Malware Analysis Report

2024-11-16 13:51

Sample ID 240628-cqk3tswcjh
Target https://mega.nz/file/bQcBHZSK#PzqX8lCwE_7P8n6tQ57yb02tPBCvoIXYQVPesxTmkhM
Tags
stealc vidar stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://mega.nz/file/bQcBHZSK#PzqX8lCwE_7P8n6tQ57yb02tPBCvoIXYQVPesxTmkhM was found to be: Known bad.

Malicious Activity Summary

stealc vidar stealer

Detect Vidar Stealer

Stealc

Vidar

Loads dropped DLL

Executes dropped EXE

Suspicious use of SetThreadContext

Enumerates physical storage devices

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: MapViewOfSection

Suspicious use of AdjustPrivilegeToken

Modifies registry class

Enumerates system info in registry

Modifies data under HKEY_USERS

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-28 02:16

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-28 02:16

Reported

2024-06-28 02:18

Platform

win10-20240404-en

Max time kernel

118s

Max time network

110s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://mega.nz/file/bQcBHZSK#PzqX8lCwE_7P8n6tQ57yb02tPBCvoIXYQVPesxTmkhM

Signatures

Detect Vidar Stealer

stealer
Description Indicator Process Target
N/A N/A N/A N/A

Stealc

stealer stealc

Vidar

stealer vidar

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImNotfy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImNotfy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImNotfy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImNotfy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImNotfy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImNotfy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImNotfy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImNotfy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImNotfy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImNotfy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImNotfy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImNotfy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImNotfy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImNotfy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\pobug\ImNotfy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\pobug\ImNotfy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\pobug\ImNotfy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\pobug\ImNotfy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\pobug\ImNotfy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\pobug\ImNotfy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\pobug\ImNotfy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\pobug\ImNotfy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\pobug\ImNotfy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\pobug\ImNotfy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\pobug\ImNotfy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\pobug\ImNotfy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\pobug\ImNotfy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\pobug\ImNotfy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImNotfy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImNotfy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImNotfy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImNotfy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImNotfy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImNotfy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImNotfy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImNotfy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImNotfy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImNotfy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImNotfy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImNotfy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImNotfy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ImNotfy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\pobug\ImNotfy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\pobug\ImNotfy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\pobug\ImNotfy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\pobug\ImNotfy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\pobug\ImNotfy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\pobug\ImNotfy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\pobug\ImNotfy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\pobug\ImNotfy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\pobug\ImNotfy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\pobug\ImNotfy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\pobug\ImNotfy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\pobug\ImNotfy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\pobug\ImNotfy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\pobug\ImNotfy.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\pobug\ImNotfy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Launcher32.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 4240 set thread context of 1420 N/A C:\Users\Admin\AppData\Roaming\pobug\ImNotfy.exe C:\Windows\SysWOW64\more.com
PID 5056 set thread context of 368 N/A C:\Users\Admin\AppData\Roaming\pobug\ImNotfy.exe C:\Windows\SysWOW64\more.com

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133640146228598569" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance C:\Program Files\7-Zip\7zG.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance C:\Program Files\7-Zip\7zG.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\pobug\ImNotfy.exe N/A
N/A N/A C:\Windows\SysWOW64\more.com N/A
N/A N/A C:\Users\Admin\AppData\Roaming\pobug\ImNotfy.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4904 wrote to memory of 3328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4904 wrote to memory of 3328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4904 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4904 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4904 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4904 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4904 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4904 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4904 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4904 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4904 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4904 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4904 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4904 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4904 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4904 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4904 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4904 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4904 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4904 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4904 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4904 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4904 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4904 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4904 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4904 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4904 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4904 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4904 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4904 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4904 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4904 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4904 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4904 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4904 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4904 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4904 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4904 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4904 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4904 wrote to memory of 656 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4904 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4904 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4904 wrote to memory of 5060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4904 wrote to memory of 5060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4904 wrote to memory of 5060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4904 wrote to memory of 5060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4904 wrote to memory of 5060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4904 wrote to memory of 5060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4904 wrote to memory of 5060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4904 wrote to memory of 5060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4904 wrote to memory of 5060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4904 wrote to memory of 5060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4904 wrote to memory of 5060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4904 wrote to memory of 5060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4904 wrote to memory of 5060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4904 wrote to memory of 5060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4904 wrote to memory of 5060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4904 wrote to memory of 5060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4904 wrote to memory of 5060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4904 wrote to memory of 5060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4904 wrote to memory of 5060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4904 wrote to memory of 5060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4904 wrote to memory of 5060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4904 wrote to memory of 5060 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://mega.nz/file/bQcBHZSK#PzqX8lCwE_7P8n6tQ57yb02tPBCvoIXYQVPesxTmkhM

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff98e749758,0x7ff98e749768,0x7ff98e749778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1536 --field-trial-handle=1832,i,5025868800208509408,17708183907490378203,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1768 --field-trial-handle=1832,i,5025868800208509408,17708183907490378203,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2104 --field-trial-handle=1832,i,5025868800208509408,17708183907490378203,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2852 --field-trial-handle=1832,i,5025868800208509408,17708183907490378203,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2860 --field-trial-handle=1832,i,5025868800208509408,17708183907490378203,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4468 --field-trial-handle=1832,i,5025868800208509408,17708183907490378203,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4724 --field-trial-handle=1832,i,5025868800208509408,17708183907490378203,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4968 --field-trial-handle=1832,i,5025868800208509408,17708183907490378203,131072 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x3fc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 --field-trial-handle=1832,i,5025868800208509408,17708183907490378203,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 --field-trial-handle=1832,i,5025868800208509408,17708183907490378203,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap21359:114:7zEvent16281

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 --field-trial-handle=1832,i,5025868800208509408,17708183907490378203,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 --field-trial-handle=1832,i,5025868800208509408,17708183907490378203,131072 /prefetch:8

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap21042:114:7zEvent32284

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\#!~#0Pen_2025_P@$SW0RD!~!~\" -ad -an -ai#7zMap17960:114:7zEvent9124

C:\Users\Admin\Downloads\x86\#!~#0Pen_2025_P@$SW0RD!~!~\Setup.exe

"C:\Users\Admin\Downloads\x86\#!~#0Pen_2025_P@$SW0RD!~!~\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\ImNotfy.exe

"C:\Users\Admin\AppData\Local\Temp\ImNotfy.exe"

C:\Users\Admin\AppData\Roaming\pobug\ImNotfy.exe

C:\Users\Admin\AppData\Roaming\pobug\ImNotfy.exe

C:\Windows\SysWOW64\more.com

C:\Windows\SysWOW64\more.com

C:\Users\Admin\AppData\Local\Temp\Launcher32.exe

C:\Users\Admin\AppData\Local\Temp\Launcher32.exe

C:\Users\Admin\Downloads\x86\#!~#0Pen_2025_P@$SW0RD!~!~\Setup.exe

"C:\Users\Admin\Downloads\x86\#!~#0Pen_2025_P@$SW0RD!~!~\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\ImNotfy.exe

"C:\Users\Admin\AppData\Local\Temp\ImNotfy.exe"

C:\Users\Admin\AppData\Roaming\pobug\ImNotfy.exe

C:\Users\Admin\AppData\Roaming\pobug\ImNotfy.exe

C:\Windows\SysWOW64\more.com

C:\Windows\SysWOW64\more.com

Network

Country Destination Domain Proto
US 8.8.8.8:53 mega.nz udp
LU 31.216.145.5:443 mega.nz tcp
LU 31.216.145.5:443 mega.nz tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
US 8.8.8.8:53 eu.static.mega.co.nz udp
LU 31.216.145.5:443 mega.nz tcp
NL 66.203.127.13:443 eu.static.mega.co.nz tcp
NL 66.203.127.13:443 eu.static.mega.co.nz tcp
GB 142.250.180.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 5.145.216.31.in-addr.arpa udp
US 8.8.8.8:53 13.127.203.66.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 g.api.mega.co.nz udp
LU 66.203.125.12:443 g.api.mega.co.nz tcp
LU 66.203.125.12:443 g.api.mega.co.nz tcp
US 8.8.8.8:53 12.125.203.66.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
NL 66.203.127.13:443 eu.static.mega.co.nz tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
US 8.8.8.8:53 gfs270n454.userstorage.mega.co.nz udp
LU 31.216.148.37:443 gfs270n454.userstorage.mega.co.nz tcp
LU 31.216.148.37:443 gfs270n454.userstorage.mega.co.nz tcp
LU 31.216.148.37:443 gfs270n454.userstorage.mega.co.nz tcp
LU 31.216.148.37:443 gfs270n454.userstorage.mega.co.nz tcp
LU 31.216.148.37:443 gfs270n454.userstorage.mega.co.nz tcp
LU 31.216.148.37:443 gfs270n454.userstorage.mega.co.nz tcp
US 8.8.8.8:53 37.148.216.31.in-addr.arpa udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp

Files

\??\pipe\crashpad_4904_IQNPRTUILRIXXWYN

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 45f98736e32745cf6a0a9528e262af39
SHA1 beec574ead3a332bccec3e9e18de08530a4a1e12
SHA256 49e29bdb9775f162e362cc153ed3449657615703871bca681cb2dad936862d07
SHA512 4a88a1e10f917a08ed0be12bc45f9f983c32e8065a3956474cfd9e308f1ca6fde2834497854a71ad13fc489facb10f91aee2c39e1a32e34639c75e81287e05b5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7fe60a27a5cc83d09070719f6aeddc7c
SHA1 ec34452fa718d44360b6b1cb4262683f7a92be8d
SHA256 60de2d5ea69bfe99a5fe44130f433342e815fde265c0f0cace818a44987e1844
SHA512 f8f61b3d6d7082dc5e4eaea51cc64bbc3463622cda3d148ff3d550f127c9b1b1c898492c114cd6da2c36628457f79a982f5805030f6713fde94592b921988cc1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2490f12f28aabca813e11c3231186114
SHA1 52a9a51c708b95d2228032a2432badee5ec67ba5
SHA256 0492e2a3ebda018ca7dab234248c93777d44a955265c9318d9f7a9a99b2fbf09
SHA512 c3618dd9aa3d5de6d559a7b0765bb2afcd92ff4d32fbeac84575bcc2b0cab2b91e772e3797b0dc2cb89a07f7b8527a80a79d67f5acbb1bf5552c9ad4bec57fcc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0c4ce0d6c0b605ad36f7b276d338ffa4
SHA1 9aed6dddac5526b25cd54846342f7def0ddcaa28
SHA256 7df091321a673b1f9f66592a6ea5f43a604db0e9bbff5ad2ba631a435b2af885
SHA512 33397622f0668ec097aefe4e98878758ac84cda8abead51d38cf721ab71fa046f72585e2897b3b09d32b23719f705a747316686a5a35a9ab4dc801b24da4ddd5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 fe386cab6b402126cdbf2e69e527c79f
SHA1 dd5903de2360051acdd53e647b0e92598a8bfb90
SHA256 ab0d744beb29f943001810f5f71fd8caf78dc60daaa47b384543b77668f3bf10
SHA512 b83e80c304bd0a3d21a6fe61dec53f2f951dc569cd1797ebf46c2f29cbe4ed925f23244616e1939bc2101214f1416299667bab4b3513e207c2ff8a760f31efe8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 73a3b13298d3f8b2d1f90715e65e8f5c
SHA1 936ebfafea2280f36438a4335f2c8df3d3b24f87
SHA256 720aec34ab82217d9077cfec62b54114404699ad3982f82cf90c09f4874e929d
SHA512 a3dd74e3be3c491da549fe5f39d42266477766fce2d4a70fbe746088c7aa4aafbe4540aa6f94df96e3c595bf6a87a55d3c41a6b466bbd8fe8e2ed50c41cbaa4c

C:\Users\Admin\Downloads\#!_#0Pen_2025_P@$SW0RD!_!_.zip

MD5 ac0143b84310d3505ebec9ee2db90c28
SHA1 8e3fbfa686e2278caa952e66e52cf718798d31f2
SHA256 70e87e4c210b35b54c4328a00bea9dd907ee72e8600436438322d325bb907b82
SHA512 97a7b5c66c562f2b5f82060ac2cefd065d1e75fe3feba0b9e6559ed490686285a186adb7d4dc1cdb968f2b2ef09e7fda89d88936770e459d4a2a3e8103dd370f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 330829a22e6ce8c540abfa397fc8ef9a
SHA1 38642ea5a8a04ba446be17c0c2f29e101220573d
SHA256 015a192ba46f81916e69f57a62493b985a54cec9db2c3e4ff5b7eacf0167f3a8
SHA512 3bcab029bfa0be27fb7249dd7a47afb73f6dee3bc110d5c638c73ea22aaf7e25870ac3855ea510a898724611be9649bdfc75cecc6a522752654606fe4c545a66

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57bc5b.TMP

MD5 655e7c26d6c1663048698fd0620603a4
SHA1 92d657eb3d41c66568a843ffae451ab3a60044f0
SHA256 9588c8bc1e84ef42c65761746d562c8e6a7716d5c41b2b9df4c09ee0e138c5dc
SHA512 5ef00410dcc7b5389719a209b7ba7295c7ea11f247bb088ba462bb2538479b57bbbe34641f078c02f325855b9095142cc24f76c62c973afc6a9e83f5bf3bd419

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 c0b20cae1741cbe689eb2b2fd129af9e
SHA1 41912ad5df97801f7b97895dbcb0ce55f3a3fdea
SHA256 14e436bbe3571603153ad486b26c0e848e538ad79b661fa8830d5bf72343ea48
SHA512 cc81e61401ae98e8b5359dc904d414042476077363d27d27beb55d51e0c1f315db6fc5e0202596b9283098cfb6c85d16938cac50c7bd55e1020480600bb91739

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57bdb2.TMP

MD5 806331f1a4782205d327665edde68667
SHA1 f492331d535b58349e8cb2df431a55632d0cf975
SHA256 684ca5234611e05082b5f5fca83bf6a5ac6b44dbeb86e673e1874ea90920e15c
SHA512 2f3b03f480c99128144ac4174e95383fb270f17eef2484e85a472aca18b0518c0fb753438fad97080d5aed32c2073d041709472c84fc5b612cd698b47006d94b

C:\Users\Admin\Downloads\#!~#0Pen_2025_P@$SW0RD!~!~.rar

MD5 c878781054e5e1d4007e6fff69d7c59f
SHA1 a8ab01ee019985e65329d91f919f9962daf78592
SHA256 e537ab1095c1197213eab31953b9e34d58ac946621f1cd66c3b3d8e248eb0d7a
SHA512 68e51256cb87739550bec8740b272abdc243dc96f890075cc3f390b6f1d126d1d8c0fd858d307024bd76958d3e8a9a62c5c5e11ca79d6caff6bd426feb61527b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 782a2f5003e4b137e20df899ad0b9038
SHA1 c310ee568b79793fc04f25c570fcb2d355ffd458
SHA256 2fda360a1beed0733f68ab79efaa25694f1f1e22895d14083238d44253aa4a23
SHA512 f7fa8011be045679b9366b3a19b09f7f47b39679dd7b38515a920ad9429b81bb16dfc199faff7900a9a93d59b432626aebb7908267e2a203d00f907c143cb4d6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 d055c235fe40785ea380a2c701c8a016
SHA1 bd3f662cd4e6cb89bee323c527a120874afdc0f8
SHA256 978e9230c9bd551151178cf1dc3526e378f2d37b73fcf5975044b08b68a14dbf
SHA512 2d78d21661e3d729b59abf3e8ec5fa5025e9a77539608166f1a0bfb7b73b338002a3656267b32fe00e79acc80d2459413a57aa44be707cbdef0638e36cd65615

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c41117665c391eeb5bc2e5ddb33cc186
SHA1 a8d353dda0f00e908fce25c7c1665b2bf061d4bf
SHA256 59ae2b2559606c773c84e599b1186445672b73c20f33095be32a6eea945a9223
SHA512 6ece6aaa3fa9456cd8421d016a9290516b23b3ccdaf92a153cbfae9ccf85af7949bbc7b1549f70b66d83e35a2ada13bd1dd91fe6d6efa2aa65ef9596a476bbbd

C:\Users\Admin\Downloads\x86\#!~#0Pen_2025_P@$SW0RD!~!~\Setup.exe

MD5 40fcb4ff0e79abf3d597d88bf87c046c
SHA1 9adf2f749b6be1b31fe7c87b9c0a556f99675db7
SHA256 9b1f4d88a2d0db1954030c38bbaac8f7f7a37575536f4124ebfe074936f14b98
SHA512 12db1efbb48ab196c8e2ed2272b6e9c1a562b251dbecfd1923e22cc621ddc2205b458f500885a51c23b9bc3a64a4d65c64f526ab9e86ee1783382bcd639d0c4b

C:\Users\Admin\AppData\Local\Temp\ImNotfy.exe

MD5 3eea73ea32478100a260cf5acf952878
SHA1 f2713d8ccf6a63a9ee2848e635ca1a3484e7ceb4
SHA256 4c3ad8d00ff2a4fe6aec3dfaa605e9b8d3f4a35e3cfe01a4a96405d7b25551c2
SHA512 4cef804c065ae8ac017a1a3d5af94d87adbe40519068c5b5f19d071df054087b10259f655215553445566843a62246752eb3d6c6901ab9ed26aed33a25a6d502

C:\Users\Admin\AppData\Local\Temp\ImUtilsU.dll

MD5 a7eaba8bc12b2b7ec2a41a4d9e45008a
SHA1 6a96a18bb4f1cd6196517713ed634f37f6b0362b
SHA256 914b1e53451b8be2c362d62514f28bdef46a133535d959b13f3f4bf3bc63df3a
SHA512 0ae7fbdb2677d92c62337aa17b60a4887240a4a426ba638c7633587f4582adbcda2bde5ec824aab1a3f69acf2b391118763842acfab856d3d9764850961a2ac8

C:\Users\Admin\AppData\Local\Temp\ImLookU.dll

MD5 3ea6d805a18715f7368363dea3cd3f4c
SHA1 30ffafc1dd447172fa91404f07038d759c412464
SHA256 a6766c524497144d585efa4fe384b516b563203427003508f7c8f6bffa7c928d
SHA512 a102f23741de4ca2184485d9aa4ddd1a36b9ea52cb0859cfd264d69a9996293b7e29b325625f1f6f9330d6c80ff415e09e85e1ae838c58acef585ae8dffe3070

C:\Users\Admin\AppData\Local\Temp\wlessfp1.dll

MD5 5120c44f241a12a3d5a3e87856477c13
SHA1 cd8a6ef728c48e17d570c8dc582ec49e17104f6d
SHA256 fbd4b6011d3d1c2af22827ca548ba19669eef31173d496e75f064ef7a884431c
SHA512 67c0e718368e950d42f007d6a21c6f903b084d6514f777b86aab3111ffe3be995949674276081c0281139a0b39119b84630a0ac341d4ae78677ac8346f371ae1

\Users\Admin\AppData\Local\Temp\ImWrappU.dll

MD5 cbf4827a5920a5f02c50f78ed46d0319
SHA1 b035770e9d9283c61f8f8bbc041e3add0197de7b
SHA256 7187903a9e4078f4d31f4b709a59d24eb6b417ea289f4f28eabce1ea2e713dce
SHA512 d1a285fb630f55df700a74e5222546656de7d2da7e1419e2936078340767d0bab343b603ba0d07140c790eb5d79a8a34b7818b90316ea06cb9f53cad86b6d3f5

C:\Users\Admin\AppData\Local\Temp\SftTree_IX86_U_60.DLL

MD5 57bf106e5ec51b703b83b69a402dc39f
SHA1 bd4cfab7c50318607326504cc877c0bc84ef56ef
SHA256 24f2399fc83198ab8d63ee6a1ad6ffbd1eda4d38048d3e809fecd2a3e0709671
SHA512 8bf60649ece6bbb66c7b94ed0d9214fbeab030d5813e1e7b5d6d2349ee1de9075b7dfbbbbeae5af0dc21b071a00eafce0771ca1804e6752e9a71e71e6b1447df

\Users\Admin\AppData\Local\Temp\mfc80u.dll

MD5 ccc2e312486ae6b80970211da472268b
SHA1 025b52ff11627760f7006510e9a521b554230fee
SHA256 18be5d3c656236b7e3cd6d619d62496fe3e7f66bf2859e460f8ac3d1a6bdaa9a
SHA512 d6892abb1a85b9cf0fc6abe1c3aca6c46fc47541dffc2b75f311e8d2c9c1d367f265599456bd77be0e2b6d20c6c22ff5f0c46e7d9ba22c847ad1cbedc8ca3eff

memory/940-1046-0x0000000000A40000-0x0000000000ACE000-memory.dmp

\Users\Admin\AppData\Local\Temp\IMHttpComm.dll

MD5 a70d91a9fd7b65baa0355ee559098bd8
SHA1 546127579c06ae0ae4f63f216da422065a859e2f
SHA256 96d6264b26decf6595ca6f0584a1b60589ec5dacdf03ddf5fbb6104a6afc9e7a
SHA512 f13b735a47090c7c6cc6c2bf9148408ee6db179c96ee6428270541f27e50ad12cff7486f3a6ffac2ba83fd2e6e8e49661e6258f5aee97eb0f48771cbbd22aefa

\Users\Admin\AppData\Local\Temp\ImNtUtilU.dll

MD5 bb326fe795e2c1c19cd79f320e169fd3
SHA1 1c1f2b8d98f01870455712e6eba26d77753adcac
SHA256 a8e1b0e676dce9556037d29fd96521ec814858404ba4cfdd0db0edbe22c87bc7
SHA512 a1ec894151baa14e4ac1ee9471e8606bf74edd39f7833d9a1a44eee74d403f6b52780c135e9718ff9564fa27d7128c22b8410b21f77e6d804f698cfb4eda65a1

\Users\Admin\AppData\Local\Temp\ImLookExU.dll

MD5 6f2b4c12ceb2557adf0f18a87078214f
SHA1 374dfbd3a6f3ec59757408c7485bd658a2b0776e
SHA256 89f13c536f8e99e845f58c5021372acb4b3003045f23648306740aabf966dfb4
SHA512 0c675a35ff6a1b6c7ffb86736ae12ee11b9f5a83c0c05a85a74aadac71a0def8df247514c0bc5f2a7613e19a7232cc9a64164c0a4121ae845b8d180f7dfe247b

C:\Users\Admin\AppData\Local\Temp\debug.xls

MD5 ec96543c55bbb31e048c4a4b226837a9
SHA1 d992f214a039756a3f55d8f961a112f5fbb539af
SHA256 ae7548c38fdf14d79acd429c3bdbcff273bac953a04537b9755277d6decbca74
SHA512 a541781cbcd663335e7496bf68d59a86e3b36ce4e40d517c3697b94869cedb25516bddd5e08f929653c9791f1401a42d923d82deba41fc84284923b4913b6023

C:\Users\Admin\AppData\Local\Temp\anon.htm

MD5 2d4c089e1981ada86a3f301d5f4c0d21
SHA1 e21c400bc5c0aeb36a308192d872c8940ab38b6c
SHA256 7e0b95bd41d040bacc1cf1a7d6e12e2ee5e74609c30c91fbcc35916aea47091b
SHA512 c2d97c071161b144f36e9d1ad03aaae8f93b3d2b4178c52ce97905e73f09baf39a506f4f713c63397640e5018ee8bd63382133259cab0dca490d7517240606b4

memory/940-1051-0x00000000726F0000-0x000000007286B000-memory.dmp

memory/940-1052-0x00007FF99AF30000-0x00007FF99B10B000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\msvcr80.dll

MD5 e4fece18310e23b1d8fee993e35e7a6f
SHA1 9fd3a7f0522d36c2bf0e64fc510c6eea3603b564
SHA256 02bdde38e4c6bd795a092d496b8d6060cdbe71e22ef4d7a204e3050c1be44fa9
SHA512 2fb5f8d63a39ba5e93505df3a643d14e286fe34b11984cbed4b88e8a07517c03efb3a7bf9d61cf1ec73b0a20d83f9e6068e61950a61d649b8d36082bb034ddfc

C:\Users\Admin\AppData\Local\Temp\msvcp80.dll

MD5 4c8a880eabc0b4d462cc4b2472116ea1
SHA1 d0a27f553c0fe0e507c7df079485b601d5b592e6
SHA256 2026f3c4f830dff6883b88e2647272a52a132f25eb42c0d423e36b3f65a94d08
SHA512 6a6cce8c232f46dab9b02d29be5e0675cc1e968e9c2d64d0abc008d20c0a7baeb103a5b1d9b348fa1c4b3af9797dbcb6e168b14b545fb15c2ccd926c3098c31c

C:\Users\Admin\AppData\Local\Temp\Microsoft.VC80.MFC.manifest

MD5 97b859f11538bbe20f17dfb9c0979a1c
SHA1 2593ad721d7be3821fd0b40611a467db97be8547
SHA256 4ed3ba814de7fd08b4e4c6143d144e603536c343602e1071803b86e58391be36
SHA512 905c7879df47559ad271dc052ef8ae38555eac49e8ac516bc011624bf9a622eb10ee5c6a06fbd3e5c0fa956a0d38f03f6808c1c58ee57813818fe8b8319a3541

C:\Users\Admin\AppData\Local\Temp\Microsoft.VC80.CRT.manifest

MD5 541423a06efdcd4e4554c719061f82cf
SHA1 2e12c6df7352c3ed3c61a45baf68eace1cc9546e
SHA256 17ad1a64ba1c382abf89341b40950f9b31f95015c6b0d3e25925bfebc1b53eb5
SHA512 11cf735dcddba72babb9de8f59e0c180a9fec8268cbfca09d17d8535f1b92c17bf32acda86499e420cbe7763a96d6067feb67fa1ed745067ab326fd5b84188c6

memory/4240-1092-0x0000000000A10000-0x0000000000A9E000-memory.dmp

memory/4240-1094-0x00000000740E0000-0x000000007425B000-memory.dmp

memory/4240-1095-0x00007FF99AF30000-0x00007FF99B10B000-memory.dmp

memory/4240-1096-0x00000000740E0000-0x000000007425B000-memory.dmp

memory/1420-1098-0x00007FF99AF30000-0x00007FF99B10B000-memory.dmp

memory/1420-1100-0x00000000740E0000-0x000000007425B000-memory.dmp

memory/1936-1138-0x00000000740E0000-0x000000007425B000-memory.dmp

memory/1936-1140-0x00007FF99AF30000-0x00007FF99B10B000-memory.dmp

memory/5056-1160-0x00000000740E0000-0x000000007425B000-memory.dmp

memory/5056-1161-0x00007FF99AF30000-0x00007FF99B10B000-memory.dmp

memory/2140-1162-0x00007FF99AF30000-0x00007FF99B10B000-memory.dmp

memory/5056-1163-0x00000000740E0000-0x000000007425B000-memory.dmp

memory/2140-1165-0x0000000001250000-0x000000000199B000-memory.dmp