Resubmissions

26-06-2024 04:15

240626-evbfasxcjn 8

26-06-2024 04:04

240626-em282stflf 10

26-06-2024 04:01

240626-elpassteng 7

Analysis

  • max time kernel
    90s
  • max time network
    102s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240419-en
  • resource tags

    arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    26-06-2024 04:01

Errors

Reason
Machine shutdown

General

  • Target

    IMG_3065.jpg

  • Size

    402KB

  • MD5

    478f0b9ab82b1ee6020658d02193c91d

  • SHA1

    8d5452e21d3f9284a7ba468f414bb53e4baaca8b

  • SHA256

    6416b6784c92cd55a530ed870554f165f1035ef3ce7d820de9d0fa6b13ddb4a6

  • SHA512

    0220b83ddd2610c71e53bed8a30404eae7033a520c301c7dec92224b6f58589be8cbb03786ad1d40f53bd590aa18815748b258cfefe67006a58431c523359c82

  • SSDEEP

    6144:I6696xbMlEggdFWFMKUN5exG1PRcYgtHl274UjFnEKVqSMPESEa5ZelA6+KAQ1:I66MbMVFpUbeABR4Hq6FSMPV8A3KAW

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 7 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • Drops file in Windows directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 34 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of SetWindowsHookEx 60 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\IMG_3065.jpg
    1⤵
      PID:2668
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe"
      1⤵
      • Drops file in Windows directory
      • Enumerates system info in registry
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:4960
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff2328cc40,0x7fff2328cc4c,0x7fff2328cc58
        2⤵
          PID:3448
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1828,i,17698489768980254194,960148840263609788,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1820 /prefetch:2
          2⤵
            PID:3032
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2132,i,17698489768980254194,960148840263609788,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2124 /prefetch:3
            2⤵
              PID:2072
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2204,i,17698489768980254194,960148840263609788,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2216 /prefetch:8
              2⤵
                PID:2272
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,17698489768980254194,960148840263609788,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3288 /prefetch:1
                2⤵
                  PID:5080
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3152,i,17698489768980254194,960148840263609788,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3336 /prefetch:1
                  2⤵
                    PID:808
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4500,i,17698489768980254194,960148840263609788,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4496 /prefetch:1
                    2⤵
                      PID:1684
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4576,i,17698489768980254194,960148840263609788,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4580 /prefetch:8
                      2⤵
                        PID:3468
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4512,i,17698489768980254194,960148840263609788,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4716 /prefetch:8
                        2⤵
                          PID:1888
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4636,i,17698489768980254194,960148840263609788,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4760 /prefetch:8
                          2⤵
                            PID:1200
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4612,i,17698489768980254194,960148840263609788,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4608 /prefetch:8
                            2⤵
                              PID:1384
                            • C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe
                              "C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe" --reenable-autoupdates --system-level
                              2⤵
                              • Drops file in Windows directory
                              PID:2580
                              • C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe
                                "C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff7bed64698,0x7ff7bed646a4,0x7ff7bed646b0
                                3⤵
                                • Drops file in Windows directory
                                PID:456
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4720,i,17698489768980254194,960148840263609788,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5016 /prefetch:1
                              2⤵
                                PID:4672
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3344,i,17698489768980254194,960148840263609788,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3396 /prefetch:1
                                2⤵
                                  PID:4216
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5096,i,17698489768980254194,960148840263609788,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5136 /prefetch:8
                                  2⤵
                                    PID:2928
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5132,i,17698489768980254194,960148840263609788,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5284 /prefetch:8
                                    2⤵
                                      PID:4116
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3820,i,17698489768980254194,960148840263609788,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=5144 /prefetch:8
                                      2⤵
                                      • NTFS ADS
                                      PID:1340
                                    • C:\Users\Admin\Downloads\MEMZ.exe
                                      "C:\Users\Admin\Downloads\MEMZ.exe"
                                      2⤵
                                      • Executes dropped EXE
                                      PID:2140
                                      • C:\Users\Admin\Downloads\MEMZ.exe
                                        "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
                                        3⤵
                                        • Executes dropped EXE
                                        PID:1712
                                      • C:\Users\Admin\Downloads\MEMZ.exe
                                        "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
                                        3⤵
                                        • Executes dropped EXE
                                        • Suspicious behavior: EnumeratesProcesses
                                        • Suspicious use of SetWindowsHookEx
                                        PID:764
                                      • C:\Users\Admin\Downloads\MEMZ.exe
                                        "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
                                        3⤵
                                        • Executes dropped EXE
                                        • Suspicious use of SetWindowsHookEx
                                        PID:2596
                                      • C:\Users\Admin\Downloads\MEMZ.exe
                                        "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
                                        3⤵
                                        • Executes dropped EXE
                                        • Suspicious use of SetWindowsHookEx
                                        PID:904
                                      • C:\Users\Admin\Downloads\MEMZ.exe
                                        "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
                                        3⤵
                                        • Executes dropped EXE
                                        PID:1056
                                      • C:\Users\Admin\Downloads\MEMZ.exe
                                        "C:\Users\Admin\Downloads\MEMZ.exe" /main
                                        3⤵
                                        • Executes dropped EXE
                                        • Writes to the Master Boot Record (MBR)
                                        PID:452
                                        • C:\Windows\SysWOW64\notepad.exe
                                          "C:\Windows\System32\notepad.exe" \note.txt
                                          4⤵
                                            PID:3020
                                    • C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
                                      "C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
                                      1⤵
                                        PID:4428
                                      • C:\Windows\system32\svchost.exe
                                        C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                        1⤵
                                          PID:3436

                                        Network

                                        MITRE ATT&CK Enterprise v15

                                        Replay Monitor

                                        Loading Replay Monitor...

                                        Downloads

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                                          Filesize

                                          649B

                                          MD5

                                          37cc49d25b486bacc07e66d23659e2bf

                                          SHA1

                                          5f41348be0e094208eb7300cc4a51241ca43f6ea

                                          SHA256

                                          6513b5f74b0959dc4b3cf33b89e7e393c78e7c3ac40c6909e87d16a5b3dceed2

                                          SHA512

                                          f773deeaec73a65c26bacabcf13f6b5078ba1dc54e599dfa43494a7c2ad9d911017301f4b85841b400f91da0e17f316bc0f3bcb007861149e479cc96a72cad1a

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                          Filesize

                                          2KB

                                          MD5

                                          95608f8ce0b7c1fdf29b1651a6a0ac01

                                          SHA1

                                          26e296cfdb8675c1f81dca3568c9b71dd07eea3e

                                          SHA256

                                          47fbf7c4504a6c25c717f7d72d3ff574711bb435b37488bc9a106cd87acf7197

                                          SHA512

                                          fb6d76813eef86fe2a040ec68fb93f2481492df0f904c68dfd8ef450ed55b20ac62d8808990339ef1b8447fd333bfa5e3bf6f689f3460ef08665c2d5f1c3fe08

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                          Filesize

                                          4KB

                                          MD5

                                          1293b7a8031a8bd92e24a40ee4b10e72

                                          SHA1

                                          bcc9ab4e7d8a7982ba5534a1e2c8d15b5e6ded01

                                          SHA256

                                          0610dba48e0f13d6a8b1901dff1b9c0d756990b1beb08b936d1811663a5614ac

                                          SHA512

                                          e4d602a446b780b89eb8b85dd61dce6470be6b274fa27ec621df3fec4da05c0b895bc4756b25b18f052767f3531a3ba0cd28099bd852c8b4940b00e5f9be82c4

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                          Filesize

                                          2B

                                          MD5

                                          d751713988987e9331980363e24189ce

                                          SHA1

                                          97d170e1550eee4afc0af065b78cda302a97674c

                                          SHA256

                                          4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                          SHA512

                                          b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                          Filesize

                                          354B

                                          MD5

                                          45eb0432e877629060e685d2c4d0246f

                                          SHA1

                                          5cc239bfec77c70ffdf173a22a80b325c958ef1e

                                          SHA256

                                          df265923bff0b21bb440fc2c1cbfe9a49c0bf468121cd466fa21898858482a7e

                                          SHA512

                                          a1817c328b71626f3f479837606d4f13a7948be89dcfa459b643a018eb8326228db2b0feafceff38244b1bac309d4e04c50a6d5973eb1f55968e03426099a6b9

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                          Filesize

                                          1KB

                                          MD5

                                          49c896c262bb8c1802d1fc4f1252bb7f

                                          SHA1

                                          a15f7a011a78cbee65ae3022e8c6b3ad047221a4

                                          SHA256

                                          ab572fea45eabd25a0adf222bc00b7f39f1ced852ca6105e7731c2d8def0bb8a

                                          SHA512

                                          04d6d94688939404e0a02739e88c5be93daae9c8aa4b28f863da8bbb673c97b7b9b6e3a7f09c5582b766a5e00d71fc92ef3da6506a82c440700cb46c05e3f351

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                          Filesize

                                          1KB

                                          MD5

                                          0e3e1cb7a5a31405b4ddda525eeb8466

                                          SHA1

                                          dfaf28557b812ba60fbd1d7645641892d1356112

                                          SHA256

                                          86ae544f4fef04648553bddeef94225d7140c1497685f15d8c9707491f8ccda2

                                          SHA512

                                          375e339a15a75213af9833714d3df7a835263f9c3de0d3f302ddc572eb79e2350613ad587eaf48504947819372aa28acb241203df5667a7d305d02776a87a852

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          10KB

                                          MD5

                                          515f99256e7bb15fb808201a01d58747

                                          SHA1

                                          c8ddd9eb90eef00b2c1f575dd1f24eb59404c08a

                                          SHA256

                                          e3f976934e5b17d9e5b64983d39e632ea798670a2ea649f5af5cc5c7c0437436

                                          SHA512

                                          cabcd623f7968e4e87e72fa18105dabf8105ee3f37933bbe0b45908fd17f443ec6ee5d67847cf33c7107ab3b39b8b8eb9e4b43e49e678fcef6a7e5ef4d707f8e

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          9KB

                                          MD5

                                          b82af10ef7f40bd81449c108bac91cd7

                                          SHA1

                                          98e31d7dcd6c48dc29d8f4bbef9e9fe7ef70b6eb

                                          SHA256

                                          7663c85c4c465fbcd452bcb8067aa5cb8a39885cd94cf50720456e24e1273fdf

                                          SHA512

                                          87fa85db516115e7400b9c9fa3dbccabf951d4b1df30e1e87050d29103497431cb218e7633c2d26c5012f5592a0df696c9a66979ebbefcf91473dab83b29042e

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          10KB

                                          MD5

                                          e718c7e3069fb2b0d7f467e149848be6

                                          SHA1

                                          22a0e4e3bf86fbec169144be1bf1fd4c86ab3640

                                          SHA256

                                          163c9ab93526da171332581b9de944e457c5910b7d9c647091e00b846163263c

                                          SHA512

                                          605f547c9b41e4dbede66c89c04f522ac508c9d92e2a53502b0c3dfbd496833f97df769f0bc02e6a50c06e4e364423d4e6e62c69b99c5fb9c7c0f04733fdd805

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          10KB

                                          MD5

                                          858b75a2f5fb117d09947daf08ab9109

                                          SHA1

                                          59f1db6ee10bdc4c15fbe942b4870f5130457e32

                                          SHA256

                                          6233430b6315b8208af7e24797b6bc466afe339882770f0a556e02012a8b82cf

                                          SHA512

                                          bcba7c74dc2ed79c71e2862cb7566b3a34e490a7a63634094a703bbbacdece426e4db1bee813f3cfcda077d760892461945f20742342701ab875af2ee108fa92

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                          Filesize

                                          10KB

                                          MD5

                                          3d4f57cc4ec3fddca130dd949353ba3c

                                          SHA1

                                          7d79af2e2a3dcb4c270204f5fba38b1de8689f9c

                                          SHA256

                                          2cb3cdfab15bea132a14a2a9555f034dbf88463cb49c385531693a205c88a1f8

                                          SHA512

                                          6a466463d91df3f1ee049107076b9fde60e37f57f6eef98d358479b04c624e2d8fd195ddfcc1ba037314ed14fe8f1bf2f78d9de2ae0a908ffb3a821104455e73

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                          Filesize

                                          15KB

                                          MD5

                                          892ad6806c955dd4f5aec21d7fd25447

                                          SHA1

                                          71736da185af9b492946a461a8b1660505c75b6c

                                          SHA256

                                          06526a76308f2446ddc25e7dd65a3ed319a73d36834bd7fce17446e1e880f31e

                                          SHA512

                                          7dc1bf97dbe95b52e800dbfda07f39ae434ba3c82d762148c133d566585056b7cfde3d518b706b84f4e810405772afec4420a1ebe3138a01d9c4bdd88afa581c

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\fc44cb15-4242-41fe-9ea0-3dedd0047363.tmp

                                          Filesize

                                          10KB

                                          MD5

                                          724286ad64971549302e43594453d497

                                          SHA1

                                          e27b17c4f4b2d0bca00af9f4d23f9e2213ee10e5

                                          SHA256

                                          a973686194c327b56893d00046ea62d028779bd6a0f0dd971d4c3ecd86fc96c6

                                          SHA512

                                          46ea14237ee2825fec2865787a792a18f579c095288a1321b30d3fc5754a306ad175a48607678e6b4a31385d04d2e097b1e773277accd659ae71440fafd17b4e

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                          Filesize

                                          169KB

                                          MD5

                                          bdc8e529aa23e8e4c28e11c477829ba0

                                          SHA1

                                          ab04aa7b26d24fe0152d95a811d0478400fceab8

                                          SHA256

                                          875d437fb7e01dd75d034d0a055ce01d6462d2d258e58850f262320ac23b26c0

                                          SHA512

                                          0f51ec45b6a1201ef23f0b76e1a7988ba48b9870c14f6fca25ac09ad45c2d9585db4f0b8a9a2800b3a23ca7690281c04948e9eaddb8401d99b15cae82607d7aa

                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                          Filesize

                                          169KB

                                          MD5

                                          f6f19d9354c43fe13c89819b1865b637

                                          SHA1

                                          d6b7c458dd0f6be0a7f92437d65b7237e6b929be

                                          SHA256

                                          1d6bda29e1090587b398067aae70247324166a380b32c1f10c23239428a37dbd

                                          SHA512

                                          c76b579851a2c95af728b2bd081fdda04e7e9018b949f2d3b5b3b28905bb55a6d9321e5ae0b283114bd55b2d975cd7dbb3b86cb67446d091771aa456530f583e

                                        • C:\Users\Admin\Downloads\MEMZ.exe

                                          Filesize

                                          16KB

                                          MD5

                                          1d5ad9c8d3fee874d0feb8bfac220a11

                                          SHA1

                                          ca6d3f7e6c784155f664a9179ca64e4034df9595

                                          SHA256

                                          3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

                                          SHA512

                                          c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

                                        • C:\Users\Admin\Downloads\MEMZ.exe:Zone.Identifier

                                          Filesize

                                          170B

                                          MD5

                                          42ba018776c229ec8042d86ed887eb02

                                          SHA1

                                          f659b4b6d07346fa251e3ecd12b487a8855ade69

                                          SHA256

                                          e10ac4ed219df684b0d33d8e5a69e1d6d94dd7e98431b7af73d678effd1f628e

                                          SHA512

                                          021be5429ee8526ffba42f298912446bc621b9a9449e712818b766dd2cff73e91c4496a6cc4f7f2065c063838a67f9e84ef82c81a1586e302bcff2044f8d5123

                                        • C:\note.txt

                                          Filesize

                                          218B

                                          MD5

                                          afa6955439b8d516721231029fb9ca1b

                                          SHA1

                                          087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

                                          SHA256

                                          8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

                                          SHA512

                                          5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf