306c25338f9e60e9feec7fb572840c8b3aaf65fcfc159cf664911fdb846f04f6

Analysis

max time kernel
102s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25-05-2024 15:28

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

KeyMap.exe
Size

1.2MB
MD5

a643068f9fcc0a06da23567a4c7e1b9b
SHA1

fd4b1b814f9802aa15b3cfdd86eea66af2d95ff4
SHA256

306c25338f9e60e9feec7fb572840c8b3aaf65fcfc159cf664911fdb846f04f6
SHA512

96665bf2adb5f1a38004c6e6e7d7383476237d1ff10e36f7b6e55cb918fefa636876277fe6cb26221f354d817b97ffe38003f3908b671020d0fe8efcf709a2e2
SSDEEP

24576:hdofGAmSIQ177wZ+A7MjiiRDXU/Sat5RgsLSmIOHsU5zMmX1xYwncqKvGqU:hdofGbSIQ177wZvYjiiRDXASat5RgsLS

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1542.003

Processes:

MEMZ.exe

description ioc process

File opened for modification \??\PhysicalDrive0 MEMZ.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exechrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133611245269084219"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

chrome.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid	process
4960	chrome.exe
4960	chrome.exe
4980	MEMZ.exe
4980	MEMZ.exe
4980	MEMZ.exe
4980	MEMZ.exe
4692	MEMZ.exe
4692	MEMZ.exe
4692	MEMZ.exe
4692	MEMZ.exe
4980	MEMZ.exe
4980	MEMZ.exe
4084	MEMZ.exe
4084	MEMZ.exe
4084	MEMZ.exe
3904	MEMZ.exe
3904	MEMZ.exe
4084	MEMZ.exe
4980	MEMZ.exe
4692	MEMZ.exe
4692	MEMZ.exe
4980	MEMZ.exe
1396	MEMZ.exe
1396	MEMZ.exe
1396	MEMZ.exe
4980	MEMZ.exe
4980	MEMZ.exe
1396	MEMZ.exe
4692	MEMZ.exe
4084	MEMZ.exe
4084	MEMZ.exe
4692	MEMZ.exe
3904	MEMZ.exe
3904	MEMZ.exe
4980	MEMZ.exe
4980	MEMZ.exe
4980	MEMZ.exe
4980	MEMZ.exe
3904	MEMZ.exe
3904	MEMZ.exe
4692	MEMZ.exe
4692	MEMZ.exe
4084	MEMZ.exe
4084	MEMZ.exe
1396	MEMZ.exe
1396	MEMZ.exe
4980	MEMZ.exe
3904	MEMZ.exe
4980	MEMZ.exe
3904	MEMZ.exe
3904	MEMZ.exe
3904	MEMZ.exe
4980	MEMZ.exe
4980	MEMZ.exe
1396	MEMZ.exe
1396	MEMZ.exe
4084	MEMZ.exe
4084	MEMZ.exe
4692	MEMZ.exe
4692	MEMZ.exe
4980	MEMZ.exe
4980	MEMZ.exe
3904	MEMZ.exe
3904	MEMZ.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

Processes:

chrome.exemsedge.exe

pid	process
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe

Suspicious use of AdjustPrivilegeToken 48 IoCs

Processes:

chrome.exetaskmgr.exeMEMZ.exe

description	pid	process
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeShutdownPrivilege	4960	chrome.exe
Token: SeCreatePagefilePrivilege	4960	chrome.exe
Token: SeDebugPrivilege	4708	taskmgr.exe
Token: SeSystemProfilePrivilege	4708	taskmgr.exe
Token: SeCreateGlobalPrivilege	4708	taskmgr.exe
Token: SeShutdownPrivilege	3904	MEMZ.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

KeyMap.exechrome.exemsedge.exetaskmgr.exe

pid	process
2752	KeyMap.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
2752	KeyMap.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
4708	taskmgr.exe
4708	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

KeyMap.exechrome.exemsedge.exetaskmgr.exe

pid	process
2752	KeyMap.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
4960	chrome.exe
2752	KeyMap.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
2832	msedge.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe
4708	taskmgr.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

KeyMap.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid	process
2752	KeyMap.exe
2752	KeyMap.exe
4980	MEMZ.exe
3904	MEMZ.exe
4084	MEMZ.exe
4692	MEMZ.exe
4692	MEMZ.exe
4084	MEMZ.exe
3904	MEMZ.exe
4980	MEMZ.exe
4692	MEMZ.exe
4980	MEMZ.exe
4084	MEMZ.exe
3904	MEMZ.exe
3904	MEMZ.exe
4692	MEMZ.exe
4084	MEMZ.exe
4980	MEMZ.exe
4980	MEMZ.exe
4692	MEMZ.exe
3904	MEMZ.exe
4084	MEMZ.exe
3904	MEMZ.exe
4692	MEMZ.exe
4084	MEMZ.exe
4980	MEMZ.exe
3904	MEMZ.exe
4084	MEMZ.exe
4980	MEMZ.exe
4692	MEMZ.exe
3904	MEMZ.exe
4692	MEMZ.exe
4980	MEMZ.exe
4084	MEMZ.exe
3904	MEMZ.exe
4980	MEMZ.exe
4084	MEMZ.exe
4692	MEMZ.exe
3904	MEMZ.exe
4980	MEMZ.exe
4692	MEMZ.exe
4084	MEMZ.exe
3904	MEMZ.exe
4980	MEMZ.exe
4692	MEMZ.exe
4084	MEMZ.exe
3904	MEMZ.exe
4980	MEMZ.exe
4692	MEMZ.exe
4084	MEMZ.exe
3904	MEMZ.exe
4980	MEMZ.exe
4084	MEMZ.exe
4692	MEMZ.exe
3904	MEMZ.exe
4980	MEMZ.exe
4692	MEMZ.exe
4084	MEMZ.exe
3904	MEMZ.exe
4980	MEMZ.exe
4084	MEMZ.exe
4692	MEMZ.exe
3904	MEMZ.exe
4692	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4960 wrote to memory of 4968	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4968	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3628	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3628	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3628	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3628	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3628	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3628	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3628	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3628	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3628	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3628	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3628	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3628	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3628	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3628	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3628	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3628	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3628	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3628	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3628	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3628	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3628	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3628	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3628	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3628	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3628	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3628	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3628	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3628	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3628	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3628	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3628	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3320	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 3320	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4660	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4660	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4660	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4660	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4660	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4660	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4660	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4660	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4660	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4660	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4660	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4660	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4660	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4660	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4660	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4660	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4660	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4660	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4660	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4660	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4660	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4660	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4660	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4660	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4660	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4660	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4660	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4660	4960	chrome.exe	chrome.exe
PID 4960 wrote to memory of 4660	4960	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\KeyMap.exe
"C:\Users\Admin\AppData\Local\Temp\KeyMap.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2752

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0x80,0x108,0x7fffff6aab58,0x7fffff6aab68,0x7fffff6aab78
2⤵
PID:4968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 --field-trial-handle=1952,i,7646796261337166788,8008573332113805887,131072 /prefetch:2
2⤵
PID:3628

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1952,i,7646796261337166788,8008573332113805887,131072 /prefetch:8
2⤵
PID:3320

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2252 --field-trial-handle=1952,i,7646796261337166788,8008573332113805887,131072 /prefetch:8
2⤵
PID:4660

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3100 --field-trial-handle=1952,i,7646796261337166788,8008573332113805887,131072 /prefetch:1
2⤵
PID:616

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3108 --field-trial-handle=1952,i,7646796261337166788,8008573332113805887,131072 /prefetch:1
2⤵
PID:3296

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4340 --field-trial-handle=1952,i,7646796261337166788,8008573332113805887,131072 /prefetch:1
2⤵
PID:1188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4164 --field-trial-handle=1952,i,7646796261337166788,8008573332113805887,131072 /prefetch:8
2⤵
PID:5044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4604 --field-trial-handle=1952,i,7646796261337166788,8008573332113805887,131072 /prefetch:8
2⤵
PID:2904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 --field-trial-handle=1952,i,7646796261337166788,8008573332113805887,131072 /prefetch:8
2⤵
PID:4108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4852 --field-trial-handle=1952,i,7646796261337166788,8008573332113805887,131072 /prefetch:8
2⤵
PID:4452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4852 --field-trial-handle=1952,i,7646796261337166788,8008573332113805887,131072 /prefetch:8
2⤵
PID:2972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4756 --field-trial-handle=1952,i,7646796261337166788,8008573332113805887,131072 /prefetch:1
2⤵
PID:5000

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4256 --field-trial-handle=1952,i,7646796261337166788,8008573332113805887,131072 /prefetch:1
2⤵
PID:3404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4548 --field-trial-handle=1952,i,7646796261337166788,8008573332113805887,131072 /prefetch:1
2⤵
PID:2140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4364 --field-trial-handle=1952,i,7646796261337166788,8008573332113805887,131072 /prefetch:8
2⤵
PID:2940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4324 --field-trial-handle=1952,i,7646796261337166788,8008573332113805887,131072 /prefetch:8
2⤵
PID:1896

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1812

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1472

C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe"
1⤵
PID:4488

C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4980

C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4692

C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4084

C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3904

C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1396

C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ-virus-main\MEMZ-virus-main\MEMZ.exe" /main
2⤵
- Writes to the Master Boot Record (MBR)
PID:5080

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
3⤵
PID:992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=is+illuminati+real
3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fffffab46f8,0x7fffffab4708,0x7fffffab4718
4⤵
PID:372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,12917493479953003055,6079806574407201785,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
4⤵
PID:1992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2212,12917493479953003055,6079806574407201785,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
4⤵
PID:2116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2212,12917493479953003055,6079806574407201785,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
4⤵
PID:1908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,12917493479953003055,6079806574407201785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
4⤵
PID:1572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,12917493479953003055,6079806574407201785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
4⤵
PID:1896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,12917493479953003055,6079806574407201785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
4⤵
PID:4236

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,12917493479953003055,6079806574407201785,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3564 /prefetch:8
4⤵
PID:4396

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,12917493479953003055,6079806574407201785,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3564 /prefetch:8
4⤵
PID:4072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,12917493479953003055,6079806574407201785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
4⤵
PID:4964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,12917493479953003055,6079806574407201785,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
4⤵
PID:3504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,12917493479953003055,6079806574407201785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
4⤵
PID:4852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,12917493479953003055,6079806574407201785,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
4⤵
PID:3268

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1356

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1368

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4708

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
c760271958fc8fcc1345bd9eb3d249ea

SHA1
c8155d2905121d78ec4a5900e42ba0fbb5eac000

SHA256
9b1799e8d857194a70cdf2f552289c1ab19f0a02fb5c5f4f8a85965d731dd8d5

SHA512
3a6ccbc39d63cdfad9ab0870c972c6f1ed3d5ec9e7269f608f52066deb7b87ed7d4fca14102ffdb231101d88eebfdd19e6d861f7cc93f5fc3a9a3a13c5b2b7a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
fa6a1c8619c0d7e544290c5ee93ba770

SHA1
38bd046221acbae241e3f96abcbed25adb62f89c

SHA256
66d103f27a899fc53f3fe446e6a13eec247d762775326e7a15cba87cc59cfd6d

SHA512
a1451eaa97c76a047447fffdf935bbe2803058306272ebaed9456b0b5555d13925c48b1fc8c79f16956f67e9b6a985a4396af560f379b836a7b207c935df9c37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
80d78ae01ece163fe1d61228ddefb3bc

SHA1
564cad6f0ea2d34fb9c508186935109baa67cc7f

SHA256
4e5ea2776442227f8fd7148362291866f25475ba2a3ad22f5f97923c206d6c53

SHA512
0d048c4bf337cabe0515ec1f34dfc3e94514bb9a50a9b2254661832367f72144085431f36aba3b968f3407c3b80eebba6c20cee41895dbc2da585fd96acfcb0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
851B

MD5
6a9dbe7fd8b2bd8f85ee6a891e7b8dd8

SHA1
49f6d8d6721e4b12e1da639ff11592de71889108

SHA256
7d972110143e232427d79a33b0e484d494361700fc42fc01f600ab0e7d7b5b65

SHA512
298e4c4b6e106350285bc8568e1503ed02ac08a57e9223418fc796a6ea957e0e9a7b4bb00ab5305d61c92214d419fdcf418a7f01dca20a536cae926ed683b201

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
12682e5c1821cbc311ff17d50373a3a1

SHA1
63de4974713e403abfea302f8826b010ca4bec50

SHA256
c6e43da19d4d2120bdbdfbf8e3073a642988ba88514ac22817fdac84a504d5a7

SHA512
2836e2e1b3295d270ccaf154c07cf8c8fdd81a3ed8cb2b7d2b5fd8a00f78e484467bf4a0899ca9e6b92447b199d3c0214d04c124027fe7f1e0794b65376962bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
28bb8b70073f590bbe9dbe3f8e035c42

SHA1
d9f6d4fb5e1d2fc2477eaf30ce3a91e160026f92

SHA256
78327ae043a13edd7dec911e303b23ea4d707fbdaf0ee8b6d4028dde6a5406f3

SHA512
4711666bacdf785133af377c1a1c54a323e71503137ed502f58676a3253a266934bb363f442b248c0e47b17a2ee0d39f220f19c801fe6713df59c13b3568c631

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
3c5e22b9d4f5ad8322b33a99a6419d38

SHA1
beb7a184abcdc86e20631838ff7e63c7fa0e9a6e

SHA256
c9b4e47ab57b5428e3499472f9e781cc54b5471f3726989eb33d940961b53a5a

SHA512
0f5a7e106113d0514a96500e1787313cb534f8b468ba798cd8ee5fd1ecf385457b22ab459143578d7286013224f4f35ecf0c9711f8480e52113c5ef16416182b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
39e40a18414dfebe970d5002a3cb8f46

SHA1
f78fc6a84e231f49622eec0e1213d65ce874d954

SHA256
418a8e7590e51a0c5b1bdc093fb47d3304cb7989ab32aa042240c835c642d811

SHA512
ce933450cd9d059b1c212f837aa1014e6eb2fba3c406ecc053d3c15b66f5885f182d394a5507992bfaabfb0676b9d9f02183098ccbb9d66e7c42b685cc045211

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5787fc.TMP
Filesize
120B

MD5
62af4484b991e93d7f9e6ef6f284864a

SHA1
25b2668fa0fba1b6374362a451287aa44812ea57

SHA256
36865cfc81cd460c67da870f0eb3096f8c18e864238fc6c0b079b03a5356aacb

SHA512
c32890232e8fb0de9f9958218284d76e8cb282ed839fef5308a45a48bb1f38767be5771e9dc55afc50120d1844cce9d24949a5b5f18cc65ff0af1529147c3137

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
257KB

MD5
71a7e7b1442bc666a19fe2d7bac24989

SHA1
9f80c5d4824a65b64b03061cd30e68ff1f41a6dc

SHA256
d19caba803c11db21cc27cf65947d12fe592d7bc82dcde580737e4b449222bf1

SHA512
3ad6c2aa95d201d11e47fc42aee7cea91ef5a4f3381d51e06828b4bb0a45be66ce3a2d174cd4c1f6eb085146c127c6a6c435a14a239ea82528fd6c8d54a36677

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
262KB

MD5
3700c41547553054345044cdd2c046ed

SHA1
80eb0bfbd5a5a3d501e844965a7cd6384e2ef5b5

SHA256
1a376fd6e214507d60af8c232277ea89c84a1bcaf5c65fc8df61ca4fed199fbe

SHA512
882ca5e8a3af5c438017b591d44053c02911b7c3a341558bee24a21547ef2dd4920710ce940ecfb8fa6db55f10d31f22a640c8fe87fb80b3d47057d8a9e6d95a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\be8ceb19-5c36-401f-ae7d-b3072beeb822.tmp
Filesize
262KB

MD5
ccd4d9bb1e60943eb8f7b4fc9b55b161

SHA1
11d00479b954e881ac3e90ed7a1f53b5487e935e

SHA256
449aca99622d50d8030938ae639bc52039e32daeb2d0fb88294dd2e3a86b25aa

SHA512
da59f58ca63bb1fd4a0eef6d2e0c3e2383ebff827768df2a7f0a71d30109476381df106013ab166a7fa1f5de1953d3d3d13f0bf0c587b00d658b6350d61f92a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
360B

MD5
1d26f2d80b6d9f2716d69ab86cc25cdd

SHA1
664873bdf33fd0657575129f37ca21ad8da66a14

SHA256
aa1c8ea6f2b3005c4c383e53556c932499fc8ba20595a42a6c94abeff2b70cbf

SHA512
90fffa687fae714a8459d0fc81e6fc0fdc37fa9be97518dde3e647680c143c7f8aa691dbf933470245b9b3acbf78c6f145c876119060dc929e2c52d561f5b31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
950cf72d8be3ba267c8454f54b5036cc

SHA1
5a494aaeadc3bb38d9b67b69a23b56003f371970

SHA256
0832f56207438a9068b404148becfce07c4952e5ef84c45b6a206db42519d07c

SHA512
c63916e768d5bbeb950d902230e4991d3d5941264044b5b1a189d23486425506ac3a9bf8c8541fe84335d4fcc1e0ec40a961d7e8e07463bddce261b387b48c3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
a10beaf2699618dca001305799ac0be8

SHA1
ccb9eb89c12bc3998bb079aa711a7c9f32004100

SHA256
af79c1183746e020c29bc9a12983b04bfc4a82bd4f9a9f41e10b9b7957078af8

SHA512
747e7c725047cbac69855d25999c902013a69587baebc3cca7340114d0b9716e5cdcd72f309b89bb12244f58cb92eee410dd93104aea8e814c9653d480867895

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
df63f31c468ae181f36564a1c8dbb3f8

SHA1
e90730c5aed284980bc33cf5dd9f4cb8cea800bd

SHA256
035f511a49f9714a9fd914de5b423288ca7d6ff5d6e3953e2b494fb5e541a1ed

SHA512
2e703ffee9741cf5c3916a73508585bc768d144f756975f5c553ce7368abce1986fb74dc80ec6cc662f21a374ca4138e0e2f4ff1fe44e81b13cd88f6a8c45d9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
351c053607274c68e804cd9b6e70194f

SHA1
95072e99b86ae34df7f90df807177ccd2f8f98f5

SHA256
72df1d4e1eab166a8ea9a3ac030aca7e0d9fc22f6bbf6cf8b65ab0ff8fd36f15

SHA512
05933fed927fc97de6c636eb9aac198e5cc58d39791a30fa41c7dd0999196ddf9ada3bf433264a77cd766ed68d13f8fd06e76e1c87fb1b278897c8c5990257c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
753a61c195ad358338d88c0cdb8ceea9

SHA1
6a772741afbe1c7e58d0bc14d33ffe49820c9f73

SHA256
c610607f3e31bbbe0a890ddd3105a999c4762a269c50aaaac868a57a13e40ba5

SHA512
500215272fe5a6a4a100fc28e719b2a43f22e2b55f808736c599dfdcc6ca73368e1483780e118893562a24435e13abe8eca84882bd82997f203249c82f51808a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
83fc85eeb6b74c1b3330c0ce3e4e7c8f

SHA1
0c403b3fe560163848f64cb1c3b6b0e4a6c3d387

SHA256
42a8eaeadcd4bac3b1868d0a848865f70f2a3471d7312ecbfaed75bc61fd2471

SHA512
351a87557ccceb6c820ceb424095534b7661a1fcda5cb10c5c6e615d70baef00c0b085828e98fd7ac88c22252ed8af732f3426087379d644f1d0c45f7958f89a

Download Submit
C:\Users\Admin\Downloads\MEMZ-virus-main.zip
Filesize
8KB

MD5
a043dc5c624d091f7c2600dd18b300b7

SHA1
4682f79dabfc6da05441e2b6d820382ff02b4c58

SHA256
0acffde0f952b44d500cf2689d6c9ab87e66ac7fa29a51f3c3e36a43ea5e694a

SHA512
ee4f691a6c7b6c047bca49723b65e5980a8f83cbbc129ddfd578b855430b78acf3d0e461238739cd64c8a5c9071fe132c10da3ac28085fc978b6a19ee1ca3313

Download Submit
C:\note.txt
Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
\??\pipe\crashpad_4960_KGVOHVGQTIUYVJMU
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/4708-648-0x000001DF77AF0000-0x000001DF77AF1000-memory.dmp

Filesize
4KB

Download
memory/4708-647-0x000001DF77AF0000-0x000001DF77AF1000-memory.dmp

Filesize
4KB

Download
memory/4708-646-0x000001DF77AF0000-0x000001DF77AF1000-memory.dmp

Filesize
4KB

Download
memory/4708-652-0x000001DF77AF0000-0x000001DF77AF1000-memory.dmp

Filesize
4KB

Download
memory/4708-658-0x000001DF77AF0000-0x000001DF77AF1000-memory.dmp

Filesize
4KB

Download
memory/4708-657-0x000001DF77AF0000-0x000001DF77AF1000-memory.dmp

Filesize
4KB

Download
memory/4708-656-0x000001DF77AF0000-0x000001DF77AF1000-memory.dmp

Filesize
4KB

Download
memory/4708-655-0x000001DF77AF0000-0x000001DF77AF1000-memory.dmp

Filesize
4KB

Download
memory/4708-654-0x000001DF77AF0000-0x000001DF77AF1000-memory.dmp

Filesize
4KB

Download
memory/4708-653-0x000001DF77AF0000-0x000001DF77AF1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads