Analysis Overview
SHA256
24182e86a5c36b8283f96ddf34b4d1c0bef4a85922deb51c03636b1c8d67b684
Threat Level: Likely malicious
The file zuizhz1rr5761.webp was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Executes dropped EXE
Legitimate hosting services abused for malware hosting/C2
Writes to the Master Boot Record (MBR)
Enumerates physical storage devices
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Modifies data under HKEY_USERS
NTFS ADS
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-20 13:16
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-20 13:16
Reported
2024-06-20 13:18
Platform
win11-20240611-en
Max time kernel
80s
Max time network
93s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\MEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\MEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\MEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\MEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\MEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\MEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\MEMZ.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\Downloads\MEMZ.exe | N/A |
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133633630173396897" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\MEMZ.exe:Zone.Identifier | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\zuizhz1rr5761.webp
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\zuizhz1rr5761.webp
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd44b5ab58,0x7ffd44b5ab68,0x7ffd44b5ab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1548 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2128 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3040 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3184 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4328 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4576 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4140 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4728 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4780 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4940 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5084 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4568 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4680 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4672 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4164 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4636 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2176 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4592 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5316 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3140 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4724 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:8
C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 --field-trial-handle=1828,i,8006771935664800173,4706139175105933707,131072 /prefetch:8
C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /main
C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.206:443 | clients2.google.com | udp |
| GB | 142.250.187.206:443 | clients2.google.com | tcp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| GB | 142.250.187.238:443 | consent.google.com | tcp |
| GB | 142.250.200.10:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 10.200.250.142.in-addr.arpa | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | user-images.githubusercontent.com | tcp |
| GB | 142.250.200.10:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
Files
\??\pipe\crashpad_2388_NZUFAMZPKBGXSJZI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | cff500ea481aa0da440f803763a8ae07 |
| SHA1 | 52b0f9b8e21041070200bec5ea8a4ba97725a5fc |
| SHA256 | a4156a6d2e1d4bf458c3c0753e3afaaf3e1b6393b0a997f3da4b46d309855cc1 |
| SHA512 | e51d244a331f66b074341dbd2a1e4af8371f8d5a6c5bb7b6b7902dcac0517dd5b83292ece6d68ae70b7485cf9c133a4cd9bed85266ed19090201bce657b8ac9e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | a4ed00787605f6d4003d29748e0ac06a |
| SHA1 | ed11668e395018491c5290a95e3868b34c6aaf5d |
| SHA256 | 550660b2dd6eb778354c4ebe05c846108221073dc7fede2fb12ff77fe202b475 |
| SHA512 | 29aa2304d6d20009f5d1563b393942100779f33f30bccc8d3e47cc805d480451d3041e5116fdb3d8d5c189697de69c33329af7c857799e1afd64ab1497eb5ac2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 25380aabda74157d0d77584b62ff7f20 |
| SHA1 | ae4fb89225007a2f74deafa931349d647c4c6289 |
| SHA256 | 1b1f0d583b0d6d0c7d6830aae0d788a3f0d81afb2e973f0cd9e0ed6a9c1106b7 |
| SHA512 | f6b773cf089deea27c68de0937423596468b73f8654c5ac359f44c28cc5380be54b68bd8966d1fb6df697d64091bc69a41485ac43700c4cda5e7efd680eda345 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | ae7f3f2ac15f682442f7ab8a3affdcd3 |
| SHA1 | f7f7200f35740a0e1b0f6dca557517ed6279c074 |
| SHA256 | bd6d4ee278437e2ba2659334063cd0ab8db4d244135f0fcaa00a818686693f9c |
| SHA512 | b9ee26cadf32c3522722b8c2bdf2dff428b343fcc723be3f52d6ad5a09fb83c5624137ba019fd3f90b7573b9d8a02297a2fde4c43840649264f04e2bc7584cb6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 64c7c6061f39eae990ea383655a653a4 |
| SHA1 | fa88e20a58afb0b8eb6b18f248ad873b2fea277a |
| SHA256 | a508cf789c5ede64e1044f2e34117e7f4cc2b966974db7268dd05adc1369c22b |
| SHA512 | e0b9c1fece75425ab06d5857f1a25cea727ce40721b80bd2a04e2b7f8b85e62d9e388634dbbc06b9a6a4accc5ef06e7cf5f6505327fa49bed982c802c51278d7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a491eb8886f5b7feab4c909fba26a355 |
| SHA1 | 44af9ed867be2da50e0ca08411967675975c935d |
| SHA256 | 0637753e8ae4201b9c1b1e5a714617088ca93623106f640f507f7ca182eaea08 |
| SHA512 | 7b9973d64a5aa94d3b68d41391ab635a4a1cdb00928f2aa8ba7112d33c566d2cc4e4747c2517ba67b08a668f87d4aae8a7430fc49034254607bf7ab9f5883686 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b998d8305c29e34012c2f90ea7ebe0ed |
| SHA1 | b1ef0c8c4e9667209653360b440f5031075c7d3f |
| SHA256 | 41124a77f9a83ac776906a53af9f44d2f9bdde1752509c1c66732d95c8e344c4 |
| SHA512 | 29f92cb37dba4ba779b02d45085a4e3ab86610d6b65766ec25291f269261a0ccff6dcb948d70b49c72b9fb2fb516da9d2c101a45dae9f63fe450a014c82b11d9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe590c4b.TMP
| MD5 | 398d735916ef50afcafb73e0fcde36e0 |
| SHA1 | 0d5e754ae964c3ac95f155bacf1c3a6b3cd285bf |
| SHA256 | 99d0929803a3fdcceb93385c01019b2a6234640ffe0023bcac7355c5bd62ef3c |
| SHA512 | 5ce41e1587e7d8a9e5154944021760cd7e939e85b265e11608f6215561c027fbfeb6a5314c8b05465527723e4246efd468779d92aa034bd19c91fc35d03d4a1a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 28345cf5178dfbfee87d28623f59a2ef |
| SHA1 | 14ad9f1f0891cb74e38b4fdd25b6d0fa6e46ffab |
| SHA256 | 36b0e44f69347124d89e659348d4f675630f6e43a75f5f8ccd04704fa70b25c9 |
| SHA512 | 8c2663bb7944dd1722f37c04335c362be5040d844ffb1afa1ec4907ce79a9792b147164b3fb906b7f2e52ecca8f30be9f14eeab0f767eae69571e401db7b2b73 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f04092a4f722528ffe9e98e8e0a14fab |
| SHA1 | 32151f954426d5eb4b13a25de7b6d43252a61b64 |
| SHA256 | 3155635eac6f576bb9ff21986de38e300ab84dd15343fb8b9e64b16ef8cb05eb |
| SHA512 | d02e57f0b8a92e0331f7e1680da2752a29b92a8d3cdcc2d142252bbed95aefb14c1a08994b14e8caa3700ead47c9be47ec28e45c7c3d8c2b43d7c4205186c768 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d08dd7b740e41796cecd545b227df544 |
| SHA1 | ae6a7e1cc4607351c54a031393e1f100ee9bf885 |
| SHA256 | 810611499a9283c939bcfe2687da8c201b24abff62b0236779128d4450cd6121 |
| SHA512 | 538dfaaad912f67967f5d2341eaae057ed3397d410e2d41249c16f9d87544b015b0bddc0524934315df2081320544d52c00490571817c747b2d175b7c08ff835 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 074e06dbd837740f78f4bffc266abb24 |
| SHA1 | ab298c75a04c20d3afe3b80d84b02f0c398355ef |
| SHA256 | b3d25297d9d36aecb883bfab617bca80ad11583046b6eda2b913f73d894d747b |
| SHA512 | 75206c8bf1c79939ae73e0def0073c7bc9f1a32a3b5e589b6d324d3741ec8d80066df33f6d10f5501898ea1aa698d0cfa31c47825fa2a8e726b89159ca9baccb |
C:\Users\Admin\Downloads\MEMZ.exe:Zone.Identifier
| MD5 | 0f98a5550abe0fb880568b1480c96a1c |
| SHA1 | d2ce9f7057b201d31f79f3aee2225d89f36be07d |
| SHA256 | 2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1 |
| SHA512 | dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6 |
C:\Users\Admin\Downloads\MEMZ.exe
| MD5 | 1d5ad9c8d3fee874d0feb8bfac220a11 |
| SHA1 | ca6d3f7e6c784155f664a9179ca64e4034df9595 |
| SHA256 | 3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff |
| SHA512 | c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 9534ca71bdd4f54c79f8770996c53b97 |
| SHA1 | 231e16adf21220d8fee4ae2a76d896dcc593e858 |
| SHA256 | 326bd6c59903e1e2f3bebdd5662dcc21a01e47a645c1ab61501be37caadd41ba |
| SHA512 | a9974a04ceb8fb696f1fb92667b193d59aa978ae4cabb710161a801d3938abb843ed4c31e3ca4efe237afd503ca2219bf2700c3c56a64532b663d080fec30995 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 4dcfb1e7a9ba58d8b3f6af6e5a8ba3fa |
| SHA1 | ceb0ae461f45ad0398dddf464e2787b889d2507b |
| SHA256 | 4a46ed3fc9b1964e2f3e083bd6bcdccb8cee9930e6a3d3e70a95e8be3b3ea81f |
| SHA512 | 4b0ed638554468fa21e7a3158aa83a2cea8d61e93378993615eb57bcd10d7140dbd2c15598bd0a8a64399c729354056e55725a3d3ed8d0851f83c52171c883bb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | f3c49b6f4dec3c35e7ea9580befe57f5 |
| SHA1 | 27c2daac0cff15136ede3dc3baebed93fe09d3f8 |
| SHA256 | e50fdfbb67414d30e14f9b2bdaac94c28ab5510b6376af2651dc7c67d62fa18a |
| SHA512 | ce706a1adf45291fc44b49e62af4ddf0cde846b040d7ba82e9622901a02e013ac9af9e33db83bee10bc2bf427075a2b312050045fa6aca7914f170bc7a7cb741 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c6dbe4c37bcf6224a842621a90bcfc09 |
| SHA1 | b9b452191bc28c285c84acf5bd52d985a2270e95 |
| SHA256 | b01a52f25e8c3a27c396ae9cf4b3ab6b8e81cc882ca15397a3c30f3a0e9229bb |
| SHA512 | 6b27680211e2f94d5e82f1a40ccb57d76d37420538fdfa1b24b13b412c9a68aca9e75bce4ee9915392a5733ca928719eb4eab73ad013f026f0cfc5f2459663f8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ad97dad2fb96ead4b287c5a31a202354 |
| SHA1 | 6bdf0da7c68a152bb7365b6fed95c04775bdb395 |
| SHA256 | 428d313147be6f53ba78c3712354f1c7b4105cd32276bd80d9a25b92e1ea20bb |
| SHA512 | c58d617237c00142c6e4a582632f3f9f7a9400ca69dc6e4eceed7d39308dd20b7cc9b2f93923244269b2ce74e34f7e2cdd6906d9029bdece96845701cb79457e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | 9114afca5f8b289528b96f6a914d4d1f |
| SHA1 | 41fe2ef68d8dcec42e8f2cd0af0c6b6e149f78f8 |
| SHA256 | 9a2354070189ed78af1d3e1bf12964d8ce794c74e62392a2d76137f28c11b8dc |
| SHA512 | 55a75be4e8d298cd04b43c954cfe18d7f49459c434163ce9c84fa988eb6fec6998f8ce86d50fb9da14c8d83a1562de3c30a8a0d48ec7220de8d8a6b1b4c695e7 |
C:\note.txt
| MD5 | afa6955439b8d516721231029fb9ca1b |
| SHA1 | 087a043cc123c0c0df2ffadcf8e71e3ac86bbae9 |
| SHA256 | 8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270 |
| SHA512 | 5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf |