Analysis

  • max time kernel
    80s
  • max time network
    93s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240611-en
  • resource tags

    arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    20-06-2024 13:16

Errors

Reason
Machine shutdown

General

  • Target

    zuizhz1rr5761.webp

  • Size

    77KB

  • MD5

    4eef815a57881bd5e2b46d81128fdf6f

  • SHA1

    82b22594624e6dd9c6118f3c8fe24f0b6342a5f5

  • SHA256

    24182e86a5c36b8283f96ddf34b4d1c0bef4a85922deb51c03636b1c8d67b684

  • SHA512

    8d9d9a325c1a8fabfdc54ef83dae950117ca027cb04b9c6b6652ac278b6f8e9975402648a06745f28783f9a2c509b89db612c152ceb7f5f2b1bb0013527d348e

  • SSDEEP

    1536:aAR4m2sCMQKO6GJn60J8lWmjFsWz5LgsX9jdCCaKv4m50Cu/383Ewvl:N27MmxnPJcZL5LgsX9jdvjwm5Bu/3SEo

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 7 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 34 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of SetWindowsHookEx 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\zuizhz1rr5761.webp
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4472
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\zuizhz1rr5761.webp
      2⤵
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:2388
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd44b5ab58,0x7ffd44b5ab68,0x7ffd44b5ab78
        3⤵
          PID:3748
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1548 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:2
          3⤵
            PID:1180
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:8
            3⤵
              PID:2444
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2128 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:8
              3⤵
                PID:4652
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3040 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:1
                3⤵
                  PID:488
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3184 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:1
                  3⤵
                    PID:4116
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4328 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:8
                    3⤵
                      PID:2924
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4576 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:8
                      3⤵
                        PID:2944
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4140 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:8
                        3⤵
                          PID:892
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4728 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:1
                          3⤵
                            PID:3396
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4780 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:1
                            3⤵
                              PID:2864
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4940 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:8
                              3⤵
                                PID:800
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5084 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:8
                                3⤵
                                  PID:2412
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4568 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:1
                                  3⤵
                                    PID:4024
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4680 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:8
                                    3⤵
                                      PID:2064
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4672 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:8
                                      3⤵
                                        PID:1116
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4164 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:8
                                        3⤵
                                          PID:652
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4636 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:1
                                          3⤵
                                            PID:3308
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2176 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:8
                                            3⤵
                                              PID:1268
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4592 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:8
                                              3⤵
                                                PID:2264
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:8
                                                3⤵
                                                  PID:2004
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:8
                                                  3⤵
                                                  • NTFS ADS
                                                  PID:4088
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3140 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:8
                                                  3⤵
                                                    PID:1368
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4724 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:8
                                                    3⤵
                                                      PID:3416
                                                    • C:\Users\Admin\Downloads\MEMZ.exe
                                                      "C:\Users\Admin\Downloads\MEMZ.exe"
                                                      3⤵
                                                      • Executes dropped EXE
                                                      PID:1568
                                                      • C:\Users\Admin\Downloads\MEMZ.exe
                                                        "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
                                                        4⤵
                                                        • Executes dropped EXE
                                                        • Suspicious behavior: EnumeratesProcesses
                                                        • Suspicious use of SetWindowsHookEx
                                                        PID:4232
                                                      • C:\Users\Admin\Downloads\MEMZ.exe
                                                        "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
                                                        4⤵
                                                        • Executes dropped EXE
                                                        • Suspicious use of SetWindowsHookEx
                                                        PID:1044
                                                      • C:\Users\Admin\Downloads\MEMZ.exe
                                                        "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
                                                        4⤵
                                                        • Executes dropped EXE
                                                        • Suspicious use of SetWindowsHookEx
                                                        PID:4680
                                                      • C:\Users\Admin\Downloads\MEMZ.exe
                                                        "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
                                                        4⤵
                                                        • Executes dropped EXE
                                                        • Suspicious use of SetWindowsHookEx
                                                        PID:1300
                                                      • C:\Users\Admin\Downloads\MEMZ.exe
                                                        "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
                                                        4⤵
                                                        • Executes dropped EXE
                                                        PID:112
                                                      • C:\Users\Admin\Downloads\MEMZ.exe
                                                        "C:\Users\Admin\Downloads\MEMZ.exe" /main
                                                        4⤵
                                                        • Executes dropped EXE
                                                        • Writes to the Master Boot Record (MBR)
                                                        PID:2940
                                                        • C:\Windows\SysWOW64\notepad.exe
                                                          "C:\Windows\System32\notepad.exe" \note.txt
                                                          5⤵
                                                            PID:4972
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:8
                                                        3⤵
                                                          PID:280
                                                    • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                                                      "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                                                      1⤵
                                                        PID:908

                                                      Network

                                                      MITRE ATT&CK Enterprise v15

                                                      Replay Monitor

                                                      Loading Replay Monitor...

                                                      Downloads

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                        Filesize

                                                        2KB

                                                        MD5

                                                        ad97dad2fb96ead4b287c5a31a202354

                                                        SHA1

                                                        6bdf0da7c68a152bb7365b6fed95c04775bdb395

                                                        SHA256

                                                        428d313147be6f53ba78c3712354f1c7b4105cd32276bd80d9a25b92e1ea20bb

                                                        SHA512

                                                        c58d617237c00142c6e4a582632f3f9f7a9400ca69dc6e4eceed7d39308dd20b7cc9b2f93923244269b2ce74e34f7e2cdd6906d9029bdece96845701cb79457e

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                        Filesize

                                                        72B

                                                        MD5

                                                        f04092a4f722528ffe9e98e8e0a14fab

                                                        SHA1

                                                        32151f954426d5eb4b13a25de7b6d43252a61b64

                                                        SHA256

                                                        3155635eac6f576bb9ff21986de38e300ab84dd15343fb8b9e64b16ef8cb05eb

                                                        SHA512

                                                        d02e57f0b8a92e0331f7e1680da2752a29b92a8d3cdcc2d142252bbed95aefb14c1a08994b14e8caa3700ead47c9be47ec28e45c7c3d8c2b43d7c4205186c768

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                        Filesize

                                                        2KB

                                                        MD5

                                                        f3c49b6f4dec3c35e7ea9580befe57f5

                                                        SHA1

                                                        27c2daac0cff15136ede3dc3baebed93fe09d3f8

                                                        SHA256

                                                        e50fdfbb67414d30e14f9b2bdaac94c28ab5510b6376af2651dc7c67d62fa18a

                                                        SHA512

                                                        ce706a1adf45291fc44b49e62af4ddf0cde846b040d7ba82e9622901a02e013ac9af9e33db83bee10bc2bf427075a2b312050045fa6aca7914f170bc7a7cb741

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                                        Filesize

                                                        2B

                                                        MD5

                                                        d751713988987e9331980363e24189ce

                                                        SHA1

                                                        97d170e1550eee4afc0af065b78cda302a97674c

                                                        SHA256

                                                        4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                        SHA512

                                                        b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                        Filesize

                                                        1KB

                                                        MD5

                                                        d08dd7b740e41796cecd545b227df544

                                                        SHA1

                                                        ae6a7e1cc4607351c54a031393e1f100ee9bf885

                                                        SHA256

                                                        810611499a9283c939bcfe2687da8c201b24abff62b0236779128d4450cd6121

                                                        SHA512

                                                        538dfaaad912f67967f5d2341eaae057ed3397d410e2d41249c16f9d87544b015b0bddc0524934315df2081320544d52c00490571817c747b2d175b7c08ff835

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                        Filesize

                                                        1KB

                                                        MD5

                                                        9534ca71bdd4f54c79f8770996c53b97

                                                        SHA1

                                                        231e16adf21220d8fee4ae2a76d896dcc593e858

                                                        SHA256

                                                        326bd6c59903e1e2f3bebdd5662dcc21a01e47a645c1ab61501be37caadd41ba

                                                        SHA512

                                                        a9974a04ceb8fb696f1fb92667b193d59aa978ae4cabb710161a801d3938abb843ed4c31e3ca4efe237afd503ca2219bf2700c3c56a64532b663d080fec30995

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                        Filesize

                                                        356B

                                                        MD5

                                                        a491eb8886f5b7feab4c909fba26a355

                                                        SHA1

                                                        44af9ed867be2da50e0ca08411967675975c935d

                                                        SHA256

                                                        0637753e8ae4201b9c1b1e5a714617088ca93623106f640f507f7ca182eaea08

                                                        SHA512

                                                        7b9973d64a5aa94d3b68d41391ab635a4a1cdb00928f2aa8ba7112d33c566d2cc4e4747c2517ba67b08a668f87d4aae8a7430fc49034254607bf7ab9f5883686

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                        Filesize

                                                        356B

                                                        MD5

                                                        64c7c6061f39eae990ea383655a653a4

                                                        SHA1

                                                        fa88e20a58afb0b8eb6b18f248ad873b2fea277a

                                                        SHA256

                                                        a508cf789c5ede64e1044f2e34117e7f4cc2b966974db7268dd05adc1369c22b

                                                        SHA512

                                                        e0b9c1fece75425ab06d5857f1a25cea727ce40721b80bd2a04e2b7f8b85e62d9e388634dbbc06b9a6a4accc5ef06e7cf5f6505327fa49bed982c802c51278d7

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                        Filesize

                                                        6KB

                                                        MD5

                                                        25380aabda74157d0d77584b62ff7f20

                                                        SHA1

                                                        ae4fb89225007a2f74deafa931349d647c4c6289

                                                        SHA256

                                                        1b1f0d583b0d6d0c7d6830aae0d788a3f0d81afb2e973f0cd9e0ed6a9c1106b7

                                                        SHA512

                                                        f6b773cf089deea27c68de0937423596468b73f8654c5ac359f44c28cc5380be54b68bd8966d1fb6df697d64091bc69a41485ac43700c4cda5e7efd680eda345

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                        Filesize

                                                        7KB

                                                        MD5

                                                        074e06dbd837740f78f4bffc266abb24

                                                        SHA1

                                                        ab298c75a04c20d3afe3b80d84b02f0c398355ef

                                                        SHA256

                                                        b3d25297d9d36aecb883bfab617bca80ad11583046b6eda2b913f73d894d747b

                                                        SHA512

                                                        75206c8bf1c79939ae73e0def0073c7bc9f1a32a3b5e589b6d324d3741ec8d80066df33f6d10f5501898ea1aa698d0cfa31c47825fa2a8e726b89159ca9baccb

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                        Filesize

                                                        7KB

                                                        MD5

                                                        b998d8305c29e34012c2f90ea7ebe0ed

                                                        SHA1

                                                        b1ef0c8c4e9667209653360b440f5031075c7d3f

                                                        SHA256

                                                        41124a77f9a83ac776906a53af9f44d2f9bdde1752509c1c66732d95c8e344c4

                                                        SHA512

                                                        29f92cb37dba4ba779b02d45085a4e3ab86610d6b65766ec25291f269261a0ccff6dcb948d70b49c72b9fb2fb516da9d2c101a45dae9f63fe450a014c82b11d9

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                        Filesize

                                                        7KB

                                                        MD5

                                                        c6dbe4c37bcf6224a842621a90bcfc09

                                                        SHA1

                                                        b9b452191bc28c285c84acf5bd52d985a2270e95

                                                        SHA256

                                                        b01a52f25e8c3a27c396ae9cf4b3ab6b8e81cc882ca15397a3c30f3a0e9229bb

                                                        SHA512

                                                        6b27680211e2f94d5e82f1a40ccb57d76d37420538fdfa1b24b13b412c9a68aca9e75bce4ee9915392a5733ca928719eb4eab73ad013f026f0cfc5f2459663f8

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                                        Filesize

                                                        16KB

                                                        MD5

                                                        ae7f3f2ac15f682442f7ab8a3affdcd3

                                                        SHA1

                                                        f7f7200f35740a0e1b0f6dca557517ed6279c074

                                                        SHA256

                                                        bd6d4ee278437e2ba2659334063cd0ab8db4d244135f0fcaa00a818686693f9c

                                                        SHA512

                                                        b9ee26cadf32c3522722b8c2bdf2dff428b343fcc723be3f52d6ad5a09fb83c5624137ba019fd3f90b7573b9d8a02297a2fde4c43840649264f04e2bc7584cb6

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                        Filesize

                                                        140KB

                                                        MD5

                                                        cff500ea481aa0da440f803763a8ae07

                                                        SHA1

                                                        52b0f9b8e21041070200bec5ea8a4ba97725a5fc

                                                        SHA256

                                                        a4156a6d2e1d4bf458c3c0753e3afaaf3e1b6393b0a997f3da4b46d309855cc1

                                                        SHA512

                                                        e51d244a331f66b074341dbd2a1e4af8371f8d5a6c5bb7b6b7902dcac0517dd5b83292ece6d68ae70b7485cf9c133a4cd9bed85266ed19090201bce657b8ac9e

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                        Filesize

                                                        280KB

                                                        MD5

                                                        a4ed00787605f6d4003d29748e0ac06a

                                                        SHA1

                                                        ed11668e395018491c5290a95e3868b34c6aaf5d

                                                        SHA256

                                                        550660b2dd6eb778354c4ebe05c846108221073dc7fede2fb12ff77fe202b475

                                                        SHA512

                                                        29aa2304d6d20009f5d1563b393942100779f33f30bccc8d3e47cc805d480451d3041e5116fdb3d8d5c189697de69c33329af7c857799e1afd64ab1497eb5ac2

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                        Filesize

                                                        353KB

                                                        MD5

                                                        4dcfb1e7a9ba58d8b3f6af6e5a8ba3fa

                                                        SHA1

                                                        ceb0ae461f45ad0398dddf464e2787b889d2507b

                                                        SHA256

                                                        4a46ed3fc9b1964e2f3e083bd6bcdccb8cee9930e6a3d3e70a95e8be3b3ea81f

                                                        SHA512

                                                        4b0ed638554468fa21e7a3158aa83a2cea8d61e93378993615eb57bcd10d7140dbd2c15598bd0a8a64399c729354056e55725a3d3ed8d0851f83c52171c883bb

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                        Filesize

                                                        86KB

                                                        MD5

                                                        28345cf5178dfbfee87d28623f59a2ef

                                                        SHA1

                                                        14ad9f1f0891cb74e38b4fdd25b6d0fa6e46ffab

                                                        SHA256

                                                        36b0e44f69347124d89e659348d4f675630f6e43a75f5f8ccd04704fa70b25c9

                                                        SHA512

                                                        8c2663bb7944dd1722f37c04335c362be5040d844ffb1afa1ec4907ce79a9792b147164b3fb906b7f2e52ecca8f30be9f14eeab0f767eae69571e401db7b2b73

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                        Filesize

                                                        102KB

                                                        MD5

                                                        9114afca5f8b289528b96f6a914d4d1f

                                                        SHA1

                                                        41fe2ef68d8dcec42e8f2cd0af0c6b6e149f78f8

                                                        SHA256

                                                        9a2354070189ed78af1d3e1bf12964d8ce794c74e62392a2d76137f28c11b8dc

                                                        SHA512

                                                        55a75be4e8d298cd04b43c954cfe18d7f49459c434163ce9c84fa988eb6fec6998f8ce86d50fb9da14c8d83a1562de3c30a8a0d48ec7220de8d8a6b1b4c695e7

                                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe590c4b.TMP

                                                        Filesize

                                                        83KB

                                                        MD5

                                                        398d735916ef50afcafb73e0fcde36e0

                                                        SHA1

                                                        0d5e754ae964c3ac95f155bacf1c3a6b3cd285bf

                                                        SHA256

                                                        99d0929803a3fdcceb93385c01019b2a6234640ffe0023bcac7355c5bd62ef3c

                                                        SHA512

                                                        5ce41e1587e7d8a9e5154944021760cd7e939e85b265e11608f6215561c027fbfeb6a5314c8b05465527723e4246efd468779d92aa034bd19c91fc35d03d4a1a

                                                      • C:\Users\Admin\Downloads\MEMZ.exe

                                                        Filesize

                                                        16KB

                                                        MD5

                                                        1d5ad9c8d3fee874d0feb8bfac220a11

                                                        SHA1

                                                        ca6d3f7e6c784155f664a9179ca64e4034df9595

                                                        SHA256

                                                        3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

                                                        SHA512

                                                        c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

                                                      • C:\Users\Admin\Downloads\MEMZ.exe:Zone.Identifier

                                                        Filesize

                                                        55B

                                                        MD5

                                                        0f98a5550abe0fb880568b1480c96a1c

                                                        SHA1

                                                        d2ce9f7057b201d31f79f3aee2225d89f36be07d

                                                        SHA256

                                                        2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1

                                                        SHA512

                                                        dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

                                                      • C:\note.txt

                                                        Filesize

                                                        218B

                                                        MD5

                                                        afa6955439b8d516721231029fb9ca1b

                                                        SHA1

                                                        087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

                                                        SHA256

                                                        8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

                                                        SHA512

                                                        5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf