hxxps://www[.]mediafire[.]com/file/47965nzt07tixtf/MAIR_Pack[.]rar/file

Analysis

max time kernel
299s
max time network
292s
platform
windows11-21h2_x64
resource
win11-20240611-en
resource tags

arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
submitted
30/06/2024, 22:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/47965nzt07tixtf/MAIR_Pack.rar/file

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133642616181145780"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2198854727-3842442895-2838824242-1000_Classes\Local Settings	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\MAIR Pack.rar:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
7196	chrome.exe
7196	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 58 IoCs

pid	Process
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe
Token: SeShutdownPrivilege	3192	chrome.exe
Token: SeCreatePagefilePrivilege	3192	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe
3192	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3192 wrote to memory of 4912	3192	chrome.exe	80
PID 3192 wrote to memory of 4912	3192	chrome.exe	80
PID 3192 wrote to memory of 3168	3192	chrome.exe	82
PID 3192 wrote to memory of 3168	3192	chrome.exe	82
PID 3192 wrote to memory of 3168	3192	chrome.exe	82
PID 3192 wrote to memory of 3168	3192	chrome.exe	82
PID 3192 wrote to memory of 3168	3192	chrome.exe	82
PID 3192 wrote to memory of 3168	3192	chrome.exe	82
PID 3192 wrote to memory of 3168	3192	chrome.exe	82
PID 3192 wrote to memory of 3168	3192	chrome.exe	82
PID 3192 wrote to memory of 3168	3192	chrome.exe	82
PID 3192 wrote to memory of 3168	3192	chrome.exe	82
PID 3192 wrote to memory of 3168	3192	chrome.exe	82
PID 3192 wrote to memory of 3168	3192	chrome.exe	82
PID 3192 wrote to memory of 3168	3192	chrome.exe	82
PID 3192 wrote to memory of 3168	3192	chrome.exe	82
PID 3192 wrote to memory of 3168	3192	chrome.exe	82
PID 3192 wrote to memory of 3168	3192	chrome.exe	82
PID 3192 wrote to memory of 3168	3192	chrome.exe	82
PID 3192 wrote to memory of 3168	3192	chrome.exe	82
PID 3192 wrote to memory of 3168	3192	chrome.exe	82
PID 3192 wrote to memory of 3168	3192	chrome.exe	82
PID 3192 wrote to memory of 3168	3192	chrome.exe	82
PID 3192 wrote to memory of 3168	3192	chrome.exe	82
PID 3192 wrote to memory of 3168	3192	chrome.exe	82
PID 3192 wrote to memory of 3168	3192	chrome.exe	82
PID 3192 wrote to memory of 3168	3192	chrome.exe	82
PID 3192 wrote to memory of 3168	3192	chrome.exe	82
PID 3192 wrote to memory of 3168	3192	chrome.exe	82
PID 3192 wrote to memory of 3168	3192	chrome.exe	82
PID 3192 wrote to memory of 3168	3192	chrome.exe	82
PID 3192 wrote to memory of 3168	3192	chrome.exe	82
PID 3192 wrote to memory of 3168	3192	chrome.exe	82
PID 3192 wrote to memory of 2908	3192	chrome.exe	83
PID 3192 wrote to memory of 2908	3192	chrome.exe	83
PID 3192 wrote to memory of 4044	3192	chrome.exe	84
PID 3192 wrote to memory of 4044	3192	chrome.exe	84
PID 3192 wrote to memory of 4044	3192	chrome.exe	84
PID 3192 wrote to memory of 4044	3192	chrome.exe	84
PID 3192 wrote to memory of 4044	3192	chrome.exe	84
PID 3192 wrote to memory of 4044	3192	chrome.exe	84
PID 3192 wrote to memory of 4044	3192	chrome.exe	84
PID 3192 wrote to memory of 4044	3192	chrome.exe	84
PID 3192 wrote to memory of 4044	3192	chrome.exe	84
PID 3192 wrote to memory of 4044	3192	chrome.exe	84
PID 3192 wrote to memory of 4044	3192	chrome.exe	84
PID 3192 wrote to memory of 4044	3192	chrome.exe	84
PID 3192 wrote to memory of 4044	3192	chrome.exe	84
PID 3192 wrote to memory of 4044	3192	chrome.exe	84
PID 3192 wrote to memory of 4044	3192	chrome.exe	84
PID 3192 wrote to memory of 4044	3192	chrome.exe	84
PID 3192 wrote to memory of 4044	3192	chrome.exe	84
PID 3192 wrote to memory of 4044	3192	chrome.exe	84
PID 3192 wrote to memory of 4044	3192	chrome.exe	84
PID 3192 wrote to memory of 4044	3192	chrome.exe	84
PID 3192 wrote to memory of 4044	3192	chrome.exe	84
PID 3192 wrote to memory of 4044	3192	chrome.exe	84
PID 3192 wrote to memory of 4044	3192	chrome.exe	84
PID 3192 wrote to memory of 4044	3192	chrome.exe	84
PID 3192 wrote to memory of 4044	3192	chrome.exe	84
PID 3192 wrote to memory of 4044	3192	chrome.exe	84
PID 3192 wrote to memory of 4044	3192	chrome.exe	84
PID 3192 wrote to memory of 4044	3192	chrome.exe	84
PID 3192 wrote to memory of 4044	3192	chrome.exe	84

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.mediafire.com/file/47965nzt07tixtf/MAIR_Pack.rar/file
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc6c4aab58,0x7ffc6c4aab68,0x7ffc6c4aab78
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:2
  2⤵
  PID:3168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:8
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2160 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:8
  2⤵
  PID:4044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3020 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:1
  2⤵
  PID:3732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3172 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4264 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4428 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:1
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4608 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3804 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5196 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:1
  2⤵
  PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5368 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5620 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:1
  2⤵
  PID:2532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=6136 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:1
  2⤵
  PID:756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:8
  2⤵
  PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:8
  2⤵
  PID:2680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5360 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:1
  2⤵
  PID:836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5768 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4972 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:1
  2⤵
  PID:244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4992 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6384 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:1
  2⤵
  PID:2380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6528 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6812 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:1
  2⤵
  PID:420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6516 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6648 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=7252 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:1
  2⤵
  PID:700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=7652 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:1
  2⤵
  PID:5820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=7376 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:1
  2⤵
  PID:5900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=7928 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:1
  2⤵
  PID:5980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=7936 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:1
  2⤵
  PID:6084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=8440 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:1
  2⤵
  PID:5284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=8444 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:1
  2⤵
  PID:5572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=8652 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:1
  2⤵
  PID:5704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=8456 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:1
  2⤵
  PID:6072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=8772 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:1
  2⤵
  PID:6208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=8276 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:1
  2⤵
  PID:6288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=8012 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:1
  2⤵
  PID:6368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=9292 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:1
  2⤵
  PID:6452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=8824 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:1
  2⤵
  PID:6564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=8756 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:1
  2⤵
  PID:6644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=8332 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:1
  2⤵
  PID:6724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=8320 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:1
  2⤵
  PID:6804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=10100 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:1
  2⤵
  PID:6884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=9992 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:1
  2⤵
  PID:6960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=10396 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:1
  2⤵
  PID:7140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=10416 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:1
  2⤵
  PID:6400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=10592 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:1
  2⤵
  PID:7080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=10440 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:1
  2⤵
  PID:7248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=10732 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:1
  2⤵
  PID:7328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=10900 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:1
  2⤵
  PID:7408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=11164 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:1
  2⤵
  PID:7488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=11168 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:1
  2⤵
  PID:7596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=11332 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:1
  2⤵
  PID:7676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=11648 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:1
  2⤵
  PID:8188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=11688 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:1
  2⤵
  PID:7544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=11684 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:1
  2⤵
  PID:7564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=11716 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:1
  2⤵
  PID:7536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=11672 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:1
  2⤵
  PID:7552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=11756 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:1
  2⤵
  PID:7832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=10884 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:1
  2⤵
  PID:7868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=11764 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:1
  2⤵
  PID:7900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=11784 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:1
  2⤵
  PID:7880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=11800 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:1
  2⤵
  PID:7884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=11832 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:1
  2⤵
  PID:7860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8364 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:8
  2⤵
  PID:5648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8316 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:8
  2⤵
  PID:5672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9520 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:8
  2⤵
  PID:6192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=10512 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:7196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9608 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:8
  2⤵
  - NTFS ADS
  PID:7372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8104 --field-trial-handle=1832,i,5650367944365407732,6259486381590848449,131072 /prefetch:8
  2⤵
  PID:7940

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:952

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5592

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\MAIR Pack\" -ad -an -ai#7zMap4693:80:7zEvent30231
1⤵
PID:3056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\98660ea6-ce67-4871-b077-e5f9a160b69a.tmp

Filesize
140KB

MD5
bef0d592a5176022be518a7b8232b080

SHA1
c6b4f19ef5b459159f68aa6d6b7a5ebbe59f3954

SHA256
2bdedd251fb5cbc16280179f5203a90c82d360e0912044c486b413bdf5c6b710

SHA512
3746a06db63c490acada9bfd197989ab3af1659b5ac8c2824e9604ef338b24f58a2666659635513d86a1adeaa34a9061a2db9888058a7bae3baac60d7e4b50a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
767147a173231a9acb252df47c72fd36

SHA1
ede4b0ac5e9f0d30966504e769e26014d5ef5afe

SHA256
560ea47c2a453d4c8d678522d3da389933d5481b5c0db4f23da212a5d2133b3a

SHA512
a3fcbc35c20cb71f3e8fda9345137f207794666c6ca3862670d33db7c8e7b05e0c1c11d0cd591e2e31c4af1309b2fef872b788507e564db3801e8320d1fda7c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
00dd5d6ad18de88f849ff49f445a7562

SHA1
91a23d0bd4035596d73730f7454085f58fe38104

SHA256
d219d3f7968cd5ad2f9e164a1144f6ff65dda2cdb80c4b04230eb55b76a5f628

SHA512
68dbbe4e0e30bbd3431284645f722007cfb157442adb6921d1c4b41030034259ab3a1397354d3f3609a4de6cee9858e746870a7dd95a1ed701aab498e91d35b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
20KB

MD5
b640497dcbebb65172628dec848f64ac

SHA1
efae79190548bc74a8913d72335c44dfea764a6d

SHA256
dcbedca9dda9cc3896908025adf7cb14d92fc9e99faddb1032c34fa338cea084

SHA512
c508e52d4522d1ff442d937405d5acf99a8eb31e7e4049a8be0968c065ca29b291490e8182b3b8b9a2c91b28d8899a62817a4f78ad33ed4175cf4ae1b125f589

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
20KB

MD5
7145e88502018f32e1bef82f81e7aced

SHA1
e08ee0013ba12567007a33279c7458213d7cd91b

SHA256
6d672a33d217fe39d043ebd32ad6356ac1696763306f992d8c76dfb1d62fe197

SHA512
2e3fea0f4e3a300e34c16fffa9a1e6e432e6cbccdec3089809b4ec7eecb17f8de9ecee1030bae40ce7b12e8b61c34be00a1bda6891bfd4fd862e059399beb395

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
b364296f0c26b25e53720fa2de57dfe6

SHA1
8537d2db29da802174382d1156d40f0f01264200

SHA256
399391f2c8c1551f05b5621416c77dc5fa344dae05b19f16a89a00ad5c8a40fb

SHA512
d6eb680524e11283aff9ed4cd4a6724d27cfb73390b6ec25d7d6bcd4ee813f0514d47b31bb65e598675da6ee994c279e7e9915d08f527d202b583772aa4e508d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
ea7b2eb03238376339de063f8f800255

SHA1
04719f787f9985f1674d7453fcc842463d0316c0

SHA256
d400cdb9df73d9e3d2f62ea6658a70e90176b0a27fb66d99a65617095eb4ee20

SHA512
f3b58fa30e6c2bc2aed6ea3b9a14105b459b0c64de869f94276ce20a0309988afcff280ad21f7abec9833ec6088973f16b8b761c942ce627eacb414f1d5927dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b58e39ce44215df695102cf1a2df093c

SHA1
fdef8cda0f70c46f9c2ee70edff7e414852d664d

SHA256
097ab8f1c3f6c3e226c1d4c9f95c8f2e1dddf16c10d5743637e484a55ae7bf18

SHA512
1eba93b075d10cb864e044a6d7281f8c85318839462f6c61ee93d4aa55c8276b8174a71479358da427686308fe629c8fb5a3e3d312d57c5e8bf992a427783e78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
90878ebe55edb869cd4a25af151095b1

SHA1
288d11db1eb973f0ba5d3ecc40decc9772b22701

SHA256
95a977de37621fdce4c774a2db683d093ac40654ecc0d7272b61d01119abe0e5

SHA512
bf0aa2af45e5cee78e576c7aa1847db7a47553a266359bd410114d379c262bc948bffeedc984cc86ddb079932bbb2b095dee914b63be278613fed40094f132b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
140KB

MD5
aaef7d479cb0a93a7c32f160db29618d

SHA1
0882a97bea8f1c8d94f9ec4bbe5ffa695b36ef28

SHA256
93beb89a36038d70828223c8cd8a2586c470019d5432ee887dde101bc8036ab2

SHA512
9d4842ac49eace78504e14cf5450c561b1c50e44af387ba3b4db83b6ab6a33afe57e09fa8a60086beeddbd27f962a66b17035990a7dc842c4bf491cc1855fb5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
161KB

MD5
e6bc5b3db151f761b79d0f80b3180ec7

SHA1
9d9501de8832a6338a2ec6790e77ec90b668c167

SHA256
df9d488ac9e5ba50ed847bf78f30841f9c07cee7f5f3103843294b5a48abed4f

SHA512
209833a8317ebb8b1521218f92312b3e2a70ee4c4ecc3ed12a3f9b78305fc889a62632e2a4d59c00d0d39def2d8cd054dec03b896a841a5c1ae39874f16f6406

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
96KB

MD5
8c2427ece233fae85272bdc53724ef37

SHA1
1c74b814b98b40e596685ec894de9a38fa897056

SHA256
669e898b574e1f807af4a7eedb7fd1578c84ea97fd0e9af2dcf38c7753de7207

SHA512
226517003b2add2382473c92c292ab13aa589ca79c2d863ea42cf9367c94535dc43571964b58cf1547ff308dc722edb9b55ba8da6717337b9ac4b79d51d82b6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
92KB

MD5
61a74c274d1eea4f883a630b1422ae45

SHA1
24e86f87720066438e2705134766ff900cc20e8d

SHA256
4163be026c2c99ada0549899f2b388a8675c1b2046ed8690591724f56462ae00

SHA512
73cc950edcada3d9ecc31c21dde326f9778f47a77785f73a75e3a0d4347ca99924d2e4d8f1e6371320bce0e71b2417e288d59ff16f6cf9f8c28fa497ed65d1cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe580a3c.TMP

Filesize
88KB

MD5
8fadbe25dfc1a76156a12562cf99eff2

SHA1
6f9cbe6197af4976845d9d39c6ae9e8b2185b9bf

SHA256
eb92d2e206625030ec143144a5656bc8a460ad2f82e3674a2640d0797458f6d6

SHA512
749b801a79186375697495af5a0baa9dc95637a68dd452d4a2a48c30a2a70052e15dbea5aaacb761f7fdd21f6d35135cb7acc0befec3334311b0ef6189568912

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\f646cc98-1d8f-4bd8-8db6-b8341d7ffebe.tmp

Filesize
140KB

MD5
fcf63cda64fc51e9de8f93fc5a5b6a11

SHA1
df08220803a9f6a91fc2cfb8f5414f30346bd0fc

SHA256
51a5726213ffa50a2cacadd8654c595695977f7de5430383109c3c653563be88

SHA512
ee79f625f4e6daa6f02f51e0fe7ab4b5e1d29a6ccd8baacbc0fd162cbcd67e7df489b07f113c2680812f37216ee5e8175da663eb0770a1775c1d53a58960f2d6

Download Submit
C:\Users\Admin\Downloads\MAIR Pack.rar:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\MAIR Pack\goth pack by supreme\citizen\common\data\lensflare_t.xml

Filesize
63KB

MD5
6b6ae2311578b70f68259f1281e1e91c

SHA1
86463bc4d5bf8582ebf02e896439aa96d5caa8cd

SHA256
4a08b744f2edf5731f25b73e99eed51bd31ef6fdc9873c0b8957593dfdc75129

SHA512
acc5fb12e2aae86ecd920c177b47c8258aca790eed57d9c54cd64917161524312e7b60a3437f3c60a4bf90475d15989217a76af9f77f429d56bdf6edcc1c01b8

Download Submit
C:\Users\Admin\Downloads\MAIR Pack\goth pack by supreme\citizen\platform-2189\data\control\settings.meta

Filesize
37KB

MD5
3656c6636cd9dbceaf83230c3c9a2be9

SHA1
989f27c6736a943fd4690091fed26f7c17e3c17f

SHA256
f9ae094812ce9fbd56b58dab7739451792aba8f56c5f21eee15ef96682b413a6

SHA512
52bbb8f2b2d6183f30b908d9171a2ec8c2128bbce145b7af0095d4c199b1ec431d650ec4ed0b1b6cbc7bcc8d29da3285cdcc61368faa8c4e57b45315ced4e4ad

Download Submit
C:\Users\Admin\Downloads\MAIR Pack\goth pack by supreme\citizen\scripting\lua\natives_universal.lua

Filesize
1.4MB

MD5
14006a3ec94203facc7297a7c6823572

SHA1
5e5d0b26c9f42583253389473816120c95ce3424

SHA256
72290b8bd48a61b75c4d4adb571c9dba4148baad80e35fa84624af7454e9c284

SHA512
1e1d7724e0943b2d4de6b9f135a7e25e2de443b0f0e9701964235ce61ddd1c385470dfa0427e3f52c929b4912d4d3ca9f6b50a256a340e7dcd85af1301cc7b2a

Download Submit
C:\Users\Admin\Downloads\MAIR Pack\goth pack by supreme\citizen\scripting\v8\natives_universal.d.ts

Filesize
1.5MB

MD5
497b16d06ef2ada6ff12db939a6a5884

SHA1
1df0dcdc1111d6b98c576f7401292687ecb8876e

SHA256
1e4dbf533b50bd1a78866e8ccc282924d2ec8709ecd11f56ac53ef53d14cbab0

SHA512
190354657aa8ce352b476a75edcb7f5305c5defab051b240f904abb711ec14d371ebf986c612f5d385b6d3137d8dbdff6f83f82236c8bc3b0c6fc452228d527b

Download Submit
C:\Users\Admin\Downloads\MAIR Pack\goth pack by supreme\citizen\scripting\v8\natives_universal.js

Filesize
1.5MB

MD5
26135d07f123bba5618ec82deee247ed

SHA1
bcf49df925ee8174d90053ac704e372bb5042a6a

SHA256
0247594bfd86b8cbbf1178d58ee539f5cdf05240147e67855a75c4bae2420d33

SHA512
fa99382ce234bd90a6335f23c15f50f02f60e86321d26d19991fee7e385d4f37c0eb6b8256f810d2f7a39ca8cd0cedcc2aa39b43f090e18a06c751f36b735535

Download Submit