fee80cb37884664a6f9ee6e7e07223

                                                                                                                                        SHA256

                                                                                                                                        252ce03ca2530086378bf83882241817facf45a4d39a5277b57102bd77bb631b

                                                                                                                                        SHA512

                                                                                                                                        9d7c4df5b6453ceb2de71c8ea1d6e00022c873d8c4a6992a20be951a1518a33014d0eec66c7ab4e7860d7976eb60fe81d0768c62767bee1c39378574248f5bbc

                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                                                                                                        Filesize

                                                                                                                                        56B

                                                                                                                                        MD5

                                                                                                                                        ae1bccd6831ebfe5ad03b482ee266e4f

                                                                                                                                        SHA1

                                                                                                                                        01f4179f48f1af383b275d7ee338dd160b6f558a

                                                                                                                                        SHA256

                                                                                                                                        1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

                                                                                                                                        SHA512

                                                                                                                                        baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57fabb.TMP

                                                                                                                                        Filesize

                                                                                                                                        120B

                                                                                                                                        MD5

                                                                                                                                        16ec11571e32c0d6a560baa4aee2d517

                                                                                                                                        SHA1

                                                                                                                                        b3392d72bb1b211b17a1e553fe3ff7fef277cff5

                                                                                                                                        SHA256

                                                                                                                                        f54ec7a816bcee2ef26d780b2dd5b738011ca17988fcf286e70540881f44aa4a

                                                                                                                                        SHA512

                                                                                                                                        c330f56d85b865ba8e39224eceab53e2368e5164bbab7ed6ecd421bdadc1dcf0db8557c0f3e3e302b65b0e37f0c11ccdade81ae8a420bd75b7c4c1fd0148cee2

                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\aab3ce0d-775b-4ab9-8c07-0eb7c983ca0c.tmp

                                                                                                                                        Filesize

                                                                                                                                        7KB

                                                                                                                                        MD5

                                                                                                                                        36ccbe64f833d4fa786b15a190b1fed7

                                                                                                                                        SHA1

                                                                                                                                        02d5099039db39b5c500dd28a8a580d1ae2e3727

                                                                                                                                        SHA256

                                                                                                                                        972eb2647d6d1cc4ba002321d9d72d7b028099bf856bf9f2e20682ff4bed58b1

                                                                                                                                        SHA512

                                                                                                                                        438eeb4d4af335cec76deabbfc4ff4756499338cbeb18bc0cabe63d1f6269cc57ea6b0bbb9871318ff953c28faf5d6497b2cc1b8b0689483941811cb85109202

                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                        Filesize

                                                                                                                                        127KB

                                                                                                                                        MD5

                                                                                                                                        35dc6a8e1af71746efb204f5e0e7384d

                                                                                                                                        SHA1

                                                                                                                                        9949b6c7a98f3ae640875f242ad468beb836eb27

                                                                                                                                        SHA256

                                                                                                                                        84a04e6d91391e5d24f1da13b188bbb660eed3095794c06e7f241e5c02f34d02

                                                                                                                                        SHA512

                                                                                                                                        4e292b347aa77a48de7c4e255da059658e4b17441638afdcd194a340b8215c87499bbeb78c01df2273cb88357b2bd6894fb502c194627075de1588aae8678cd9

                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                        Filesize

                                                                                                                                        127KB

                                                                                                                                        MD5

                                                                                                                                        d932cd788e2554ce7966b82155961f2c

                                                                                                                                        SHA1

                                                                                                                                        af44ceb763c459a6678db3f04e3afecc2bc37be7

                                                                                                                                        SHA256

                                                                                                                                        0c7df8dde0b64990274dd1865eaf96a7ebae21437a160772fecbf74029520129

                                                                                                                                        SHA512

                                                                                                                                        59156e15a659cd0391e20654ef44769c8b7e1650fbe5d3acf4edf699777be0721df39f093fe507fa9864a20a9d73c264d523a1a077442d832919e81bebad6f87

                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                        Filesize

                                                                                                                                        127KB

                                                                                                                                        MD5

                                                                                                                                        486372d4432ba72807cc2c7af1723a8c

                                                                                                                                        SHA1

                                                                                                                                        c8e62ef8fc4c93a632d997071ce83c37f840ccf1

                                                                                                                                        SHA256

                                                                                                                                        8883f72c661042f4459b179e4c1fcf0fb85456463d5959e38f2c71aba4e45ee5

                                                                                                                                        SHA512

                                                                                                                                        ee173658e8471da45d2f5873186fd56ad145e76266d26d298b52b88a66562d4ec39fb253579935786d0a4b03a815421d0e88011963a6c33adaf12e37a2d91b82

                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                                                                                                        Filesize

                                                                                                                                        98KB

                                                                                                                                        MD5

                                                                                                                                        e5d36c3a437a6877b5234e8fdf66e22e

                                                                                                                                        SHA1

                                                                                                                                        ef8cfa4730e2f29202d47e64d1d9022a03096dd4

                                                                                                                                        SHA256

                                                                                                                                        86107f48508c3c0ddfd4f6e5ed685927af582da8f45c25d1c72b3ba08047bf62

                                                                                                                                        SHA512

                                                                                                                                        da3effbc7cc15fa42155ced4beb8b7439f95598633974a71fb85d378200a1053abcd7fdc36c89df1f3bd2c7c73ac95123cd87130beb05ed827e587f53c38e3ad

                                                                                                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58a40b.TMP

                                                                                                                                        Filesize

                                                                                                                                        82KB

                                                                                                                                        MD5

                                                                                                                                        b982c3007b4e5a689a981379d9f06a23

                                                                                                                                        SHA1

                                                                                                                                        b6fc74f1bafc5e88d58fc7769b0c76ec5dbb69ce

                                                                                                                                        SHA256

                                                                                                                                        a0be7f7c4cfe3201c1d42b623046165c33fa3a072bea1834bca6ab9ade8dfd52

                                                                                                                                        SHA512

                                                                                                                                        be1fa9d55288a6df37c3b9a9082592cd7983bee87f1cde42f33082ec885ab505c23be95bd987b9d852d7610699eb92a6c2d635f4cfbb0bac1db850d2a7e3bb6f

                                                                                                                                      • C:\Users\Admin\Downloads\MEMZ.exe

                                                                                                                                        Filesize

                                                                                                                                        16KB

                                                                                                                                        MD5

                                                                                                                                        1d5ad9c8d3fee874d0feb8bfac220a11

                                                                                                                                        SHA1

                                                                                                                                        ca6d3f7e6c784155f664a9179ca64e4034df9595

                                                                                                                                        SHA256

                                                                                                                                        3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

                                                                                                                                        SHA512

                                                                                                                                        c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

                                                                                                                                      • C:\Users\Admin\Downloads\MEMZ.exe:Zone.Identifier

                                                                                                                                        Filesize

                                                                                                                                        55B

                                                                                                                                        MD5

                                                                                                                                        0f98a5550abe0fb880568b1480c96a1c

                                                                                                                                        SHA1

                                                                                                                                        d2ce9f7057b201d31f79f3aee2225d89f36be07d

                                                                                                                                        SHA256

                                                                                                                                        2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1

                                                                                                                                        SHA512

                                                                                                                                        dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6