Malware Analysis Report

2025-01-03 09:22

Sample ID 240620-qh3vkatdpn
Target zuizhz1rr5761.webp
SHA256 24182e86a5c36b8283f96ddf34b4d1c0bef4a85922deb51c03636b1c8d67b684
Tags
bootkit persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

24182e86a5c36b8283f96ddf34b4d1c0bef4a85922deb51c03636b1c8d67b684

Threat Level: Likely malicious

The file zuizhz1rr5761.webp was found to be: Likely malicious.

Malicious Activity Summary

bootkit persistence

Downloads MZ/PE file

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Writes to the Master Boot Record (MBR)

Enumerates physical storage devices

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Modifies data under HKEY_USERS

NTFS ADS

Suspicious use of SetWindowsHookEx

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-20 13:16

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-20 13:16

Reported

2024-06-20 13:18

Platform

win11-20240611-en

Max time kernel

80s

Max time network

93s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\zuizhz1rr5761.webp

Signatures

Downloads MZ/PE file

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\Downloads\MEMZ.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133633630173396897" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\MEMZ.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A
N/A N/A C:\Users\Admin\Downloads\MEMZ.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4472 wrote to memory of 2388 N/A C:\Windows\system32\cmd.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4472 wrote to memory of 2388 N/A C:\Windows\system32\cmd.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2388 wrote to memory of 3748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2388 wrote to memory of 3748 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2388 wrote to memory of 1180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2388 wrote to memory of 1180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2388 wrote to memory of 1180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2388 wrote to memory of 1180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2388 wrote to memory of 1180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2388 wrote to memory of 1180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2388 wrote to memory of 1180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2388 wrote to memory of 1180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2388 wrote to memory of 1180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2388 wrote to memory of 1180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2388 wrote to memory of 1180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2388 wrote to memory of 1180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2388 wrote to memory of 1180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2388 wrote to memory of 1180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2388 wrote to memory of 1180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2388 wrote to memory of 1180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2388 wrote to memory of 1180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2388 wrote to memory of 1180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2388 wrote to memory of 1180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2388 wrote to memory of 1180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2388 wrote to memory of 1180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2388 wrote to memory of 1180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2388 wrote to memory of 1180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2388 wrote to memory of 1180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2388 wrote to memory of 1180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2388 wrote to memory of 1180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2388 wrote to memory of 1180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2388 wrote to memory of 1180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2388 wrote to memory of 1180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2388 wrote to memory of 1180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2388 wrote to memory of 1180 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2388 wrote to memory of 2444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2388 wrote to memory of 2444 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2388 wrote to memory of 4652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2388 wrote to memory of 4652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2388 wrote to memory of 4652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2388 wrote to memory of 4652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2388 wrote to memory of 4652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2388 wrote to memory of 4652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2388 wrote to memory of 4652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2388 wrote to memory of 4652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2388 wrote to memory of 4652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2388 wrote to memory of 4652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2388 wrote to memory of 4652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2388 wrote to memory of 4652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2388 wrote to memory of 4652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2388 wrote to memory of 4652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2388 wrote to memory of 4652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2388 wrote to memory of 4652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2388 wrote to memory of 4652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2388 wrote to memory of 4652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2388 wrote to memory of 4652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2388 wrote to memory of 4652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2388 wrote to memory of 4652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2388 wrote to memory of 4652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2388 wrote to memory of 4652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2388 wrote to memory of 4652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2388 wrote to memory of 4652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2388 wrote to memory of 4652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2388 wrote to memory of 4652 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\zuizhz1rr5761.webp

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\zuizhz1rr5761.webp

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd44b5ab58,0x7ffd44b5ab68,0x7ffd44b5ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1548 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2128 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3040 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3184 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4328 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4576 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4140 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4728 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4780 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4940 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5084 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4568 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4680 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4672 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4164 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4636 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2176 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4592 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3140 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4724 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:8

C:\Users\Admin\Downloads\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:8

C:\Users\Admin\Downloads\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog

C:\Users\Admin\Downloads\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog

C:\Users\Admin\Downloads\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog

C:\Users\Admin\Downloads\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog

C:\Users\Admin\Downloads\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog

C:\Users\Admin\Downloads\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ.exe" /main

C:\Windows\SysWOW64\notepad.exe

"C:\Windows\System32\notepad.exe" \note.txt

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 clients2.google.com udp
GB 142.250.187.206:443 clients2.google.com tcp
GB 142.250.187.196:443 www.google.com udp
GB 172.217.169.46:443 play.google.com tcp
GB 172.217.169.46:443 play.google.com udp
GB 142.250.187.238:443 consent.google.com tcp
GB 142.250.200.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.108.133:443 user-images.githubusercontent.com tcp
GB 142.250.200.10:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 collector.github.com udp
US 185.199.111.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.113.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp

Files

\??\pipe\crashpad_2388_NZUFAMZPKBGXSJZI

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 cff500ea481aa0da440f803763a8ae07
SHA1 52b0f9b8e21041070200bec5ea8a4ba97725a5fc
SHA256 a4156a6d2e1d4bf458c3c0753e3afaaf3e1b6393b0a997f3da4b46d309855cc1
SHA512 e51d244a331f66b074341dbd2a1e4af8371f8d5a6c5bb7b6b7902dcac0517dd5b83292ece6d68ae70b7485cf9c133a4cd9bed85266ed19090201bce657b8ac9e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 a4ed00787605f6d4003d29748e0ac06a
SHA1 ed11668e395018491c5290a95e3868b34c6aaf5d
SHA256 550660b2dd6eb778354c4ebe05c846108221073dc7fede2fb12ff77fe202b475
SHA512 29aa2304d6d20009f5d1563b393942100779f33f30bccc8d3e47cc805d480451d3041e5116fdb3d8d5c189697de69c33329af7c857799e1afd64ab1497eb5ac2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 25380aabda74157d0d77584b62ff7f20
SHA1 ae4fb89225007a2f74deafa931349d647c4c6289
SHA256 1b1f0d583b0d6d0c7d6830aae0d788a3f0d81afb2e973f0cd9e0ed6a9c1106b7
SHA512 f6b773cf089deea27c68de0937423596468b73f8654c5ac359f44c28cc5380be54b68bd8966d1fb6df697d64091bc69a41485ac43700c4cda5e7efd680eda345

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 ae7f3f2ac15f682442f7ab8a3affdcd3
SHA1 f7f7200f35740a0e1b0f6dca557517ed6279c074
SHA256 bd6d4ee278437e2ba2659334063cd0ab8db4d244135f0fcaa00a818686693f9c
SHA512 b9ee26cadf32c3522722b8c2bdf2dff428b343fcc723be3f52d6ad5a09fb83c5624137ba019fd3f90b7573b9d8a02297a2fde4c43840649264f04e2bc7584cb6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 64c7c6061f39eae990ea383655a653a4
SHA1 fa88e20a58afb0b8eb6b18f248ad873b2fea277a
SHA256 a508cf789c5ede64e1044f2e34117e7f4cc2b966974db7268dd05adc1369c22b
SHA512 e0b9c1fece75425ab06d5857f1a25cea727ce40721b80bd2a04e2b7f8b85e62d9e388634dbbc06b9a6a4accc5ef06e7cf5f6505327fa49bed982c802c51278d7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a491eb8886f5b7feab4c909fba26a355
SHA1 44af9ed867be2da50e0ca08411967675975c935d
SHA256 0637753e8ae4201b9c1b1e5a714617088ca93623106f640f507f7ca182eaea08
SHA512 7b9973d64a5aa94d3b68d41391ab635a4a1cdb00928f2aa8ba7112d33c566d2cc4e4747c2517ba67b08a668f87d4aae8a7430fc49034254607bf7ab9f5883686

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b998d8305c29e34012c2f90ea7ebe0ed
SHA1 b1ef0c8c4e9667209653360b440f5031075c7d3f
SHA256 41124a77f9a83ac776906a53af9f44d2f9bdde1752509c1c66732d95c8e344c4
SHA512 29f92cb37dba4ba779b02d45085a4e3ab86610d6b65766ec25291f269261a0ccff6dcb948d70b49c72b9fb2fb516da9d2c101a45dae9f63fe450a014c82b11d9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe590c4b.TMP

MD5 398d735916ef50afcafb73e0fcde36e0
SHA1 0d5e754ae964c3ac95f155bacf1c3a6b3cd285bf
SHA256 99d0929803a3fdcceb93385c01019b2a6234640ffe0023bcac7355c5bd62ef3c
SHA512 5ce41e1587e7d8a9e5154944021760cd7e939e85b265e11608f6215561c027fbfeb6a5314c8b05465527723e4246efd468779d92aa034bd19c91fc35d03d4a1a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 28345cf5178dfbfee87d28623f59a2ef
SHA1 14ad9f1f0891cb74e38b4fdd25b6d0fa6e46ffab
SHA256 36b0e44f69347124d89e659348d4f675630f6e43a75f5f8ccd04704fa70b25c9
SHA512 8c2663bb7944dd1722f37c04335c362be5040d844ffb1afa1ec4907ce79a9792b147164b3fb906b7f2e52ecca8f30be9f14eeab0f767eae69571e401db7b2b73

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f04092a4f722528ffe9e98e8e0a14fab
SHA1 32151f954426d5eb4b13a25de7b6d43252a61b64
SHA256 3155635eac6f576bb9ff21986de38e300ab84dd15343fb8b9e64b16ef8cb05eb
SHA512 d02e57f0b8a92e0331f7e1680da2752a29b92a8d3cdcc2d142252bbed95aefb14c1a08994b14e8caa3700ead47c9be47ec28e45c7c3d8c2b43d7c4205186c768

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d08dd7b740e41796cecd545b227df544
SHA1 ae6a7e1cc4607351c54a031393e1f100ee9bf885
SHA256 810611499a9283c939bcfe2687da8c201b24abff62b0236779128d4450cd6121
SHA512 538dfaaad912f67967f5d2341eaae057ed3397d410e2d41249c16f9d87544b015b0bddc0524934315df2081320544d52c00490571817c747b2d175b7c08ff835

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 074e06dbd837740f78f4bffc266abb24
SHA1 ab298c75a04c20d3afe3b80d84b02f0c398355ef
SHA256 b3d25297d9d36aecb883bfab617bca80ad11583046b6eda2b913f73d894d747b
SHA512 75206c8bf1c79939ae73e0def0073c7bc9f1a32a3b5e589b6d324d3741ec8d80066df33f6d10f5501898ea1aa698d0cfa31c47825fa2a8e726b89159ca9baccb

C:\Users\Admin\Downloads\MEMZ.exe:Zone.Identifier

MD5 0f98a5550abe0fb880568b1480c96a1c
SHA1 d2ce9f7057b201d31f79f3aee2225d89f36be07d
SHA256 2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1
SHA512 dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

C:\Users\Admin\Downloads\MEMZ.exe

MD5 1d5ad9c8d3fee874d0feb8bfac220a11
SHA1 ca6d3f7e6c784155f664a9179ca64e4034df9595
SHA256 3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff
SHA512 c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9534ca71bdd4f54c79f8770996c53b97
SHA1 231e16adf21220d8fee4ae2a76d896dcc593e858
SHA256 326bd6c59903e1e2f3bebdd5662dcc21a01e47a645c1ab61501be37caadd41ba
SHA512 a9974a04ceb8fb696f1fb92667b193d59aa978ae4cabb710161a801d3938abb843ed4c31e3ca4efe237afd503ca2219bf2700c3c56a64532b663d080fec30995

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 4dcfb1e7a9ba58d8b3f6af6e5a8ba3fa
SHA1 ceb0ae461f45ad0398dddf464e2787b889d2507b
SHA256 4a46ed3fc9b1964e2f3e083bd6bcdccb8cee9930e6a3d3e70a95e8be3b3ea81f
SHA512 4b0ed638554468fa21e7a3158aa83a2cea8d61e93378993615eb57bcd10d7140dbd2c15598bd0a8a64399c729354056e55725a3d3ed8d0851f83c52171c883bb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 f3c49b6f4dec3c35e7ea9580befe57f5
SHA1 27c2daac0cff15136ede3dc3baebed93fe09d3f8
SHA256 e50fdfbb67414d30e14f9b2bdaac94c28ab5510b6376af2651dc7c67d62fa18a
SHA512 ce706a1adf45291fc44b49e62af4ddf0cde846b040d7ba82e9622901a02e013ac9af9e33db83bee10bc2bf427075a2b312050045fa6aca7914f170bc7a7cb741

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c6dbe4c37bcf6224a842621a90bcfc09
SHA1 b9b452191bc28c285c84acf5bd52d985a2270e95
SHA256 b01a52f25e8c3a27c396ae9cf4b3ab6b8e81cc882ca15397a3c30f3a0e9229bb
SHA512 6b27680211e2f94d5e82f1a40ccb57d76d37420538fdfa1b24b13b412c9a68aca9e75bce4ee9915392a5733ca928719eb4eab73ad013f026f0cfc5f2459663f8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ad97dad2fb96ead4b287c5a31a202354
SHA1 6bdf0da7c68a152bb7365b6fed95c04775bdb395
SHA256 428d313147be6f53ba78c3712354f1c7b4105cd32276bd80d9a25b92e1ea20bb
SHA512 c58d617237c00142c6e4a582632f3f9f7a9400ca69dc6e4eceed7d39308dd20b7cc9b2f93923244269b2ce74e34f7e2cdd6906d9029bdece96845701cb79457e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 9114afca5f8b289528b96f6a914d4d1f
SHA1 41fe2ef68d8dcec42e8f2cd0af0c6b6e149f78f8
SHA256 9a2354070189ed78af1d3e1bf12964d8ce794c74e62392a2d76137f28c11b8dc
SHA512 55a75be4e8d298cd04b43c954cfe18d7f49459c434163ce9c84fa988eb6fec6998f8ce86d50fb9da14c8d83a1562de3c30a8a0d48ec7220de8d8a6b1b4c695e7

C:\note.txt

MD5 afa6955439b8d516721231029fb9ca1b
SHA1 087a043cc123c0c0df2ffadcf8e71e3ac86bbae9
SHA256 8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270
SHA512 5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf