hxxp://google[.]com

Resubmissions

23-11-2024 08:00

241123-jvzv4s1pbs 3

23-11-2024 07:52

241123-jqwb5axpap 6

Analysis

max time kernel
356s
max time network
370s
platform
windows11-21h2_x64
resource
win11-20241023-en
resource tags

arch:x64arch:x86image:win11-20241023-enlocale:en-usos:windows11-21h2-x64system
submitted
23-11-2024 07:52

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

http://google.com

Score

6^/10

bootkit discovery persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1542.003

Processes:

MEMZ.exe

description ioc process

File opened for modification \??\PhysicalDrive0 MEMZ.exe
Drops file in Windows directory 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Windows\SystemTemp chrome.exe
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

description	ioc	process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

description	ioc	process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

notepad.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133768220205645692"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings	chrome.exe

NTFS ADS 3 IoCs

Processes:

chrome.exechrome.exechrome.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\MEMZ-virus-main.zip:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\memz.by.iTzDrK_.rar:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\MEMZ.4.0.Clean.zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

chrome.exechrome.exeMEMZ.exe

pid	process
480	chrome.exe
480	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1036	chrome.exe
1332	MEMZ.exe
1332	MEMZ.exe
1332	MEMZ.exe
1332	MEMZ.exe
1332	MEMZ.exe
1332	MEMZ.exe
1332	MEMZ.exe
1332	MEMZ.exe
1332	MEMZ.exe
1332	MEMZ.exe
1332	MEMZ.exe
1332	MEMZ.exe
1332	MEMZ.exe
1332	MEMZ.exe
1332	MEMZ.exe
1332	MEMZ.exe
1332	MEMZ.exe
1332	MEMZ.exe
1332	MEMZ.exe
1332	MEMZ.exe
1332	MEMZ.exe
1332	MEMZ.exe
1332	MEMZ.exe
1332	MEMZ.exe
1332	MEMZ.exe
1332	MEMZ.exe
1332	MEMZ.exe
1332	MEMZ.exe
1332	MEMZ.exe
1332	MEMZ.exe
1332	MEMZ.exe
1332	MEMZ.exe
1332	MEMZ.exe
1332	MEMZ.exe
1332	MEMZ.exe
1332	MEMZ.exe
1332	MEMZ.exe
1332	MEMZ.exe
1332	MEMZ.exe
1332	MEMZ.exe
1332	MEMZ.exe
1332	MEMZ.exe
1332	MEMZ.exe
1332	MEMZ.exe
1332	MEMZ.exe
1332	MEMZ.exe
1332	MEMZ.exe
1332	MEMZ.exe
1332	MEMZ.exe
1332	MEMZ.exe
1332	MEMZ.exe
1332	MEMZ.exe
1332	MEMZ.exe
1332	MEMZ.exe
1332	MEMZ.exe
1332	MEMZ.exe
1332	MEMZ.exe
1332	MEMZ.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

chrome.exe

pid process

480 chrome.exe
480 chrome.exe
480 chrome.exe
480 chrome.exe
480 chrome.exe
480 chrome.exe
480 chrome.exe
480 chrome.exe
480 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeCreatePagefilePrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeCreatePagefilePrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeCreatePagefilePrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeCreatePagefilePrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeCreatePagefilePrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeCreatePagefilePrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeCreatePagefilePrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeCreatePagefilePrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeCreatePagefilePrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeCreatePagefilePrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeCreatePagefilePrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeCreatePagefilePrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeCreatePagefilePrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeCreatePagefilePrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeCreatePagefilePrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeCreatePagefilePrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeCreatePagefilePrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeCreatePagefilePrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeCreatePagefilePrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeCreatePagefilePrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeCreatePagefilePrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeCreatePagefilePrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeCreatePagefilePrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeCreatePagefilePrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeCreatePagefilePrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeCreatePagefilePrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeCreatePagefilePrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeCreatePagefilePrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeCreatePagefilePrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeCreatePagefilePrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeCreatePagefilePrivilege	480	chrome.exe
Token: SeShutdownPrivilege	480	chrome.exe
Token: SeCreatePagefilePrivilege	480	chrome.exe

Suspicious use of FindShellTrayWindow 55 IoCs

Processes:

chrome.exe

pid	process
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe

Suspicious use of SendNotifyMessage 16 IoCs

Processes:

chrome.exe

pid	process
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe
480	chrome.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

MEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid	process
1332	MEMZ.exe
4084	MEMZ.exe
4528	MEMZ.exe
3040	MEMZ.exe
4084	MEMZ.exe
4528	MEMZ.exe
1332	MEMZ.exe
3040	MEMZ.exe
4084	MEMZ.exe
4528	MEMZ.exe
1332	MEMZ.exe
3040	MEMZ.exe
4528	MEMZ.exe
4084	MEMZ.exe
1332	MEMZ.exe
3040	MEMZ.exe
4528	MEMZ.exe
4084	MEMZ.exe
1332	MEMZ.exe
3040	MEMZ.exe
4528	MEMZ.exe
4084	MEMZ.exe
3040	MEMZ.exe
1332	MEMZ.exe
4528	MEMZ.exe
1332	MEMZ.exe
3040	MEMZ.exe
4084	MEMZ.exe
4528	MEMZ.exe
1332	MEMZ.exe
4084	MEMZ.exe
3040	MEMZ.exe
4528	MEMZ.exe
1332	MEMZ.exe
3040	MEMZ.exe
4084	MEMZ.exe
4528	MEMZ.exe
4084	MEMZ.exe
1332	MEMZ.exe
3040	MEMZ.exe
4528	MEMZ.exe
3040	MEMZ.exe
1332	MEMZ.exe
4084	MEMZ.exe
4528	MEMZ.exe
3040	MEMZ.exe
1332	MEMZ.exe
4084	MEMZ.exe
4528	MEMZ.exe
3040	MEMZ.exe
1332	MEMZ.exe
4084	MEMZ.exe
4528	MEMZ.exe
3040	MEMZ.exe
1332	MEMZ.exe
4084	MEMZ.exe
4528	MEMZ.exe
3040	MEMZ.exe
1332	MEMZ.exe
4084	MEMZ.exe
4528	MEMZ.exe
3040	MEMZ.exe
4084	MEMZ.exe
1332	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 480 wrote to memory of 4940	480	chrome.exe	chrome.exe
PID 480 wrote to memory of 4940	480	chrome.exe	chrome.exe
PID 480 wrote to memory of 2620	480	chrome.exe	chrome.exe
PID 480 wrote to memory of 2620	480	chrome.exe	chrome.exe
PID 480 wrote to memory of 2620	480	chrome.exe	chrome.exe
PID 480 wrote to memory of 2620	480	chrome.exe	chrome.exe
PID 480 wrote to memory of 2620	480	chrome.exe	chrome.exe
PID 480 wrote to memory of 2620	480	chrome.exe	chrome.exe
PID 480 wrote to memory of 2620	480	chrome.exe	chrome.exe
PID 480 wrote to memory of 2620	480	chrome.exe	chrome.exe
PID 480 wrote to memory of 2620	480	chrome.exe	chrome.exe
PID 480 wrote to memory of 2620	480	chrome.exe	chrome.exe
PID 480 wrote to memory of 2620	480	chrome.exe	chrome.exe
PID 480 wrote to memory of 2620	480	chrome.exe	chrome.exe
PID 480 wrote to memory of 2620	480	chrome.exe	chrome.exe
PID 480 wrote to memory of 2620	480	chrome.exe	chrome.exe
PID 480 wrote to memory of 2620	480	chrome.exe	chrome.exe
PID 480 wrote to memory of 2620	480	chrome.exe	chrome.exe
PID 480 wrote to memory of 2620	480	chrome.exe	chrome.exe
PID 480 wrote to memory of 2620	480	chrome.exe	chrome.exe
PID 480 wrote to memory of 2620	480	chrome.exe	chrome.exe
PID 480 wrote to memory of 2620	480	chrome.exe	chrome.exe
PID 480 wrote to memory of 2620	480	chrome.exe	chrome.exe
PID 480 wrote to memory of 2620	480	chrome.exe	chrome.exe
PID 480 wrote to memory of 2620	480	chrome.exe	chrome.exe
PID 480 wrote to memory of 2620	480	chrome.exe	chrome.exe
PID 480 wrote to memory of 2620	480	chrome.exe	chrome.exe
PID 480 wrote to memory of 2620	480	chrome.exe	chrome.exe
PID 480 wrote to memory of 2620	480	chrome.exe	chrome.exe
PID 480 wrote to memory of 2620	480	chrome.exe	chrome.exe
PID 480 wrote to memory of 2620	480	chrome.exe	chrome.exe
PID 480 wrote to memory of 2620	480	chrome.exe	chrome.exe
PID 480 wrote to memory of 244	480	chrome.exe	chrome.exe
PID 480 wrote to memory of 244	480	chrome.exe	chrome.exe
PID 480 wrote to memory of 2884	480	chrome.exe	chrome.exe
PID 480 wrote to memory of 2884	480	chrome.exe	chrome.exe
PID 480 wrote to memory of 2884	480	chrome.exe	chrome.exe
PID 480 wrote to memory of 2884	480	chrome.exe	chrome.exe
PID 480 wrote to memory of 2884	480	chrome.exe	chrome.exe
PID 480 wrote to memory of 2884	480	chrome.exe	chrome.exe
PID 480 wrote to memory of 2884	480	chrome.exe	chrome.exe
PID 480 wrote to memory of 2884	480	chrome.exe	chrome.exe
PID 480 wrote to memory of 2884	480	chrome.exe	chrome.exe
PID 480 wrote to memory of 2884	480	chrome.exe	chrome.exe
PID 480 wrote to memory of 2884	480	chrome.exe	chrome.exe
PID 480 wrote to memory of 2884	480	chrome.exe	chrome.exe
PID 480 wrote to memory of 2884	480	chrome.exe	chrome.exe
PID 480 wrote to memory of 2884	480	chrome.exe	chrome.exe
PID 480 wrote to memory of 2884	480	chrome.exe	chrome.exe
PID 480 wrote to memory of 2884	480	chrome.exe	chrome.exe
PID 480 wrote to memory of 2884	480	chrome.exe	chrome.exe
PID 480 wrote to memory of 2884	480	chrome.exe	chrome.exe
PID 480 wrote to memory of 2884	480	chrome.exe	chrome.exe
PID 480 wrote to memory of 2884	480	chrome.exe	chrome.exe
PID 480 wrote to memory of 2884	480	chrome.exe	chrome.exe
PID 480 wrote to memory of 2884	480	chrome.exe	chrome.exe
PID 480 wrote to memory of 2884	480	chrome.exe	chrome.exe
PID 480 wrote to memory of 2884	480	chrome.exe	chrome.exe
PID 480 wrote to memory of 2884	480	chrome.exe	chrome.exe
PID 480 wrote to memory of 2884	480	chrome.exe	chrome.exe
PID 480 wrote to memory of 2884	480	chrome.exe	chrome.exe
PID 480 wrote to memory of 2884	480	chrome.exe	chrome.exe
PID 480 wrote to memory of 2884	480	chrome.exe	chrome.exe
PID 480 wrote to memory of 2884	480	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://google.com
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa30f9cc40,0x7ffa30f9cc4c,0x7ffa30f9cc58
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1820,i,17095509193101156081,10591938569780926456,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1800 /prefetch:2
  2⤵
  PID:2620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1928,i,17095509193101156081,10591938569780926456,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2340 /prefetch:3
  2⤵
  PID:244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2040,i,17095509193101156081,10591938569780926456,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2444 /prefetch:8
  2⤵
  PID:2884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3016,i,17095509193101156081,10591938569780926456,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3044 /prefetch:1
  2⤵
  PID:108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3028,i,17095509193101156081,10591938569780926456,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4112,i,17095509193101156081,10591938569780926456,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4372 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4576,i,17095509193101156081,10591938569780926456,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4588 /prefetch:8
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4776,i,17095509193101156081,10591938569780926456,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4844 /prefetch:1
  2⤵
  PID:232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3140,i,17095509193101156081,10591938569780926456,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4596,i,17095509193101156081,10591938569780926456,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5032,i,17095509193101156081,10591938569780926456,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:2808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4852,i,17095509193101156081,10591938569780926456,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4856 /prefetch:1
  2⤵
  PID:2512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5228,i,17095509193101156081,10591938569780926456,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5280 /prefetch:8
  2⤵
  - NTFS ADS
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5064,i,17095509193101156081,10591938569780926456,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4588 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2628,i,17095509193101156081,10591938569780926456,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3056 /prefetch:8
  2⤵
  - NTFS ADS
  PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4884,i,17095509193101156081,10591938569780926456,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4976,i,17095509193101156081,10591938569780926456,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4420 /prefetch:8
  2⤵
  - NTFS ADS
  PID:4664

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4164

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1688

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3256

C:\Users\Admin\Desktop\MEMZ.exe
"C:\Users\Admin\Desktop\MEMZ.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1644
- C:\Users\Admin\Desktop\MEMZ.exe
  "C:\Users\Admin\Desktop\MEMZ.exe" /watchdog
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:1332
- C:\Users\Admin\Desktop\MEMZ.exe
  "C:\Users\Admin\Desktop\MEMZ.exe" /watchdog
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:4084
- C:\Users\Admin\Desktop\MEMZ.exe
  "C:\Users\Admin\Desktop\MEMZ.exe" /watchdog
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3040
- C:\Users\Admin\Desktop\MEMZ.exe
  "C:\Users\Admin\Desktop\MEMZ.exe" /watchdog
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:4528
- C:\Users\Admin\Desktop\MEMZ.exe
  "C:\Users\Admin\Desktop\MEMZ.exe" /watchdog
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1232
- C:\Users\Admin\Desktop\MEMZ.exe
  "C:\Users\Admin\Desktop\MEMZ.exe" /main
  2⤵
  - Writes to the Master Boot Record (MBR)
  - System Location Discovery: System Language Discovery
  PID:2644
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe" \note.txt
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4284

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
63558591ec390301fbc460734e452def

SHA1
1c65b8b846b6f4f1eef79c6bcc5b51ee25bd03a1

SHA256
de88ff64803ca11498a2398d877cc724268c98f18f53c30b4388ee89f62ecd63

SHA512
31423ddcc394495828590b8878091f1979193b7f74f19b6baa753c3bbb641918a97f12f4b47054ea6de739c2dbf48841d9f9d32c037a8cebd68da3d6ef0413a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
41KB

MD5
e319c7af7370ac080fbc66374603ed3a

SHA1
4f0cd3c48c2e82a167384d967c210bdacc6904f9

SHA256
5ad4c276af3ac5349ee9280f8a8144a30d33217542e065864c8b424a08365132

SHA512
4681a68a428e15d09010e2b2edba61e22808da1b77856f3ff842ebd022a1b801dfbb7cbb2eb8c1b6c39ae397d20892a3b7af054650f2899d0d16fc12d3d1a011

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002b

Filesize
19KB

MD5
0b684c927d56c8f2a269fad2ce708bca

SHA1
b24881109b33ba68168308333840e1c7b03e7775

SHA256
0a1174c0168a1a056fc5a67ef229a4255b750131f9bfde84f8226f88a8f1f9fa

SHA512
68da39e77fde0e0e75a529e7452230230c99cebb61ac763d81136de4ee4b150442a076d96d0f9c4f431def094a225ec621b656c326e44e2b8e3d340278fba471

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b4ba527aedd17fdf_0

Filesize
1KB

MD5
da10c9e7d02a85104786646ea156a35d

SHA1
7a6f26d2dda1b72a1451a558ef5bbbb320d2b620

SHA256
1aa668175ddec9da8215ac0b947f2290e0acf892243d26fc24fec3dc70a09ac3

SHA512
8407f929cb24e06d670857629bd49d88e42717ca4d9cfd4f87d19884f1eb65faca09b60992ffa7f7b635dedacdc9d0022fca65d0dec073c0121bee23c36287b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
876a4f0cfb3366912a83b10b58b8bd57

SHA1
fe25df94a676591de51f55c1a740768458f599ac

SHA256
43a3f6f9fe2cab1cb7dbccbb8c439be55197c9550c9eb6c71b6a4ac54848b7c2

SHA512
ee7877babcd8fa4c72dd3db11318d733ed03ae43f324b4ec4a7a5b7310bdec03dbac6668800a8970c117c98a6fa18c9a191331e501c34c0fac03ec757d78f1b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
9df9bcb16a6a05a327e6ea5b21a410da

SHA1
18ffc2fe952bf40c77ec27ca36030bb1cf22287e

SHA256
0c4e486924c316867154c53733470589e0b3b604dee21895ab56e9e6044ae3e6

SHA512
30af05ce1bc00bb25b75656bc210755136a3e896928dc20b7c8e01aaa2e58b5216fc3ae0b0c8df4f3410c71e8092e8fdf134f2b06d6a412d34c4b05781e5dbdf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
da5804da4fc396a13c6165814e19ba2a

SHA1
80bbed4f64f8571877553c51de989b6e1010ca96

SHA256
880200d092c60d7e22193adccc407ff9c506b8667eb17ae18c86cd442d4a1caa

SHA512
6b912e0ce9a6bf59d8df4a9ba5eda0e6d9390781751b78c7e450d257ea46315dbd42e35f5168951bbaf707f44cfadd65ad753c346147bea155722a371ecf2134

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
85945cce270808e6ff9e91b58e29c49e

SHA1
c40d61c86b52520ceca73fc8071e5d487ca60926

SHA256
332b249f7274eba4f1754922f3d91fb86b6f4347a7220b63221b1eea66af5ec3

SHA512
5841b691b5150dcb713c5ca963393ef219fb61410ebc83cd3deea0e34b5a1ff6c415d6b9a84e0a2cbbcede4c7dc049c78eaffa04b77327fc8b5c7ee05ba15a48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
bac549aa805bbc6ef7a639245fd6fd82

SHA1
ab4c9d26bf71f42cee990599d09f4dfc71a98404

SHA256
f2cbc96cf10996a74832b1bf3e13b83bb9305014e3461a8b95fd2fb706e66de6

SHA512
59f95d1fcfbb18ed2cd8f62eead7c7b8ecd5b72fdb17e42f7d8f2cc51a0d57a87fb53eee2d4a976cb89336db0743c777b29f0397fe01611d0055f58a542cd551

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
a466a1ecf828d8f88da60b2bf50bb9f8

SHA1
8248a201264bacd7ec884b6f7e3b88bdfe01f2fb

SHA256
a49c34d7ac025977a860404db9ad9c88dd60d1b13a75451abe54203e15efddee

SHA512
b6ae943cc358d60bef8b111da1137faded46db49dcfb0e995a91c57c242d55b1b0341aa154c93f98b2b8170276438b28fe9cf0b1cf7e01567856f9b099f4d234

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
fc3056c7c5160a967f99ad55927d82b6

SHA1
4a7ac13f2868b7864252880096b42097398775ac

SHA256
893d679f00fbd7e89faca6ff0d348d6d5be79276433cef9acf682e62c261460e

SHA512
183404fa44a6fb0cf6852a380c45ac8c6f4ccdd657a755430a76307fc7917eedc264f19c52e6298febb8512d0759415a1c9f7699c3113263e215bf3b93e0a3d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
c8b44c02856c569091b4d6b01470cbc0

SHA1
b5010519b1cb160d4034076d2f3398ae26e1d1fb

SHA256
478e1d302633c2b96aaee081500bd6b7dc2b1700c47270b08851c265407f9434

SHA512
04f74cf2a29b7143e89eca1e39510a2ef086b3b23b6e12b8e816e091014bcca813016eaa547eb53e097fa0eaeabd99ee063ee15ded5867106e2912d45fecd697

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
5de184f3eed3a34262d020c4bc7449a7

SHA1
5b3e57cfddc389bbadeee819dcf4555ba3e2bfd5

SHA256
e95c4fc591edd953db50b25ae93c46134afd4672259b81a5b4bcecb51b545d35

SHA512
e140003db3c2a1fb23e3b0a8c24e25a1272d275d2a7c92c3bc4b22bfd2543b6c10b1117306a3ec1f62dfe7f0c2e1dc23366a02ff40a896e0b59a0258b13e0e4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8665a419a48595c28f10f6376d579b57

SHA1
ecc689c38ecaa4325eabcdac7399803742289ccd

SHA256
736eefe529252e580f0a47e1084fe896bbf3b2f2e6f21c311fe1016ce836cd0d

SHA512
b0806a5b6ead98f69dad92e4132a4b31edab3c629a41327c50051f061cc895d0622946b60548eda4bc6de8e84cf18b000c9098f854482bf4c5acd0a21419c5e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ae932efff39b5ed31d5b44709c7277d2

SHA1
67a74eeed85bb8a06e80abb4b67263e9e87de66b

SHA256
9e3d55128aa7dee69da7a928ac962e1dc7db2af11e69a8ccbc1191f69413baed

SHA512
ed745abb9fbba67fb5e5a71b5febd5c1a42477e46a9a70f54d830247fe014f044c3933f815679653f442c826cb6ddd3b360d7f71af9f4935d4c47df0dc7105e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c51f63f980b5a82c53aac67816fdd8da

SHA1
d2a51d664c3ad963a37e195140f3a38d34ebdf6e

SHA256
c726a9f9a9a0ce67e50d150385c91727005a86e6318acf60b10681465e503473

SHA512
d1afc5ece67ef6b7ca7e1426aaf6ea2deb620f85521d729364601fe17b56605c290602ea03ab9138537462f0792386ebc52872ac6cbbe7b5c6bf63f41ff13d8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b467443d7c6568ef904accd47dd67b79

SHA1
8674f670c4aa98d2f447f03bf7a7e169314417e3

SHA256
b5b0c01392d8c6e58341c247eccaddc0d6dcd01a500c7c44e05ce595748481e1

SHA512
0909c9604b50241d70361bdb4c9c71a64049b5c9142d83e5815c791e79037a3a5f2623293d6ca8067696e7515594c45ab97a4a0c8ff5b5c542b2e37822526306

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b7dec3c58f74f8db655a5e9f42085483

SHA1
0d70ca5b688bb8be4814319dbbafe4bfe67c12f1

SHA256
9ba8abead5027a6fa322a2ebd284df6017c4f3e7c20b84e6153f084b71dee78c

SHA512
55103977ac560629a99bdd21fcefc6e6b6422c8e60b59cb332897efff16295983a38d17e0540731445f363af89e4fcd50b73e06f80cc76bf70d204723143407e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a0cf97aacfd731c4aa2d319fba6a0580

SHA1
cebced26cfb434dac447b3309cda978b624c1591

SHA256
14a432b2a5ce0bdd21bc81db6fb983f533e9af587ffc2e0925c7063bb616feea

SHA512
68613c4c1e4396b9cd6bf52b850183a3a34aaeb07ac239e90b75df9c03c29ca3c9c2b57f41365ad21a7a9507aa0044523defc394e98d29d277a680c426933534

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1017B

MD5
5aa14990b71ac9e2a6c1ae088ad1ea61

SHA1
61301ad31957d98cfb4ecc27f726bcdbe4ae1ae5

SHA256
d0bc9327a905a3ff3c989cb20f94a4ea0daea823af9e7daa1bd124031b7792ae

SHA512
8e58f3755edd4f603d32110ec44fb711ad2530ec67cee70d43974f77abceed50daaa4eea852e2a401618820e98688ce43852a2b23ae715647638d9a031240203

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1017B

MD5
7648cefd812d2fde1f5a27d43b3b9499

SHA1
d75b77113d6bd1c4bd66268de6fff69fb09802ce

SHA256
d53bf5de8d0fbc24100cffa11fb10fd235dabb8cb94c29bafdba5af8bfc9b86d

SHA512
b3f05f198ea17f2be2803f17af734c29605baab3a2800b219a511f11134490617559b2cdf2b1a80af81c791d679cab8e90b61feb8a80a605858dcbc298ce1656

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ab9553467040bf803d8300f680f559d4

SHA1
b78075c1f37476aa2bee59dd6bf723f5c9deb63b

SHA256
a77d09df2d348385166f12747c99c98d9f10af5c5b6b7fac83261efc07738e50

SHA512
75d2ceb3bc053416cfd9b874e6f6c1391176673b5c44ff091726af6e9e07d7296bba8c87864c153e7e33aa7da893b1d5803d896a54c6c08faf930f388ba917d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
139dc44328c5c000bdbc0058df043fb7

SHA1
569ec0020f8fd89bd346898c9c4b926209a519cb

SHA256
9b41251eb0c9ee23e3a092243382aee407b06c3f64998f87d8d535bd7d9412d3

SHA512
5be30221c425a2b01cd1465e1868c536241b8e8e52da02ba04a077a54570f5e4a0e64255b857570e32046d87ad07192cf35bd222d7cfbc58d669eabf4f121aab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
4767ec58f3acbe48b82ff6ff21832137

SHA1
d4f416da1ba60e7ce2cb40ae8a48a5a03eda3f83

SHA256
c4bc528aad1c3be23e435ff1b969be57f8efc3494e4d52753375e408eb80ea9f

SHA512
0d10c1c376ca188dc71ae93606fc6769e72cfb64f45ce6c1dfba10104265a41fbf5d0c276035ac9d912efb5184d37ac67c797181df0f47389a462a56776b741c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9535e2ba6dd4ae8d5f8e4f64dade2f2c

SHA1
2294efd0e569d02b1316cc75e85dd2750a50f1e2

SHA256
63773594b8ffc4c133a8716e4230bc5c670db40ce924fb36b9da9f1313421a1c

SHA512
410276eee6f9a120c6ed3810792dffaaf914c44442dbebf1a23883223a69f38aa4cedd78a6e6ecba209412e4065d24ff5be1eabc533edcb7e7cb205ccf0f73c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c7d73ac4f1718747bc290a965e9d8b96

SHA1
67a17e7f63e7ba37f6795a06230b222fbef58ed7

SHA256
5ea996afe4a27108b13fc54103da98ebcf8a0fc825daaacda9bd90244374f91a

SHA512
067bfca2b99de86e3655544a8d2e2c7e6ad1fe94d306f76a8e6978a5bce0b05a542c2a2a7da4044935f33ae2d0da603639b062d00686c7ac0b5d2b3a4dc70423

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3f7f58fe4de987877fbdc9764766a734

SHA1
543f011de8a8a35c6ba9252d8232c52ef4a7160c

SHA256
4d0368311db544ba71b7b068f8383986b2364076fa0a91eba6b3a14d276ce543

SHA512
e99902318c26f52d6b99184841392a4e8a1073ba3d14badd1ae468fd0f9a585f6740423999a72dbe754fd96683a8432c8af557db7684c1e01858d0d2850f9139

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ed2da0a25bf906b4e8bf889f9964717e

SHA1
87409591e0e54f56b6052955917190157bdd37f9

SHA256
768ba7a7b799d6d90b5a580e8bd15b4e997870a64a914a87d87dd9fb871b01b0

SHA512
108ceeb91ed0cbf70f7af44ba8f6f24300c68d42c9a91a2c4b064dd645f57ad195f279f950e02886ea9c25dbe8aa8e41b4ebe231f4fa164150c0d3d56255adfa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
73af949890af5b2d4ca60bdbba042953

SHA1
223feb6929157e8e9b4db903d9077d97068d4cca

SHA256
1c57e9fea3185ecf08fd5880f23ade0919a4ec09f3ca3d15a13e92afe37dd8ee

SHA512
a1848271b8cbc5437b8a08bb894d7c18fdefc9973a1e662ba56bb11395715f10dc396575a49e5bcd8e5e85dcf1f7b23a213009810259aa32a26ea028016886f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
f52ef3a335001ca14c1999d40a97d416

SHA1
ea0e2782552b5da5dd696b9f131162d7fb8f460a

SHA256
eae3bd624a706e5f8a9a331da0660962c5c78612e6a1d2cc7cbfd86fb86cd513

SHA512
89b95a61db1ccb81cb66afd1c39f69c3a7e6b075b5530e7df2682a12be8ce04eb011810b8a9c944f16e33ebd79d018310e5f265daf81786c725c0fd825d2e6bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
0857c9867f478bba2a2cc3180bbc95b8

SHA1
dcdfec72ee3a99cf8fe119a063adadf23f7adc31

SHA256
20ce56d3932d545b8fc1390144971b5b869925469864c84f3b7e738f45c84e36

SHA512
10c41a51ecab1d4a92f0ab7559399704635c0049a255610036e08b90bfb82797c142d5430bf2c953600cb9c579b95699ccbd0076c825d7e83dc3f23d7ce79e3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
85f1a974f464837f654dbfee6ca73f5a

SHA1
a68f81401c3e05dd450cb7e7069a4bf476953d94

SHA256
59839a4b82b255d17916e722f7181685829b04114dc9e5ca6de27e19fffb28e1

SHA512
df844a004b7709c17c3374f1416ab2d9e6549453ad600b9eabbdd4bd06121cb571fcbdf8ed29ffcffe56078be962e759b711e6993a6632cfb929e843b8f1a882

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f4bc4eb888a23ee2336b0519b22409d4

SHA1
0a59ddce6fa472e207fbb36d533f4a7bebc852b8

SHA256
8c5774ff88c267a75fad340be9f18f08162bea7018caa24faf58bb298beb5ee3

SHA512
72aebf0f38cbb037d1e47e2825134f92cb5982c5203b2c4e6c1c0ba24870e92ab4e9021c1478f9d189cce98bd63515f1b1271fcb7e12c1e0dea515d0627f76ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
dd5e820f66ec530f414441a647635773

SHA1
6b664e8030dcee59d6790401e91accd7f43a986c

SHA256
92810c0a4162b89e876f77df24c468ff9e4d4b343fdbd22f2cd8371752ad8979

SHA512
1f05adf3334e150b39538fd0ee73c143d96ec8761862164b5ddf41a9ce2e58ad91b830062cbafd2ce30ca30344ebd6f88593d6f6f57bc0cd7b88f51222675a2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ce4f3adc14f375101cc3abf31aa5506d

SHA1
fc911099b0f13106384e280f1d50a52311d07061

SHA256
724fed5cdbe6de4e9d8e49727f009ea9e466558294e33ec52287f020d0d21f9c

SHA512
88101726a57d4237cafda06ea732b2afcd4253a8eb04a743c73b203f5ec4063749457372b8db2846375a13ad68a54e80e7cadc620c32e50b1848779557f69c1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
57bfc5037499683cb6721d4e7d7532bc

SHA1
390de4cdb15a0950f2bb756a6c17e8e39ce21ead

SHA256
2d9a796e694e15ee3fdc43809fe12b8f8bce6fab34cb11f14419945835524ebb

SHA512
bf8fbec102f8b447b7fcc28bf35120d82c7c593028e0447438bd4982928ddff2e7e3c259bb72be179fcf80f0469c9aa7b4ada5be3fd60543a889302ab1403d5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
8a8d82722ba8296d0367e733f526068f

SHA1
4949e147cdb134d408b85cd72e2a421f782b9032

SHA256
b299951397dcc7bc7e2a04c70569114441fad7f295ff49d16a86597084c6b85d

SHA512
3d8dfe53c8f7b6d5d397823687b681ee10a6367cee200633aed44664a81f5011bbeaaa4de57b82b45bce08b903c8ebc256b12d5e55763aa476653a172f3d861f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
0400430f006be6fad3fb9bdebfa67397

SHA1
48c3be9e96cdb1ba3215924cb91f0467fe8e291c

SHA256
06f8b5327172c25b1c1c6974b07d9f573a9d05c3a935c337e02d7534ec5cd183

SHA512
c54a01faa751a8b8f9a75c58ff1449843d75692f921902de35c7ef3045bdf4c1aeaf00ad354c7a2b1fdf327376f0269700c1fb328c8f045cf6bd7e9680a2d457

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
1ec017ac3523b252ea1c1d2fd15fda71

SHA1
6787c95b9f47a97d31e9554f01e187b808260042

SHA256
0ff262a7951ea599377ffa38f726707a3ac94d919774a54b3587a5fe56db13c8

SHA512
e4600ff969722485fa1bc6d7b906e85ddd6343a7e82127c324bdf4b06ec748e8347a9c050e5577f8bb31cd67a2ea40e0350a5755069cae2c9181e9dcf3340450

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
37963724b929d24468045d5f216d1b9d

SHA1
dad89ae9944363be322b8c63646b95d760a12a92

SHA256
da2544e8a4dd9be390ded24a86a3fdfd75282c63ade89e686df5f0bc38b8d607

SHA512
98ee835d23c6939458607050d1d4ebdfeba4946c8f2670170d2413ca4e18b53a2eaf18c61111566bb3c648e476f41067345119ff3a4e6d8d35952b5131318289

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
7f3f149225aa749a7ac7109944fcf9df

SHA1
9eb789fcbc03ad02ecfb7de72c750e7ae653a6a3

SHA256
ff738078f83e090ca0c3d71ea972ec1e614a9bb98b971ccfb0a88e8e5e73a68e

SHA512
ed206db987824b2c20452d8a3a4d4a4ee1dba55d42aa501b58a161926ae6be8fb3ea8201474210cbedf19c911108e5f880aed986be8fad4f828c21dbbf379587

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8bf21241fe2aeeab5016a32371a9efed

SHA1
7144ab733559664f758a7e9d357a44ad779d1a57

SHA256
19292f44781aecbe97083dd2ccd780256e7b20828317436a6cf0dc4f90b314e5

SHA512
24fe8dafa743e8582e8b44a840e249aefafe8911dae264b1697db731c4a3d443f1a68266e44efeb17e2fc41c1e86fa48dea5cfa9e26fdc0d6d9a2394af01658a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
03e95e1c119bde50341dec322d9119da

SHA1
3830a0e6ddc7e3982a177f692c498fa76d9627bb

SHA256
4a1b956325dbb09a40e4882b14f14dd11e9dc092bbc6848f5b1dbf110ac4244e

SHA512
a6f8a1ad83801dfcb32fb097a99c4016b855fc67bbf7a04db511429725f6ef99da0955225c07588fe472dd4494095137ef3e9c73a18eead9ade889a9b50178e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
63274540cb529f090112a9e6181aa9ab

SHA1
c8df211d4259737904f490f2b393bb5597a5b810

SHA256
6abfe76dea587e6d79bf326d9efdd5dcb284a165288e21cde1fda8f66ba28025

SHA512
f9eeb4899923c48d500369c4ae850b866258bccc8bdd4c70f36cf35fc573b31a9edf4cfa7ad8a8e12125b90b48d9d1f2d46210e19636cb05d1831ba66e7aae32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
393e9e76f6ea59785ef9916b18811634

SHA1
594977b12f8ebcccd727af7b1fb4765785197b8f

SHA256
f1fc34b42433364875060ae3b600d14519f2c8a704774a36c37e1049641afc72

SHA512
381c70df4e392f20a575fb2c96607441aa8f5ee9ae7b2752f6a1d966d6b39f1085acb8eee0d6f9493e650c1c5f6870f8e910cfc98e0a96c8f791965778f9ccfc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7e7adccce4d5b9ca4b1f1177cd99434c

SHA1
7b933c19c56c2b3b78e0503aeebaa43514b68d44

SHA256
724fc2d7a93ea7ed5136c9e63b2fce744f6aa57f2a1cb5e6ca18b75a82139c47

SHA512
364921e140b41df5c0a59da66c86bafdaabcc622c3281d04f812a1466f61c1fca900ed21a6cb5fc576643b1e16669f71a24308b44706afc44b701d6211d59663

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9ce3dde2c6304265bed20369c0517ad9

SHA1
e2b92d74847726129867e729728138691aa7d1e9

SHA256
8f00dc6a354dbf9d7154dca046bafa355519bd933b1731a29c6294c2dcc876fd

SHA512
94594a77cefbd5ec868e6190c1c97f8fe358694a7ffa1a649d11e947bb7635d8e76ddb35e3ae70cf89262381c8bc83511c4cf0bb0e80bdca375e083d54520c8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
4c08c88a9d5b982629c0f848df936a38

SHA1
79638f5b89155ab30cd0d52b185b6ca5c0198b7d

SHA256
4980b2c298e43959d7be223e4d705421ad3094cf0af4e95d7196814cbf5809d3

SHA512
a5d3d2c10affcf9aaa22370a08ad8cc128ae49edd8d925fc816296d1d90e3e51dabfa62dbc9a120746e1d79417770c9b78c0644db28898a1f86c95fd838b3ef6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
42217a7686b2979e2187c3e14274b156

SHA1
942e46354acdca91d84fbfa38127e04edb036ba9

SHA256
e88c7f2d518af57ab4467b1c018ad726b0836ab64dad0a6f17fde23f907f34d5

SHA512
4287f8d4e654c67d1a8805cb35a9bf45c00b61c6d38bb409a1b90c1850b068686434ff1560e6bba794931806514b985d1de6857ffb5d6d193902db1722cd1422

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
2b490a5f080531da4a53ca866a5143d7

SHA1
d71eda45f8985501c4de57839d25e85e26444702

SHA256
50010cbd6ebf1009438587f525b530a1ca76a4b13dbf83c41a7f04bd3953a0da

SHA512
4ced88da31a4457faf1b16d603d0e70ec49bdd41a86aae275be67b98e7e22befe8b88c70a463f9525467c3a66fc0c2da768224aa801a70c59f74b3d7eca01465

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
d97aed364a52373ff2622968732cd387

SHA1
f45d439ebf0051646e0e65a23f68745f428e6d4c

SHA256
66e805003d11970b079f35a86a439bd51d9ba10a17603628324f75435df32ffd

SHA512
40e101e224f4bfd80f99b721ad10a3e99b3359f5368e3fc35c62307aad3d6d135303fd2b44119e223f86a6c26e00e6410716bb77857f207e81ededadc610ca4f

Download Submit
C:\Users\Admin\Downloads\MEMZ.4.0.Clean.zip

Filesize
12KB

MD5
8ce8fc61248ec439225bdd3a71ad4be9

SHA1
881d4c3f400b74fdde172df440a2eddb22eb90f6

SHA256
15ef265d305f4a1eac11fc0e65515b94b115cf6cbb498597125fa3a8a1af44f5

SHA512
fe66db34bde67304091281872510354c8381f2d1cf053b91dcd2ff16839e6e58969b2c4cb8f70544f5ddef2e7898af18aaaacb074fb2d51883687034ec18cdd9

Download Submit
C:\Users\Admin\Downloads\MEMZ.4.0.Clean.zip:Zone.Identifier

Filesize
614B

MD5
43379e5cb88627ebd544e5cb305deba3

SHA1
8517d68641a4bfa3362f0a1e61f9ec633587dfed

SHA256
48efa8d84190a0ae2745c32ea02b87ad29e74de658469c766109c1d1666cf6b1

SHA512
040e5000ca76815306f54edf8969bf685cdf4353c2ac1bac029b91fb7f2203c4ab7881a736ffb04be8d4a92746bf25b6ea472230f4219377dc874024870667d9

Download Submit
C:\Users\Admin\Downloads\memz.by.iTzDrK_.rar.crdownload

Filesize
17KB

MD5
352c9d71fa5ab9e8771ce9e1937d88e9

SHA1
7ef6ee09896dd5867cff056c58b889bb33706913

SHA256
3d5d9bc94be3d1b7566a652155b0b37006583868311f20ef00283c30314b5c61

SHA512
6c133aa0c0834bf3dbb3a4fb7ff163e3b17ae2500782d6bba72812b4e703fb3a4f939a799eeb17436ea24f225386479d3aa3b81fdf35975c4f104914f895ff23

Download Submit
C:\Users\Admin\Downloads\memz.by.iTzDrK_.rar:Zone.Identifier

Filesize
615B

MD5
4b36de69d697c71cfedd65827f7dc0f0

SHA1
6f1fc21b34edecb23b93c8ea39b0be38128e6e27

SHA256
b3b6933e9211ff78c08e6316a3571e2e709f9d8273936d709e70d336d02ec497

SHA512
9292607a49ef180359b1c130fe7c991509188d499157000b1e709c5f4cdc8970b732023c3b65ae94f54eed5c1307c23f7ca481a1719e6403febfd3b872308563

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
\??\pipe\crashpad_480_TOBVGHNVSCMYANIK

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads