Resubmissions

01-07-2024 22:48

240701-2rkwwsycln 10

01-07-2024 22:45

240701-2pd1kaybkp 8

Analysis

  • max time kernel
    102s
  • max time network
    121s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    01-07-2024 22:45

Errors

Reason
Machine shutdown

General

  • Target

    $PLUGINSDIR/StdUtils.dll

  • Size

    100KB

  • MD5

    c6a6e03f77c313b267498515488c5740

  • SHA1

    3d49fc2784b9450962ed6b82b46e9c3c957d7c15

  • SHA256

    b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

  • SHA512

    9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

  • SSDEEP

    3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 7 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 36 IoCs
  • Suspicious use of SendNotifyMessage 14 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2692
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StdUtils.dll,#1
      2⤵
        PID:3448
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 536
          3⤵
          • Program crash
          PID:956
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3448 -ip 3448
      1⤵
        PID:232
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe"
        1⤵
        • Enumerates system info in registry
        • Modifies data under HKEY_USERS
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:3384
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe1b6bab58,0x7ffe1b6bab68,0x7ffe1b6bab78
          2⤵
            PID:4368
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1628 --field-trial-handle=1804,i,7782084779196333590,18227252647463228644,131072 /prefetch:2
            2⤵
              PID:492
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1804,i,7782084779196333590,18227252647463228644,131072 /prefetch:8
              2⤵
                PID:1540
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2160 --field-trial-handle=1804,i,7782084779196333590,18227252647463228644,131072 /prefetch:8
                2⤵
                  PID:4684
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3044 --field-trial-handle=1804,i,7782084779196333590,18227252647463228644,131072 /prefetch:1
                  2⤵
                    PID:1276
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3088 --field-trial-handle=1804,i,7782084779196333590,18227252647463228644,131072 /prefetch:1
                    2⤵
                      PID:3136
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4184 --field-trial-handle=1804,i,7782084779196333590,18227252647463228644,131072 /prefetch:1
                      2⤵
                        PID:904
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4352 --field-trial-handle=1804,i,7782084779196333590,18227252647463228644,131072 /prefetch:8
                        2⤵
                          PID:4816
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4496 --field-trial-handle=1804,i,7782084779196333590,18227252647463228644,131072 /prefetch:8
                          2⤵
                            PID:2908
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4412 --field-trial-handle=1804,i,7782084779196333590,18227252647463228644,131072 /prefetch:8
                            2⤵
                              PID:1596
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4756 --field-trial-handle=1804,i,7782084779196333590,18227252647463228644,131072 /prefetch:8
                              2⤵
                                PID:2664
                              • C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
                                "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
                                2⤵
                                  PID:3616
                                  • C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
                                    "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff766b6ae48,0x7ff766b6ae58,0x7ff766b6ae68
                                    3⤵
                                      PID:4056
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4384 --field-trial-handle=1804,i,7782084779196333590,18227252647463228644,131072 /prefetch:8
                                    2⤵
                                      PID:3416
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4400 --field-trial-handle=1804,i,7782084779196333590,18227252647463228644,131072 /prefetch:1
                                      2⤵
                                        PID:2676
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4760 --field-trial-handle=1804,i,7782084779196333590,18227252647463228644,131072 /prefetch:1
                                        2⤵
                                          PID:4088
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3420 --field-trial-handle=1804,i,7782084779196333590,18227252647463228644,131072 /prefetch:8
                                          2⤵
                                            PID:2044
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3404 --field-trial-handle=1804,i,7782084779196333590,18227252647463228644,131072 /prefetch:8
                                            2⤵
                                              PID:1384
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3432 --field-trial-handle=1804,i,7782084779196333590,18227252647463228644,131072 /prefetch:8
                                              2⤵
                                                PID:3468
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 --field-trial-handle=1804,i,7782084779196333590,18227252647463228644,131072 /prefetch:8
                                                2⤵
                                                  PID:3528
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5124 --field-trial-handle=1804,i,7782084779196333590,18227252647463228644,131072 /prefetch:8
                                                  2⤵
                                                  • NTFS ADS
                                                  PID:228
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4984 --field-trial-handle=1804,i,7782084779196333590,18227252647463228644,131072 /prefetch:8
                                                  2⤵
                                                    PID:1304
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4948 --field-trial-handle=1804,i,7782084779196333590,18227252647463228644,131072 /prefetch:8
                                                    2⤵
                                                      PID:3184
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 --field-trial-handle=1804,i,7782084779196333590,18227252647463228644,131072 /prefetch:8
                                                      2⤵
                                                        PID:568
                                                      • C:\Users\Admin\Downloads\MEMZ.exe
                                                        "C:\Users\Admin\Downloads\MEMZ.exe"
                                                        2⤵
                                                        • Executes dropped EXE
                                                        PID:1996
                                                        • C:\Users\Admin\Downloads\MEMZ.exe
                                                          "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
                                                          3⤵
                                                          • Executes dropped EXE
                                                          • Suspicious behavior: EnumeratesProcesses
                                                          • Suspicious use of SetWindowsHookEx
                                                          PID:1496
                                                        • C:\Users\Admin\Downloads\MEMZ.exe
                                                          "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
                                                          3⤵
                                                          • Executes dropped EXE
                                                          • Suspicious use of SetWindowsHookEx
                                                          PID:3176
                                                        • C:\Users\Admin\Downloads\MEMZ.exe
                                                          "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
                                                          3⤵
                                                          • Executes dropped EXE
                                                          • Suspicious use of SetWindowsHookEx
                                                          PID:1632
                                                        • C:\Users\Admin\Downloads\MEMZ.exe
                                                          "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
                                                          3⤵
                                                          • Executes dropped EXE
                                                          • Suspicious use of SetWindowsHookEx
                                                          PID:4764
                                                        • C:\Users\Admin\Downloads\MEMZ.exe
                                                          "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
                                                          3⤵
                                                          • Executes dropped EXE
                                                          PID:3280
                                                        • C:\Users\Admin\Downloads\MEMZ.exe
                                                          "C:\Users\Admin\Downloads\MEMZ.exe" /main
                                                          3⤵
                                                          • Executes dropped EXE
                                                          • Writes to the Master Boot Record (MBR)
                                                          PID:4364
                                                          • C:\Windows\SysWOW64\notepad.exe
                                                            "C:\Windows\System32\notepad.exe" \note.txt
                                                            4⤵
                                                              PID:1644
                                                      • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                                                        "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                                                        1⤵
                                                          PID:3476

                                                        Network

                                                        MITRE ATT&CK Enterprise v15

                                                        Replay Monitor

                                                        Loading Replay Monitor...

                                                        Downloads

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\7571f1ab-3d6d-41a2-bc16-84242c2c2b20.tmp

                                                          Filesize

                                                          16KB

                                                          MD5

                                                          10b48ed2c94a401a0d059740b8d66fb1

                                                          SHA1

                                                          7c4d7f58f143f51fc95749d63a696cbc7860da24

                                                          SHA256

                                                          b2be98a5c99ee4b78102a4afd0eef0e0890dc5f3034980094ab35571650ef47a

                                                          SHA512

                                                          cca938586a594227866fa3d59d9914917363ab943b80c9f5a2690be6407895516dc599e829bd2181942e012a547547ebfbab01cecda717139f341eb9258844ed

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                          Filesize

                                                          2KB

                                                          MD5

                                                          f3ad50557750635a2f649ad501ec0ba2

                                                          SHA1

                                                          24dbca3f5871a568a3c47c684c8dd62c9191f6df

                                                          SHA256

                                                          70663946427d38d7de71f62b9b3d3a34750108444660d898e477a6718d95beb6

                                                          SHA512

                                                          ccfcfb041026d27ae114ce0358d4ac467d32754b55ad62299303ea84c987d53f988fe8c32db713805525e9b5924a0aaea11b5a69ac113b840d6f4da32c62de37

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\8205e94c-ea3d-4051-a6ae-c5c28a98a459.tmp

                                                          Filesize

                                                          1KB

                                                          MD5

                                                          a55c112e030e8fa2f6ffb3c7d07e48af

                                                          SHA1

                                                          7f95589f972d5612c74f36d38311bce434ecd475

                                                          SHA256

                                                          efd52616ffa497c059162e49d67fc42309516201ae6dd6e6030750e75a1d4060

                                                          SHA512

                                                          7fdfd6ff22f01c7d9a601f2fb75c12e616eef41e3fc23955c7273badb5d2d286f5b4f81d8b092e35da23def1fa7bf100df0cebd1c4d39eb636668957756a2e73

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                                          Filesize

                                                          2B

                                                          MD5

                                                          d751713988987e9331980363e24189ce

                                                          SHA1

                                                          97d170e1550eee4afc0af065b78cda302a97674c

                                                          SHA256

                                                          4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                          SHA512

                                                          b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                          Filesize

                                                          1KB

                                                          MD5

                                                          f9f61d044ff3afba60c271053c990244

                                                          SHA1

                                                          6515aba7f84e070553df90cb90bedb104604dae1

                                                          SHA256

                                                          2f16b1fb0cf603df900000a58c2cd48bda46a8b7f7a0447e6e12d9c96613b84c

                                                          SHA512

                                                          7073223d25bc193bb729b3a18badc132679f1a5739b0c6cb5f326a2478ccc8d462ca241fc33319216a8f9644597d0e5569c2bb064fbad5d6fc78ecbc8c5b7f89

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                          Filesize

                                                          1KB

                                                          MD5

                                                          306f168d6ff1515865365b2025eb9568

                                                          SHA1

                                                          ee79a89058151da3e34d34bfdb2b5f0be9ed1cc5

                                                          SHA256

                                                          fe3fff4821ba8915cce81fe13fd4ffe6ceb4d14a397816fbd9f8b7aae33010ee

                                                          SHA512

                                                          eff4f5eb3386c02df2707f8c0097c4b7a196fb24134dda55c3a4a79ba3678c3778fe56cefeb1edc85d7a7d3b7a53f2ba1d173d0ff35b72fc626afe0d38ad5ca5

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                          Filesize

                                                          356B

                                                          MD5

                                                          76e97735b414e412f186b1d9af74b168

                                                          SHA1

                                                          4b3399a15fcf1680fa80168f75ab0865be7d266b

                                                          SHA256

                                                          13832f879683bae2c01c5506f07ec8c53c3b805f9dffa0cd6a36846bebd1e547

                                                          SHA512

                                                          2af7d3f19d6ba3e743b12eaadbdb1ef04de5825fe198402f618427279afd8ebfccec511e0daa5054831cac1c8cd6c20e56e98224a46a53de7c5f2b6e8b9aa3d6

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                          Filesize

                                                          1KB

                                                          MD5

                                                          90b9fb8404d90f369971aa222e7786b3

                                                          SHA1

                                                          1951580e3e35229507d59a1db07dfc2791ec9017

                                                          SHA256

                                                          2758676240b18878cf45917c4bc29fcbce7dffb08581414fbd4e28bb5a008296

                                                          SHA512

                                                          e443fd8df291d0d8715227ba477abd000275bebf69a7ea2b0ee3a19e4beb20d57472afde628f1ef984be375400c9ff7c49def8051575d6489c08b15eb606012f

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                          Filesize

                                                          7KB

                                                          MD5

                                                          34bbd619e8631ca3bc0490cbc6c7ad14

                                                          SHA1

                                                          91c27c93c756d983dc606269f005578248b10cf4

                                                          SHA256

                                                          8906ee1ae7a0fca0b22b67078a4a62d88f0584776589a73cb29670d8f2753b0f

                                                          SHA512

                                                          b1eb453b37d9a89f43169a4c879a42d3b6f01c33f40816a2479e79dcc26a8f142da4460e73e8b6d6a55124d0bf6a8a0358f801c58d34dc78d5307b9ffc0deeab

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                          Filesize

                                                          7KB

                                                          MD5

                                                          f99df35da2bcdb95b8da2263ebab2430

                                                          SHA1

                                                          75efabe95b9aeee13bcb09d2e512822e88477b23

                                                          SHA256

                                                          d00ed44af15d31ea232414fcc4a9106996036bc676901cc7761c43fb52933df6

                                                          SHA512

                                                          fba345e209ae8450bc1860ee785e12faa49a48f9ba0aa00725ca88d8e3648a3b8d70bb574b62b8032634cf29806213854bd9664b64cb9d5358e772400ac170d1

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                          Filesize

                                                          8KB

                                                          MD5

                                                          6d8cae543bea75f3e6b987681380a0f8

                                                          SHA1

                                                          589ab4f230a4f9f0148f3c04a4b8ec660ae6ce3c

                                                          SHA256

                                                          0ac3fc9e1a07351c683758794a4aba6471222c5756a19b76d12fd2a6abba9264

                                                          SHA512

                                                          ac15f42598ddded6b9eaea4209edc350cb2bad2f94319b2c0ca1b99cdaef84f1ffca9fd6ea62e93d4e434ffa62909f2a984dab586d806be6471d2ae9834f4545

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                          Filesize

                                                          269KB

                                                          MD5

                                                          b33932c73111fb0533fb2c73aa9c4d26

                                                          SHA1

                                                          f06e14888133a841088b36eee46e8e213e34d0ed

                                                          SHA256

                                                          cf9b2b95d4bcadbd51aab13e1ae96e4eb955a8e8dca980669bdcf7cd8d90d073

                                                          SHA512

                                                          c2f2dd60e57fb3b0498c45b8f99d8b54577b9d7fefa0dab15b99d3a5d656a3be3755a4402350dbdd654c2811a8f4537a6da083de8f45efe4d32b3332a6d1a5a2

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                          Filesize

                                                          85KB

                                                          MD5

                                                          90d1d4aca23394c44fde364eefcea9c4

                                                          SHA1

                                                          7394dc95f9396ad0ca84405c7549d7d97f139225

                                                          SHA256

                                                          f70f33490715cf78f1dbb43dd822c5c274bf7597583d7777e459f43586958253

                                                          SHA512

                                                          468b1bd53386ab80493916a38a7f6bd756dc3e00d0c31c905a1a5dd5fde4b1c3781eb63a9ae93afe1e9fd24fd9eecc4cfa0eb5242e09b59cb0aea3821466b98f

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

                                                          Filesize

                                                          98KB

                                                          MD5

                                                          183683ec2994598f0cd28afb1b77232d

                                                          SHA1

                                                          df39f99dfb403a4b403c50bf02057484ca95b76a

                                                          SHA256

                                                          25679c4390192a39aca914cf5647774a5a71d68ab236df06501089e725cb47ea

                                                          SHA512

                                                          b27c3a3aa6bc9128d8c83c8a6da6d99ea9bf0c3e4f2184b88f086c7bb4b9a032d562f933b3c7c51264949cafddfe2411b254d27a1b8585b333b25669555ad7f3

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5894d8.TMP

                                                          Filesize

                                                          83KB

                                                          MD5

                                                          2b173c21a468e7212546e2de95841643

                                                          SHA1

                                                          b79f2ece320d7b1110060597e2745d22c7d3257e

                                                          SHA256

                                                          4dd93fb586d618579c0a4bd144fad3d64a4b3f98b9b01899d24a84db323ee725

                                                          SHA512

                                                          1ae803e6dc06326b6d1d103778cd3030d41e1463286523a7723cc5b5f94a5181186a16bf7100068a5b6070381906be5a0d76058ca839caadc0141ec11647b3c1

                                                        • C:\Users\Admin\Downloads\MEMZ.exe

                                                          Filesize

                                                          16KB

                                                          MD5

                                                          1d5ad9c8d3fee874d0feb8bfac220a11

                                                          SHA1

                                                          ca6d3f7e6c784155f664a9179ca64e4034df9595

                                                          SHA256

                                                          3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

                                                          SHA512

                                                          c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

                                                        • C:\Users\Admin\Downloads\MEMZ.exe:Zone.Identifier

                                                          Filesize

                                                          26B

                                                          MD5

                                                          fbccf14d504b7b2dbcb5a5bda75bd93b

                                                          SHA1

                                                          d59fc84cdd5217c6cf74785703655f78da6b582b

                                                          SHA256

                                                          eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

                                                          SHA512

                                                          aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

                                                        • C:\note.txt

                                                          Filesize

                                                          218B

                                                          MD5

                                                          afa6955439b8d516721231029fb9ca1b

                                                          SHA1

                                                          087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

                                                          SHA256

                                                          8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

                                                          SHA512

                                                          5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

                                                        • \??\pipe\crashpad_3384_DQQOXJFNOMOHVCZB

                                                          MD5

                                                          d41d8cd98f00b204e9800998ecf8427e

                                                          SHA1

                                                          da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                          SHA256

                                                          e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                          SHA512

                                                          cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e