3e5e23c0adf484b96a726f9ecdbd4a3089ad7f8979329616b73e521825e183ae

max time kernel
118s
max time network
131s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
27/09/2024, 23:12

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

Screenshot 2024-09-24 2.11.17 PM.png
Size

45KB
MD5

578c76503d19e73f7a935cdfb1a4108e
SHA1

74644b49ebeb844cfa821fe70251f8e56ac6e112
SHA256

3e5e23c0adf484b96a726f9ecdbd4a3089ad7f8979329616b73e521825e183ae
SHA512

52b1cb29234be0e46a90cc26f8ac9ad6ff45887f80fbaf20da53bce7c9530111778317aaa393e6e94fe97f3f15372a0de869f709e768f278bd74ba989599ca0d
SSDEEP

768:54PXdrAREaTeqsZ+93ArVC7UpbJss0JAKEKFXsojUIFI5A29+FKn2g5Fh2O:54Pa1swmfNIOKEKSY29tnxhz

Score

8^/10

bootkit defense_evasion discovery persistence

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 7 IoCs

pid	Process
4488	MEMZ.exe
2388	MEMZ.exe
2088	MEMZ.exe
3640	MEMZ.exe
4792	MEMZ.exe
4492	MEMZ.exe
3788	MEMZ.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
9	raw.githubusercontent.com
56	raw.githubusercontent.com
64	raw.githubusercontent.com

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\MEMZ.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133719523700503886"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\MEMZ.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3900	chrome.exe
3900	chrome.exe
2388	MEMZ.exe
2388	MEMZ.exe
2388	MEMZ.exe
2388	MEMZ.exe
2388	MEMZ.exe
2388	MEMZ.exe
2388	MEMZ.exe
2388	MEMZ.exe
2388	MEMZ.exe
2388	MEMZ.exe
2388	MEMZ.exe
2388	MEMZ.exe
2388	MEMZ.exe
2388	MEMZ.exe
2388	MEMZ.exe
2388	MEMZ.exe
2388	MEMZ.exe
2388	MEMZ.exe
2388	MEMZ.exe
2388	MEMZ.exe
2388	MEMZ.exe
2388	MEMZ.exe
2388	MEMZ.exe
2388	MEMZ.exe
2388	MEMZ.exe
2388	MEMZ.exe
2388	MEMZ.exe
2388	MEMZ.exe
2388	MEMZ.exe
2388	MEMZ.exe
2388	MEMZ.exe
2388	MEMZ.exe
2388	MEMZ.exe
2388	MEMZ.exe
2388	MEMZ.exe
2388	MEMZ.exe
2388	MEMZ.exe
2388	MEMZ.exe
2388	MEMZ.exe
2388	MEMZ.exe
2388	MEMZ.exe
2388	MEMZ.exe
2388	MEMZ.exe
2388	MEMZ.exe
2388	MEMZ.exe
2388	MEMZ.exe
2388	MEMZ.exe
2388	MEMZ.exe
2388	MEMZ.exe
2388	MEMZ.exe
2388	MEMZ.exe
2388	MEMZ.exe
2388	MEMZ.exe
2388	MEMZ.exe
2388	MEMZ.exe
2388	MEMZ.exe
2388	MEMZ.exe
2388	MEMZ.exe
2388	MEMZ.exe
2388	MEMZ.exe
2388	MEMZ.exe
2388	MEMZ.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe
Token: SeShutdownPrivilege	3900	chrome.exe
Token: SeCreatePagefilePrivilege	3900	chrome.exe

Suspicious use of FindShellTrayWindow 39 IoCs

pid	Process
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe

Suspicious use of SendNotifyMessage 14 IoCs

pid	Process
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe
3900	chrome.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3900	chrome.exe
3900	chrome.exe
1612	MiniSearchHost.exe
2088	MEMZ.exe
2388	MEMZ.exe
4792	MEMZ.exe
3640	MEMZ.exe
2088	MEMZ.exe
3640	MEMZ.exe
4792	MEMZ.exe
2388	MEMZ.exe
2088	MEMZ.exe
3640	MEMZ.exe
2388	MEMZ.exe
4792	MEMZ.exe
2088	MEMZ.exe
3640	MEMZ.exe
4792	MEMZ.exe
2388	MEMZ.exe
2088	MEMZ.exe
3640	MEMZ.exe
2388	MEMZ.exe
4792	MEMZ.exe
2088	MEMZ.exe
3640	MEMZ.exe
2388	MEMZ.exe
4792	MEMZ.exe
2088	MEMZ.exe
2388	MEMZ.exe
3640	MEMZ.exe
4792	MEMZ.exe
2088	MEMZ.exe
3640	MEMZ.exe
2388	MEMZ.exe
4792	MEMZ.exe
2088	MEMZ.exe
3640	MEMZ.exe
2388	MEMZ.exe
4792	MEMZ.exe
2088	MEMZ.exe
2388	MEMZ.exe
3640	MEMZ.exe
4792	MEMZ.exe
2088	MEMZ.exe
3640	MEMZ.exe
2388	MEMZ.exe
4792	MEMZ.exe
2088	MEMZ.exe
2388	MEMZ.exe
3640	MEMZ.exe
4792	MEMZ.exe
2088	MEMZ.exe
2388	MEMZ.exe
3640	MEMZ.exe
4792	MEMZ.exe
2088	MEMZ.exe
2388	MEMZ.exe
3640	MEMZ.exe
4792	MEMZ.exe
2088	MEMZ.exe
3640	MEMZ.exe
2388	MEMZ.exe
4792	MEMZ.exe
2088	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3900 wrote to memory of 2556	3900	chrome.exe	82
PID 3900 wrote to memory of 2556	3900	chrome.exe	82
PID 3900 wrote to memory of 492	3900	chrome.exe	83
PID 3900 wrote to memory of 492	3900	chrome.exe	83
PID 3900 wrote to memory of 492	3900	chrome.exe	83
PID 3900 wrote to memory of 492	3900	chrome.exe	83
PID 3900 wrote to memory of 492	3900	chrome.exe	83
PID 3900 wrote to memory of 492	3900	chrome.exe	83
PID 3900 wrote to memory of 492	3900	chrome.exe	83
PID 3900 wrote to memory of 492	3900	chrome.exe	83
PID 3900 wrote to memory of 492	3900	chrome.exe	83
PID 3900 wrote to memory of 492	3900	chrome.exe	83
PID 3900 wrote to memory of 492	3900	chrome.exe	83
PID 3900 wrote to memory of 492	3900	chrome.exe	83
PID 3900 wrote to memory of 492	3900	chrome.exe	83
PID 3900 wrote to memory of 492	3900	chrome.exe	83
PID 3900 wrote to memory of 492	3900	chrome.exe	83
PID 3900 wrote to memory of 492	3900	chrome.exe	83
PID 3900 wrote to memory of 492	3900	chrome.exe	83
PID 3900 wrote to memory of 492	3900	chrome.exe	83
PID 3900 wrote to memory of 492	3900	chrome.exe	83
PID 3900 wrote to memory of 492	3900	chrome.exe	83
PID 3900 wrote to memory of 492	3900	chrome.exe	83
PID 3900 wrote to memory of 492	3900	chrome.exe	83
PID 3900 wrote to memory of 492	3900	chrome.exe	83
PID 3900 wrote to memory of 492	3900	chrome.exe	83
PID 3900 wrote to memory of 492	3900	chrome.exe	83
PID 3900 wrote to memory of 492	3900	chrome.exe	83
PID 3900 wrote to memory of 492	3900	chrome.exe	83
PID 3900 wrote to memory of 492	3900	chrome.exe	83
PID 3900 wrote to memory of 492	3900	chrome.exe	83
PID 3900 wrote to memory of 492	3900	chrome.exe	83
PID 3900 wrote to memory of 2536	3900	chrome.exe	84
PID 3900 wrote to memory of 2536	3900	chrome.exe	84
PID 3900 wrote to memory of 3464	3900	chrome.exe	85
PID 3900 wrote to memory of 3464	3900	chrome.exe	85
PID 3900 wrote to memory of 3464	3900	chrome.exe	85
PID 3900 wrote to memory of 3464	3900	chrome.exe	85
PID 3900 wrote to memory of 3464	3900	chrome.exe	85
PID 3900 wrote to memory of 3464	3900	chrome.exe	85
PID 3900 wrote to memory of 3464	3900	chrome.exe	85
PID 3900 wrote to memory of 3464	3900	chrome.exe	85
PID 3900 wrote to memory of 3464	3900	chrome.exe	85
PID 3900 wrote to memory of 3464	3900	chrome.exe	85
PID 3900 wrote to memory of 3464	3900	chrome.exe	85
PID 3900 wrote to memory of 3464	3900	chrome.exe	85
PID 3900 wrote to memory of 3464	3900	chrome.exe	85
PID 3900 wrote to memory of 3464	3900	chrome.exe	85
PID 3900 wrote to memory of 3464	3900	chrome.exe	85
PID 3900 wrote to memory of 3464	3900	chrome.exe	85
PID 3900 wrote to memory of 3464	3900	chrome.exe	85
PID 3900 wrote to memory of 3464	3900	chrome.exe	85
PID 3900 wrote to memory of 3464	3900	chrome.exe	85
PID 3900 wrote to memory of 3464	3900	chrome.exe	85
PID 3900 wrote to memory of 3464	3900	chrome.exe	85
PID 3900 wrote to memory of 3464	3900	chrome.exe	85
PID 3900 wrote to memory of 3464	3900	chrome.exe	85
PID 3900 wrote to memory of 3464	3900	chrome.exe	85
PID 3900 wrote to memory of 3464	3900	chrome.exe	85
PID 3900 wrote to memory of 3464	3900	chrome.exe	85
PID 3900 wrote to memory of 3464	3900	chrome.exe	85
PID 3900 wrote to memory of 3464	3900	chrome.exe	85
PID 3900 wrote to memory of 3464	3900	chrome.exe	85
PID 3900 wrote to memory of 3464	3900	chrome.exe	85

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Screenshot 2024-09-24 2.11.17 PM.png"
1⤵
PID:3828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb649cc40,0x7ffcb649cc4c,0x7ffcb649cc58
  2⤵
  PID:2556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2020,i,11849032088769079900,11609462500088470552,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2016 /prefetch:2
  2⤵
  PID:492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1776,i,11849032088769079900,11609462500088470552,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2060 /prefetch:3
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2032,i,11849032088769079900,11609462500088470552,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2260 /prefetch:8
  2⤵
  PID:3464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,11849032088769079900,11609462500088470552,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3152,i,11849032088769079900,11609462500088470552,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:3100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4464,i,11849032088769079900,11609462500088470552,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4492 /prefetch:1
  2⤵
  PID:2388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4624,i,11849032088769079900,11609462500088470552,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4632 /prefetch:8
  2⤵
  PID:2196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4428,i,11849032088769079900,11609462500088470552,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3560 /prefetch:8
  2⤵
  PID:444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4720,i,11849032088769079900,11609462500088470552,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4796 /prefetch:8
  2⤵
  PID:1256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4648,i,11849032088769079900,11609462500088470552,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3588 /prefetch:8
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4764,i,11849032088769079900,11609462500088470552,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3292 /prefetch:8
  2⤵
  PID:4044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4796,i,11849032088769079900,11609462500088470552,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5092 /prefetch:8
  2⤵
  PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4868,i,11849032088769079900,11609462500088470552,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4784 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5268,i,11849032088769079900,11609462500088470552,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=212,i,11849032088769079900,11609462500088470552,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3452,i,11849032088769079900,11609462500088470552,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3488 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3596,i,11849032088769079900,11609462500088470552,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3132 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5200,i,11849032088769079900,11609462500088470552,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5336 /prefetch:8
  2⤵
  PID:4780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5480,i,11849032088769079900,11609462500088470552,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5100,i,11849032088769079900,11609462500088470552,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5612,i,11849032088769079900,11609462500088470552,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5628 /prefetch:8
  2⤵
  PID:3648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5588,i,11849032088769079900,11609462500088470552,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5508 /prefetch:8
  2⤵
  PID:3696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5616,i,11849032088769079900,11609462500088470552,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5868,i,11849032088769079900,11609462500088470552,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4552 /prefetch:8
  2⤵
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4556,i,11849032088769079900,11609462500088470552,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5968 /prefetch:8
  2⤵
  PID:1684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4584,i,11849032088769079900,11609462500088470552,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6116 /prefetch:8
  2⤵
  PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5844,i,11849032088769079900,11609462500088470552,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6152 /prefetch:8
  2⤵
  PID:3492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4544,i,11849032088769079900,11609462500088470552,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6416 /prefetch:8
  2⤵
  PID:3168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6408,i,11849032088769079900,11609462500088470552,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6548 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:3816
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4488
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:2388
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2088
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3640
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4792
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:4492
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /main
    3⤵
    - Executes dropped EXE
    - Writes to the Master Boot Record (MBR)
    - System Location Discovery: System Language Discovery
    PID:3788
  - - C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\System32\notepad.exe" \note.txt
      4⤵
      System Location Discovery: System Language Discovery
      PID:2000

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2080

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4756

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
002032ef86b63e0918832b475a2c3e76

SHA1
a2f6e0542b8bd7a9964a082a8c95ec07abb3630e

SHA256
b2e4d29196b60ef492cfb2468cc2aceb91314e33cfcdc3fdca696c23b453f621

SHA512
43dca9f89fe685499717cf6ee5cc5f0a737be929034027907187c0dca272d6427c600f9e87b4cdd1f2c1b6747ce36388f11a8f9cf61f2c62bbb0ee0be6798097

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\46507f18-8f65-436a-a222-1f1a1b480cd0.tmp

Filesize
15KB

MD5
6c32d316841a1c097a9ff5cf96696ef8

SHA1
dd2c30bb1a4bb6f921e7161db07bcce14e6fef38

SHA256
3bceca85f2755f66c7fb5851766bae3ffc61d761c9ace61c793feaa53aad06a4

SHA512
b78043c0398e6b163662b5cde45d5a9eb0e858590b89b938f7ed4d6b29cf978f9f327c38cd8748f076fba97c35627215fb8596d83b129638a2d3231c08916820

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
f6836f458cf9370870987aea24ff711f

SHA1
324e8dab3e3bdf6fdc41976eb167ad4f265f8391

SHA256
c6c0de82a61d2979e6e7238b72d0315604e7e9aa20d397d11e0fedccc9f789d3

SHA512
203555a7ca2ce2f1206abe87d7f34a92739a416700fbbb36c8368c8e5c7bd320ad5bc97efebbe03d861a4f082a21f0252ed9932e67baebf48f97119984a7e84b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
21KB

MD5
be89131819117173abec1e1a375f1ac4

SHA1
94537cc74677b671d9cf475b57ea11518f4c84bd

SHA256
e85deb52f4f7aafd50e84d48f26c6fd65dd58c42adfc0c6f7cd043d93fba2e93

SHA512
e2f033b4df28a245d3fe023db83ee4c3f9c64904ddbaf3880a0b429548ff6d7074f2bcaa0396042d361780c7f93a51e1f8a0de4154dbdf721cc6078ad9f29e5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
37KB

MD5
1b6703b594119e2ef0f09a829876ae73

SHA1
d324911ee56f7b031f0375192e4124b0b450395e

SHA256
0a8d23eceec4035c56dcfea9505de12a3b222bac422d3de5c15148952fec38a0

SHA512
62b38dd0c1cfb92daffd30d2961994aef66decf55a5c286f2274b725e72e990fa05cae0494dc6ad1565e4fbc88a6ddd9685bd6bc4da9100763ef268305f3afe2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
37KB

MD5
695326042c5f3f6819562cd3123eeda8

SHA1
0305834bc65caf015c62d4b17238706312f7293c

SHA256
f0af287767a533c614c49efd4bfcbd02e61d1ece42a3060c8bcbbc99247cf357

SHA512
2975344a91b2f3d560004eef87d091964dc58aedbdd3a6b69e67f04ebe4d226ba28320d5e274283301fe3a623545a8305355b12b9a8d69fef54c78cce9f3ea3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
20KB

MD5
e81e6ee2a2437491435d0be4f4a6bd6d

SHA1
5070881fe9886694f92ad5db9ef4a931d5444ccc

SHA256
2176a2d4851cc89a9924514ce5d7a0808d5c009bcde0f4c97c03f3c9c073097f

SHA512
af6b56725f125a25f36e442317b0cf68ecc44eee34c3955c0f5c21cc023ac036942f8e4a89b9b1c04796e8304ba43598dd5fd643abc9c06f47d558ea5c531e2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
81bd4169997dec2958ad116c0ab0987c

SHA1
77f7a9344b47d0fb337104f5558423ef05a2293b

SHA256
7df53f0060ee2b0e68fa657d3eb75cccf4cc446e3314a7bf4088dd9bbaf87b0e

SHA512
3a923999e2b0302099e30ec338fb83150c9ddbcb6408a7656f77dd7cb4895e1589b6d1fe4dbb67c6a31ae4c5cc563c8a285588f3a668d457fd9d63761b599e03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
80761fbb2d953b9c5616989992961460

SHA1
db0c10b610e9177244382ae92b0ee1bf22ab4b15

SHA256
3ff0c77f4f166fe2a8922fb223438097f1ccb9cb66b942500fe936651ac7a6b5

SHA512
0b6ddb77c1609b89cb0e885ec04e3ce928b48eb806a7e123f4594e59046036edd777668006d940b13f9b8e9dbb157170cfc95fd97c426e7a338205ee3d81c09b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
6a481b53206b02b83bb4eae4ebf8c889

SHA1
b03ead0303ad9a82dd9805283a33471ed449d176

SHA256
00bb7a14391aa31464273a73c19b5ff98cb170e7ed122b89dcbc223a2bd18fc4

SHA512
da635e8bb64beb5e7e0553aec26f5e2e41191de242ed2e082fc7a7f92b79d5bac2b7a3d168f8c1a87059d02a3eb86ccd761c6233c48d527e86678ba028c43233

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e1fde4deeb931d0389259590d4f7483a

SHA1
9a65e8f73e0521d7ded796f1b23b1027360b200d

SHA256
d0e889945c3c694fa8ead353b99aa25ca1b98b1f9d5ecc6221bfd374dfead397

SHA512
7ca3ca6a3fcf559b254b8ddf1f8e85240564b4e9737d56c8ff86d30a297f362d817ee75315471a2f9458f0d7766f78906534bc14abeeede243d2feea64f58f0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
96278215994a084a79a6b8d10e8ec96a

SHA1
19390994f6b9ec060118c803330834a1711ec0a2

SHA256
4be7e4bf5777cb37d3dafdee9cf50546fdf165dfa8a5d02fd0e1d3fa1c99d60f

SHA512
ce6f7c6cbf14106739d7297c81b96c53b5af9bf607e9fea297341b280b4ebfd65f927296d0ba554244a2058b8b70d58aadb176bc63220b411560008053e96efd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0280c8166eb8ded4059442b268891e29

SHA1
7477c34450e53ec1ccec82fe0008c462d48e7026

SHA256
90c4f51c061565955aebd8f7abdb10a8bc3e35b8d210377bb6e0fb1b32232074

SHA512
8d1f3ce8d57d110849526f9a8e9bc786133cc63b2a0f64461555f955e8b4c7390843a06b23b86fbc2cadbe3b5fd065924a833632ed62f100df2f307778d2f313

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
57f214e706aca31a5d570073dccfb6dc

SHA1
48fecbc26138058357df7ed585cafbc1e67dfd54

SHA256
075da4a3ee941b415b3a276d2c5735b87069729de2d0073c07dba397beef083d

SHA512
28bc59722e4524be84520cd541fb6d06b0d80500ccc3976a75da67bf4aecb48785f4cb1c6a8098d6b633854f083958c4fa87f4f3ec28c0256b20e7f9dcc91714

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
327b01113c0bdb9c2f4f07ca4bd39fe3

SHA1
d613cbc145b58cbcabf8c01c4524d33c7a86f52a

SHA256
8949d58cb655d833fe69850c6ecb5e13b646f713119c1fcc2a4538570acde011

SHA512
ffcaf5cffa79f76554ce4aa6aad684277ad67ff94c259eed296dc02eac61e6f19b35f23dccb0aaf6622786b85c5dbe2fe13b377846999a28bad167e9f2727b50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0e22552ced1927e99156e7e579d55055

SHA1
23ecafc9305d73bb39a9ef990a07f106761de35c

SHA256
cddbc9a2797473375c96037b7322e2512d80251084baa8a864ac20ea970e55e9

SHA512
9cac9dc57ee4236e757bf226af12ff3a644ba015b1eb252c83aca580c8a00b916ead9ec3a453bf6f603ba9a0485ab56f2fbcbac7b246b93fb9a45c52d7620c96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
bf9493ed903c9fa2b7a5f0c00e18b012

SHA1
976207b4ab21f78b56a6e7894e739a58f1a679e8

SHA256
7dae399f5b9a36b1cc9fa8d0ae97719dcaeaaec7e2007952b35461c4412c0bcc

SHA512
44a04826d27c2b30ada811b9897105e593abe7be2cd4bc49f7b218bde822378fe6fafdbd3a70c811bbecc19ed82d6f5fdd96f1b0df33abf5cdaf1938a19b7b14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
abeefa0f6e07c253eab03884d737bfc6

SHA1
b3a0a764708d7e8496f121fd49db2d8d0493d338

SHA256
84f6a65bfc73e9f7ac50312ac5510bba9e92d016d0de235a9b875bd4c15248c6

SHA512
bc3a5413a28adee4d0958b036b06692803dfd1edb36b3a01621efd048e1de1d884bb594a3c60ac545d1258bd8b751f2cd25c6d90c76f3898c74fe630db54bfce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fd08d7d4bb409e3971f3970570739238

SHA1
cd0664fca65b84d1180e7e7f63faab3857fa2794

SHA256
bb5b421d6ca27a29058535a157b6a3d918c4e6e924233971d16cc4c67ff4aac6

SHA512
e95844ccd2299f8c7ed08279cf7332582a91ac9dfe2e8574ea8be5cd9650ac3522d49ec2c8170dae23fcb0dc488069c6a79ae66eeb3eb4355a1f62ae3fa2acae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5ac9ccc2ec8727216481aa69ecc8e60d

SHA1
b13af09f646151207926522527a4e3e45ad22729

SHA256
9c4d52569e9c2192da3b800b37295c13ab58f091f34fe2dd666cd38842caa52d

SHA512
e77d80c7f8f4b6f118385c811a00cf1847773042d79dab83194246f8b91bcd54860dbf106ab4c875d8be9b9b2f92e57af5f65c1efa85512e4fcc4e00691b0697

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
800fc27078a77671603194c2ce1797ee

SHA1
c1e7f1453f09c76c2aafafcffb1ba4687c7635ed

SHA256
2de73f8f2d46bb85f9bddb09f7b631de77650c8b41c6eb424e89d9abecb7f247

SHA512
36d6b0d9aa9fb41878389a047e82effe640e7b17f15547697acd513f9e91153a683afc9bd4c214454eefd9f9a51c4825759d42291f160b84afb22a252f168b5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
212KB

MD5
1e35092e60d56d1f45b05a53437915b3

SHA1
ee712ad3f73ca623c7c5df75a052b654f9aaeb87

SHA256
b6bd5ff68dbd03689a86367b64fd2d76accac628e2c4a9e80639ab95d38d3e4c

SHA512
571453f4319bf61e96ffdf1699271bc11f59607a8c77cd121fd5d5dc5b4fb6a3ee96425262021f4e4bb3e75d979bb1d7a9c67fa35e8a07be5286c0afbb549b27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
212KB

MD5
0b1b3e367d3df4ff68ac6bd78be42808

SHA1
41b7513ea443ac400e3e7af4d337afa79830349b

SHA256
cbd1ae1f7cb4bfd1dcdd2450b20b1adaa46d30ee30d0d8f64c724afff398787b

SHA512
7bbcc336599011ed82025fb43860abfd74d1187ce22bc203e0dab335a520cf68d08b804392e7f64a6d2fdef0f19ded0f7984ae45b8b5346d31c7f1492dbb915e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
212KB

MD5
0e919c23ce71790505edd4089b1a7d72

SHA1
5545cf86877cc49f14ed251c3f839aa5fffa2c11

SHA256
b372d9f96208ce63961e1b4e8a7a2e0344fc014403685cc7fad14808da6c44b2

SHA512
5380a3175f6579e9cf15e4f638ca215ef5b5f2a2b91629c78910cc098ca0c1ae099c5dc7bbcb6b6545eb675312b9d1f5e425fb36d1057928e0c185af3e775b61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
212KB

MD5
16c97df03b3f866c2bc2c8c1ab15cc7d

SHA1
5ffc468aa512a95190055600de794b428e8e09c0

SHA256
ab95c5a625d6eeaabf7b03d81d5897d09c61c74e0e55187ba9bfb3a25424a276

SHA512
05b135d378ab70e9881e754110f0dd156d08bdc37d095a1252e1bdf9b80d73a81843fad5cbc3613f9351d321f6ba599d11542dc576b4b8774b9ac5e1c7c2f73a

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
7fc1af6f45e844eedd1a78d89ba2813d

SHA1
bdd93c47e99e7da95f5888d01cb85550f8fae9ab

SHA256
87577decf9290f786d76c3e9885e490106a7b00dd8a9b43471ff32f9eddd612e

SHA512
e79bc304620d23981c9bc03ada331755eaf74f356f32461bced715ef6e5c3ceab947a5a1dc51ef9061427b5c9132f58b1c14cce33960dd469c066ec4458abe86

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
a7f391566ceb7d310b04c1376aa66a07

SHA1
eda88e9134d3de209152481c9e8aa02054d4c2eb

SHA256
8ecb81fa22792fa6bb09abc86b9b5afb50773e2c5537def45dd8ba297f6c714e

SHA512
163bad20eaa9108286367367e6a54a9ac612026954ee2466b8f88f732a992695fe160d3fb5f092976ef15c1c1b71400e577a9a4833dfa616d7c9ee6a8237033c

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe

Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe:Zone.Identifier

Filesize
181B

MD5
db2a839d87c6c9124794f34234a4757c

SHA1
f03f1759c262268a1a0ba6b6dfca96ff59c9c779

SHA256
e4e03a3fd4ce91394f49e1519a34dbf68130e80d49dce28461dad8b782b9b474

SHA512
dfc1fcb5ee3cc7d95b177b375a66470715ce7191f106fc940743d3ee9a5505207dfa157980050759b840a3e783f144bdc65021a4967dc22fdd550de328543672

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads