Malware Analysis Report

2024-11-15 08:36

Sample ID 240901-mjx4xsyena
Target https://gofile.io/d/E8ookh
Tags
asyncrat default agilenet discovery rat upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://gofile.io/d/E8ookh was found to be: Known bad.

Malicious Activity Summary

asyncrat default agilenet discovery rat upx

AsyncRat

Obfuscated with Agile.Net obfuscator

Loads dropped DLL

UPX packed file

Executes dropped EXE

Looks up external IP address via web service

Drops file in System32 directory

System Location Discovery: System Language Discovery

Browser Information Discovery

Checks SCSI registry key(s)

Uses Task Scheduler COM API

Modifies data under HKEY_USERS

Suspicious use of FindShellTrayWindow

Scheduled Task/Job: Scheduled Task

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-01 10:30

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-01 10:30

Reported

2024-09-01 10:35

Platform

win10v2004-20240802-en

Max time kernel

300s

Max time network

300s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://gofile.io/d/E8ookh

Signatures

AsyncRat

rat asyncrat

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\S-500-RAT-Cracked\S-500-RAT-Cracked\ServerRegistrationManager.exe N/A

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A
N/A ip-api.com N/A N/A
N/A ip-api.com N/A N/A
N/A ip-api.com N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File created \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\S-500-RAT-Cracked\S-500-RAT-Cracked\core32.cfg N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\winst\winst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\S-500-RAT-Cracked\S-500-RAT-Cracked\S500RAT.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\vshost\vshost.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133696602583124429" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (data) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Windows\system32\taskmgr.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 C:\Windows\system32\taskmgr.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings C:\Windows\system32\taskmgr.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Windows\system32\taskmgr.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Windows\system32\taskmgr.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202 C:\Windows\system32\taskmgr.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Windows\system32\taskmgr.exe N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\schtasks.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Desktop\S-500-RAT-Cracked\S-500-RAT-Cracked\ServerRegistrationManager.exe N/A
N/A N/A C:\Users\Admin\Desktop\S-500-RAT-Cracked\S-500-RAT-Cracked\ServerRegistrationManager.exe N/A
N/A N/A C:\Users\Admin\Desktop\S-500-RAT-Cracked\S-500-RAT-Cracked\ServerRegistrationManager.exe N/A
N/A N/A C:\Users\Admin\Desktop\S-500-RAT-Cracked\S-500-RAT-Cracked\ServerRegistrationManager.exe N/A
N/A N/A C:\Users\Admin\Desktop\S-500-RAT-Cracked\S-500-RAT-Cracked\ServerRegistrationManager.exe N/A
N/A N/A C:\Users\Admin\Desktop\S-500-RAT-Cracked\S-500-RAT-Cracked\ServerRegistrationManager.exe N/A
N/A N/A C:\Users\Admin\Desktop\S-500-RAT-Cracked\S-500-RAT-Cracked\ServerRegistrationManager.exe N/A
N/A N/A C:\Users\Admin\Desktop\S-500-RAT-Cracked\S-500-RAT-Cracked\ServerRegistrationManager.exe N/A
N/A N/A C:\Users\Admin\Desktop\S-500-RAT-Cracked\S-500-RAT-Cracked\ServerRegistrationManager.exe N/A
N/A N/A C:\Users\Admin\Desktop\S-500-RAT-Cracked\S-500-RAT-Cracked\ServerRegistrationManager.exe N/A
N/A N/A C:\Users\Admin\Desktop\S-500-RAT-Cracked\S-500-RAT-Cracked\ServerRegistrationManager.exe N/A
N/A N/A C:\Users\Admin\Desktop\S-500-RAT-Cracked\S-500-RAT-Cracked\ServerRegistrationManager.exe N/A
N/A N/A C:\Users\Admin\Desktop\S-500-RAT-Cracked\S-500-RAT-Cracked\ServerRegistrationManager.exe N/A
N/A N/A C:\Users\Admin\Desktop\S-500-RAT-Cracked\S-500-RAT-Cracked\ServerRegistrationManager.exe N/A
N/A N/A C:\Users\Admin\Desktop\S-500-RAT-Cracked\S-500-RAT-Cracked\ServerRegistrationManager.exe N/A
N/A N/A C:\Users\Admin\Desktop\S-500-RAT-Cracked\S-500-RAT-Cracked\ServerRegistrationManager.exe N/A
N/A N/A C:\Users\Admin\Desktop\S-500-RAT-Cracked\S-500-RAT-Cracked\ServerRegistrationManager.exe N/A
N/A N/A C:\Users\Admin\Desktop\S-500-RAT-Cracked\S-500-RAT-Cracked\ServerRegistrationManager.exe N/A
N/A N/A C:\Users\Admin\Desktop\S-500-RAT-Cracked\S-500-RAT-Cracked\ServerRegistrationManager.exe N/A
N/A N/A C:\Users\Admin\Desktop\S-500-RAT-Cracked\S-500-RAT-Cracked\ServerRegistrationManager.exe N/A
N/A N/A C:\Users\Admin\Desktop\S-500-RAT-Cracked\S-500-RAT-Cracked\ServerRegistrationManager.exe N/A
N/A N/A C:\Users\Admin\Desktop\S-500-RAT-Cracked\S-500-RAT-Cracked\ServerRegistrationManager.exe N/A
N/A N/A C:\Users\Admin\Desktop\S-500-RAT-Cracked\S-500-RAT-Cracked\ServerRegistrationManager.exe N/A
N/A N/A C:\Users\Admin\Desktop\S-500-RAT-Cracked\S-500-RAT-Cracked\ServerRegistrationManager.exe N/A
N/A N/A C:\Users\Admin\Desktop\S-500-RAT-Cracked\S-500-RAT-Cracked\ServerRegistrationManager.exe N/A
N/A N/A C:\Users\Admin\Desktop\S-500-RAT-Cracked\S-500-RAT-Cracked\ServerRegistrationManager.exe N/A
N/A N/A C:\Users\Admin\Desktop\S-500-RAT-Cracked\S-500-RAT-Cracked\ServerRegistrationManager.exe N/A
N/A N/A C:\Users\Admin\Desktop\S-500-RAT-Cracked\S-500-RAT-Cracked\ServerRegistrationManager.exe N/A
N/A N/A C:\Users\Admin\Desktop\S-500-RAT-Cracked\S-500-RAT-Cracked\ServerRegistrationManager.exe N/A
N/A N/A C:\Users\Admin\Desktop\S-500-RAT-Cracked\S-500-RAT-Cracked\ServerRegistrationManager.exe N/A
N/A N/A C:\Users\Admin\Desktop\S-500-RAT-Cracked\S-500-RAT-Cracked\ServerRegistrationManager.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Desktop\S-500-RAT-Cracked\S-500-RAT-Cracked\xKeyGenerator.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\Desktop\S-500-RAT-Cracked\S-500-RAT-Cracked\xKeyGenerator.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Desktop\S-500-RAT-Cracked\S-500-RAT-Cracked\xKeyGenerator.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\Desktop\S-500-RAT-Cracked\S-500-RAT-Cracked\xKeyGenerator.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\Desktop\S-500-RAT-Cracked\S-500-RAT-Cracked\xKeyGenerator.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\Desktop\S-500-RAT-Cracked\S-500-RAT-Cracked\xKeyGenerator.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\Desktop\S-500-RAT-Cracked\S-500-RAT-Cracked\xKeyGenerator.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\Desktop\S-500-RAT-Cracked\S-500-RAT-Cracked\xKeyGenerator.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\Desktop\S-500-RAT-Cracked\S-500-RAT-Cracked\xKeyGenerator.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Desktop\S-500-RAT-Cracked\S-500-RAT-Cracked\xKeyGenerator.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4400 wrote to memory of 4936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4400 wrote to memory of 4936 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4400 wrote to memory of 4556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4400 wrote to memory of 4556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4400 wrote to memory of 4556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4400 wrote to memory of 4556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4400 wrote to memory of 4556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4400 wrote to memory of 4556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4400 wrote to memory of 4556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4400 wrote to memory of 4556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4400 wrote to memory of 4556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4400 wrote to memory of 4556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4400 wrote to memory of 4556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4400 wrote to memory of 4556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4400 wrote to memory of 4556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4400 wrote to memory of 4556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4400 wrote to memory of 4556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4400 wrote to memory of 4556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4400 wrote to memory of 4556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4400 wrote to memory of 4556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4400 wrote to memory of 4556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4400 wrote to memory of 4556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4400 wrote to memory of 4556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4400 wrote to memory of 4556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4400 wrote to memory of 4556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4400 wrote to memory of 4556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4400 wrote to memory of 4556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4400 wrote to memory of 4556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4400 wrote to memory of 4556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4400 wrote to memory of 4556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4400 wrote to memory of 4556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4400 wrote to memory of 4556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4400 wrote to memory of 4640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4400 wrote to memory of 4640 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4400 wrote to memory of 4956 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4400 wrote to memory of 4956 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4400 wrote to memory of 4956 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4400 wrote to memory of 4956 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4400 wrote to memory of 4956 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4400 wrote to memory of 4956 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4400 wrote to memory of 4956 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4400 wrote to memory of 4956 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4400 wrote to memory of 4956 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4400 wrote to memory of 4956 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4400 wrote to memory of 4956 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4400 wrote to memory of 4956 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4400 wrote to memory of 4956 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4400 wrote to memory of 4956 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4400 wrote to memory of 4956 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4400 wrote to memory of 4956 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4400 wrote to memory of 4956 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4400 wrote to memory of 4956 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4400 wrote to memory of 4956 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4400 wrote to memory of 4956 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4400 wrote to memory of 4956 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4400 wrote to memory of 4956 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4400 wrote to memory of 4956 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4400 wrote to memory of 4956 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4400 wrote to memory of 4956 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4400 wrote to memory of 4956 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4400 wrote to memory of 4956 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4400 wrote to memory of 4956 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4400 wrote to memory of 4956 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4400 wrote to memory of 4956 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://gofile.io/d/E8ookh

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffcfe12cc40,0x7ffcfe12cc4c,0x7ffcfe12cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1900,i,9716977762141426090,2729239515367426478,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1892 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2176,i,9716977762141426090,2729239515367426478,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2180 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2268,i,9716977762141426090,2729239515367426478,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2232 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,9716977762141426090,2729239515367426478,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3200 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3164,i,9716977762141426090,2729239515367426478,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3236 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4064,i,9716977762141426090,2729239515367426478,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4508 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4492,i,9716977762141426090,2729239515367426478,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4656 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4260,i,9716977762141426090,2729239515367426478,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4788 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5060,i,9716977762141426090,2729239515367426478,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4992 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5124,i,9716977762141426090,2729239515367426478,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5316 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Desktop\S-500-RAT-Cracked\S-500-RAT-Cracked\xKeyGenerator.exe

"C:\Users\Admin\Desktop\S-500-RAT-Cracked\S-500-RAT-Cracked\xKeyGenerator.exe"

C:\Windows\System32\schtasks.exe

"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN SearchFilterHost /TR "C:\ProgramData\SearchFilterHost\SearchFilterHost.exe"

C:\Users\Admin\Desktop\S-500-RAT-Cracked\S-500-RAT-Cracked\S500RAT.exe

"C:\Users\Admin\Desktop\S-500-RAT-Cracked\S-500-RAT-Cracked\S500RAT.exe"

C:\ProgramData\vshost\vshost.exe

C:\ProgramData\\vshost\\vshost.exe ,.

C:\Users\Admin\Desktop\S-500-RAT-Cracked\S-500-RAT-Cracked\core32.cfg

core32.cfg

C:\ProgramData\winst\winst.exe

C:\ProgramData\\winst\\winst.exe YXbxdIZqKpSeXDvrL7vTIuTjmPqAqanw7SaFcVOST9dW3mkVLaBAu1UJKDlIEqmD

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\5658.tmp\5659.tmp\565A.bat C:\Users\Admin\Desktop\S-500-RAT-Cracked\S-500-RAT-Cracked\core32.cfg"

C:\Windows\system32\chcp.com

chcp 65001

C:\Users\Admin\Desktop\S-500-RAT-Cracked\S-500-RAT-Cracked\ServerRegistrationManager.exe

ServerRegistrationManager.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\ProgramData\SearchFilterHost\SearchFilterHost.exe

C:\ProgramData\SearchFilterHost\SearchFilterHost.exe

C:\Windows\System32\grpconv.exe

"C:\Windows\System32\grpconv.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3016,i,9716977762141426090,2729239515367426478,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5316 /prefetch:8

C:\ProgramData\SearchFilterHost\SearchFilterHost.exe

C:\ProgramData\SearchFilterHost\SearchFilterHost.exe

C:\ProgramData\SearchFilterHost\SearchFilterHost.exe

C:\ProgramData\SearchFilterHost\SearchFilterHost.exe

C:\ProgramData\SearchFilterHost\SearchFilterHost.exe

C:\ProgramData\SearchFilterHost\SearchFilterHost.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 gofile.io udp
FR 45.112.123.126:443 gofile.io tcp
FR 45.112.123.126:443 gofile.io udp
US 8.8.8.8:53 api.gofile.io udp
FR 45.112.123.126:443 api.gofile.io tcp
FR 45.112.123.126:443 api.gofile.io udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 126.123.112.45.in-addr.arpa udp
US 8.8.8.8:53 42.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 s.gofile.io udp
FR 51.75.242.210:443 s.gofile.io tcp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.212.234:443 content-autofill.googleapis.com tcp
FR 51.75.242.210:443 s.gofile.io tcp
US 8.8.8.8:53 ad.a-ads.com udp
DE 136.243.35.166:443 ad.a-ads.com tcp
US 8.8.8.8:53 static.a-ads.com udp
DE 148.251.155.232:443 static.a-ads.com tcp
US 8.8.8.8:53 210.242.75.51.in-addr.arpa udp
US 8.8.8.8:53 234.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 166.35.243.136.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 232.155.251.148.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 cold2.gofile.io udp
FR 31.14.70.251:443 cold2.gofile.io tcp
FR 31.14.70.251:443 cold2.gofile.io tcp
US 8.8.8.8:53 251.70.14.31.in-addr.arpa udp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 1.112.95.208.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 45.56.20.217.in-addr.arpa udp
US 8.8.8.8:53 stlaip74566.ddnsgeek.com udp
US 162.216.242.206:80 stlaip74566.ddnsgeek.com tcp
US 8.8.8.8:53 206.242.216.162.in-addr.arpa udp
US 8.8.8.8:53 stlaep34621.ddnsgeek.com udp
RO 185.247.224.98:443 stlaep34621.ddnsgeek.com tcp
US 8.8.8.8:53 98.224.247.185.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 ad.a-ads.com udp
DE 78.46.33.196:443 ad.a-ads.com tcp
US 8.8.8.8:53 static.a-ads.com udp
DE 213.239.209.209:443 static.a-ads.com tcp
US 8.8.8.8:53 196.33.46.78.in-addr.arpa udp
US 8.8.8.8:53 209.209.239.213.in-addr.arpa udp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp

Files

\??\pipe\crashpad_4400_FAWPDDPYSLQBFUMF

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 0a4b5d087eecc56f6b5dbf41a16ee2ca
SHA1 f2aab3c1ec3078543a5c8f2735870af7ea58cffe
SHA256 2148e0d9c995fd1d86d3d265772f38eec18b4c6215dab748165662215e950ebe
SHA512 e2e162c9ee679f0360e1e69b38851572a6af3f18519b6bbffb457b23c7b15b2a775a38679ec25fede451aa6df09fc5c7f280646d91aa97b4cd2e4722274f96ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 6541a2a9b3d890e2d35b55571a8eb86f
SHA1 c4578533d7cfc131bb020dffc3bd9f74205e8655
SHA256 653a5bbcd973a32557c21518b56b23be39ec727b41e8a0629b5ffe1096a00e97
SHA512 2d4d65b244b01ee90928e349430bf3ebf7abfaf40d0e7a28c1447ff291e22589e96f89f39ed246e298045276ee49709b785302791e8af9df83b71a6866dc46a6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8c7a2d6a74ad1995a76ce50faac50f32
SHA1 b0860f7c8c11362125367d3cc92226938f8551d0
SHA256 3ff33a43fd963f76dbb53a46b44efb29f2995b291e8bfefc45d47b470cef5978
SHA512 31b630b19a9e682d867fe51cceabb8d5186d1669cd5f4c067cc139d054a3e436b561b090272f8cda1fd93634305f21c17c901fc5350fec28eaf5eeb3455c3e62

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 74a14174b7cf4687a8d3419895e39e24
SHA1 47a3d617e97eb0e0414f40d94167f57f6182166e
SHA256 8443904f61f485ff58109f47da0ba6c45c21128e2af7a93fe1d11157ab71ac56
SHA512 55971a0759d5cbfb1bf22486c5d3f90db6007da52c821e275698ab071d5f452b17708eaac9b3583a30e60c241883826d048430f63cf3b8063c846c8c972e00a7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bcb9464eae5bf08bfed3e38dd9fd90f1
SHA1 64f280c7383bfa1f07c9daf1a525eea96ef2f065
SHA256 e3eb028f525dfcbdf998ce7f359748c1f51a5d73b6872432ed6ef95ce8ed2add
SHA512 6b41238f8dabeeda4379113ba12b19ca48bdffa48f32d4fc24173efbdb0a560f176a8c55f4689ba3d42efdd16561ee51fe8cb77de30df1abac9e52d8e5e3acae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b14d04f4d1242b69a64e47741eade263
SHA1 e32b8613f216ed159dd6b3b8df9c68505331cd88
SHA256 88de28c6f7190075c4484a267c745aaaf012627ba01540467aa27a26d6ce9e0d
SHA512 03e51649a70a903481b1641fe121d6e81469b6b5bddb5a6717c2d156173f14f293c337021f67c12241884a2b222410ed78710565ac9c9cda34bfec2279c77efb

memory/2328-110-0x00007FFCE8213000-0x00007FFCE8215000-memory.dmp

memory/2328-111-0x0000000000490000-0x00000000005B8000-memory.dmp

memory/2328-113-0x00007FFCE8210000-0x00007FFCE8CD1000-memory.dmp

memory/2328-115-0x00007FFCE8210000-0x00007FFCE8CD1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ad146ff9da16537b634710205280012f
SHA1 9f0aa6843d049777c38f291d44673bbc47342c17
SHA256 21f5a0d850f054d10acc63e1ceecf41956817f494649e7dec1bdd56ab725a524
SHA512 468e211c098ff1c53ce4f2bd27390bfd0b1bbbf255f0e729831b688574e53019eebac9fc1831542f07d0cb5b0961badfcf5375dc7c29fafb2b7d1cda33b363ed

C:\ProgramData\vshost\vshost.exe

MD5 4e6a7ee0e286ab61d36c26bd38996821
SHA1 820674b4c75290f8f667764bfb474ca8c1242732
SHA256 f67daf4bf2ad0e774bbd53f243e66806397036e5fde694f3856b27bc0463c0a3
SHA512 f9d99d960afce980421e654d1d541c1fdb81252615c48eed5c4a5c962cb20123d06dbdf383a37a476aa41e4ffabca30e95a8735739c35f66efbaa1dee8a9ba8a

memory/844-134-0x0000000000400000-0x0000000000439000-memory.dmp

C:\ProgramData\winst\winst.exe

MD5 59238144771807b1cbc407b250d6b2c3
SHA1 6c9f87cca7e857e888cb19ea45cf82d2e2d29695
SHA256 8baa5811836c0b4a64810f6a7d6e1d31d7f80350c69643dc9594f58fd0233a7b
SHA512 cf2f8b84526ae8a1445a2d8a2b9099b164f80a7b7290f68058583b0b235395d749ad0b726c4e36d5e901c18d6946fd9b0dd76c20016b65dc7a3977f68ee4a220

C:\Users\Admin\AppData\Local\Temp\5658.tmp\5659.tmp\565A.bat

MD5 fc4af7384f0b6f274dd3e745f0aceeaa
SHA1 31b310f869b15b84e52ef282cabaee974e5043cf
SHA256 f27a781bd4e8788990ceecac17ba4b9642e15f0d311e17d62c70db694c207a34
SHA512 dc7b542d89236105c8b8976e5af0e9e557eaa919adb2e8384b55b70c0b5bc6f00d2010538b9abaca90bb797d24fd509acdc1b3a6beea27f11405bf198349f57f

memory/3428-142-0x000001FC830C0000-0x000001FC84184000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 98945b235a56811e0b3aaaf4e9419420
SHA1 902e4f7d65c49fd38b9d8be61e3ae58201b1efc7
SHA256 3feebfb5c0b32f1a1097f84113733e1b35d89da0d5e30bbdcc3a65e2bf6c5720
SHA512 3001913e442f5e3fe47cfd306745d47c31d6da3230fd39ed09319855827f12651d1ea78f987fe9bd1595c5042c3ffcf6b5f640feb195272d0ce57831c762eae9

memory/3428-152-0x000001FC9EA50000-0x000001FC9EC42000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\c6ef4c2b-9a55-40b4-957b-c3cb74191397\GunaDotNetRT64.dll

MD5 9c43f77cb7cff27cb47ed67babe3eda5
SHA1 b0400cf68249369d21de86bd26bb84ccffd47c43
SHA256 f25b9288fe370dcfcb4823fb4e44ab88c7f5fce6e137d0dba389a3dba07d621e
SHA512 cde6fb6cf8db6f9746e69e6c10214e60b3646700d70b49668a2a792e309714dd2d4c5a5241977a833a95fcde8318abcc89eb9968a5039a0b75726bbfa27125a7

memory/3428-160-0x00007FFCEA220000-0x00007FFCEA247000-memory.dmp

memory/3428-161-0x00007FFCE7560000-0x00007FFCE76AE000-memory.dmp

memory/3428-162-0x000001FC9F0D0000-0x000001FC9F310000-memory.dmp

memory/3428-163-0x000001FC9F050000-0x000001FC9F082000-memory.dmp

memory/3428-164-0x000001FCA54A0000-0x000001FCA54AC000-memory.dmp

memory/3428-165-0x000001FCA54D0000-0x000001FCA54E2000-memory.dmp

memory/3428-166-0x000001FCA54B0000-0x000001FCA54BA000-memory.dmp

memory/3428-169-0x000001FCA5530000-0x000001FCA556C000-memory.dmp

memory/844-170-0x0000000000400000-0x0000000000439000-memory.dmp

memory/3428-172-0x00007FFCEA220000-0x00007FFCEA247000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3e97760ed8cec786ab7dbb0784de7182
SHA1 119526dbf6fe73fb0a065e854720795ea9f44782
SHA256 7f62717307539b34d22d090e854f852d65019139e15bc8ecdee80ebe893db6e5
SHA512 a2181701134a72a18fee5f5d8a1c3d73cfc1a8dec2d2b0e965083a88a9271013bc56a026ccd3df318c99e480057d60ec30e134319443c850ac93ca561acc9700

memory/5884-184-0x000001E2174B0000-0x000001E2174B1000-memory.dmp

memory/5884-186-0x000001E2174B0000-0x000001E2174B1000-memory.dmp

memory/5884-185-0x000001E2174B0000-0x000001E2174B1000-memory.dmp

memory/5884-196-0x000001E2174B0000-0x000001E2174B1000-memory.dmp

memory/5884-195-0x000001E2174B0000-0x000001E2174B1000-memory.dmp

memory/5884-194-0x000001E2174B0000-0x000001E2174B1000-memory.dmp

memory/5884-193-0x000001E2174B0000-0x000001E2174B1000-memory.dmp

memory/5884-192-0x000001E2174B0000-0x000001E2174B1000-memory.dmp

memory/5884-191-0x000001E2174B0000-0x000001E2174B1000-memory.dmp

memory/5884-190-0x000001E2174B0000-0x000001E2174B1000-memory.dmp

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vshost.lnk

MD5 29a978468ca21adf7a2306fed4c085d1
SHA1 192d0a23292eeae8e9c625d0cde7197887cf795a
SHA256 566bde2411a128b5ef5983e576fc297508df8bf41d1bb2a301a23723e6f77b0c
SHA512 fdcacb5d123f1df6655e96b76a49b16fe69e54933960bf545dc8555fbf4f063a01663067d754c8413e25359c191a60960286f0d3f88fdea2c85fc795e76c3380

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\winst.lnk

MD5 f15b62419c49bc86c3a212f0da79ed5b
SHA1 b741cbd7b269e522b168f5f72827a3f7c846d673
SHA256 63dfded92188ffc7e1fd4d322bd5e3faf1490efd25279068eacd045fdae8dd49
SHA512 e81826d97963cb330fad283a7ca707da3e824178b151a5cc86d1ba7a8a28359bbd97a1adbbd2ce91c7d86be08f9a9534d6fe92db5f44669a93b5ca04676c1442

C:\ProgramData\SearchFilterHost\SearchFilterHost.exe

MD5 622aed98f14dc668ff4f7bbe9abd320f
SHA1 c07b1c7b7cbf4b65d5b7d4717cbb6405087857a3
SHA256 46d8c13876da79dc93cac213a93fbc04a6e3ebddbc23cc003acebd7941d5f1ae
SHA512 f24148f0cab6c97b00a84e047d61690558b599aa3fa26895082f49ab485ec5b9e837899908ca631fc258c4f8d4c29765a5b4e05066965239935fb2e28f4dca92

memory/6092-201-0x0000000000840000-0x000000000088E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5d9f7ee7f1b14b33f701aee78be88587
SHA1 32ebe01de75d9ed6eac7004f275693e63cff8be2
SHA256 090ad40799be1f088609865da2687da2bfde0a8dc81df2f1cc972ba8ecfbeee7
SHA512 e550d1b8f2747baaa80257c60d2abb558dceade2f038ac481175077f747247a0aeec66eb97386299d7839490f43eefc0b7abf724e6412792ebc4b7195c7b439f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 a422bbf3031c8793f3a23598c9d56a7e
SHA1 af490ab6d9948a3b6419e0f3a3ce44fb3895f4a3
SHA256 462bd1d5068f0dba6c8700e6badb18ded39cebb389c79e863727b69fd440fd40
SHA512 d9d3451814cd4dd167a320febc89f02a6da4d39336dbbea1cd23cce063c49b769561ad28c71f172add4547b093f4d4ea03d62f6b9db4e14ff8987e3bd839a234

C:\Windows\System32\h920ln.exe

MD5 f6d8913637f1d5d2dc846de70ce02dc5
SHA1 5fc9c6ab334db1f875fbc59a03f5506c478c6c3e
SHA256 4e72ca1baee2c7c0f50a42614d101159a9c653a8d6f7498f7bf9d7026c24c187
SHA512 21217a0a0eca58fc6058101aa69cf30d5dbe419c21fa7a160f44d8ebbcf5f4011203542c8f400a9bb8ee3826706417f2939c402f605817df597b7ff812b43036

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a34b581f4e1ec6a779ec10cd070ffaeb
SHA1 ad76418a9cf216738ba17a20a8b1e04b8071a02c
SHA256 18f3af67173f3444e5ba493aab40ba2f6d19b13cc0ecfc97d17f231ef3dcc447
SHA512 3579e82106cd31615d14abd617851faf14e845d489ac93c33f99e902f05dd2f352508ca9b4a696e495d232fe39340d67ec49aaeeb45dd9ae1dc0da24751d7405

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 72f7d23da7b0a10a80f39c4811864c4a
SHA1 5d29cf0110b53ddb8ce8ca3ea74086615029ba53
SHA256 7866f89b5d02bea54da585fc9675e9d1aad11175e2fa01c83c347d5dc3712e18
SHA512 4d5b96848f3ac58a24282df0640abbabae4cdcfe466d6de2bef5e0dd9ff00b7a64d9f1bf1b9209c155aac3396456bf1d7326e00fa4b7773e0a995f604063b0c4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cb2da287fd2d1cac98993bc19cf838af
SHA1 58c8bbedc6d86803f07750b44d6be888787d1006
SHA256 c085595fa82a0513c73ef9d976d091026f8cc55b731285f19dc7bc530f4e28da
SHA512 1185ada6c5cd2837b404eb4d6c48637753c83440c181c9cddf44354bf5ab47e2e153de42cc75b53e83d6847e8483e86122401571a1d390863c9ddc32bb080155

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6209fd5aecaef99817c38c1780a31095
SHA1 ec893887494a7604eaa2ce20e0dac789286ea290
SHA256 61d185288705a6bbc6b61cb234dd260ce4561d599240384b1a5c5c3c1b210a2f
SHA512 26dbc5f88d9ac13881eee1aebd461fa98a28e1ece15e19e65b561554b8758f1a1cf86729dc9bb2e2dde3b2fd708b9544d13cf00720e63735e1a880654c334f2b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b78b9a3236222d4d5cf4ed80a764e047
SHA1 0a7c5f947bf595da8e49c2755fc20a316b9a90cf
SHA256 c8c82b10d1ea5692670498b263e9265bbd0a534e2443ef5d251ba716d2b5801a
SHA512 b77f9c86515b3505f211e46800eedec4b474deac7fedc522d326f8510b08d120492a7af2db847262edad7c610cc0737d5087e17061cd0b7a9afd5ccb47d435a0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 32127fe92fe172e14191506611ddb43a
SHA1 436f3aba383b89b5f4655b703af083200ce71365
SHA256 37908305c696286ec9e018d027984398cbefd85c726a5192ac56088cd325e469
SHA512 6b4b88b565f387a7bcf2ab2e24f6a432a8484fafaa7622d89eccbcfbdbb553594c81249f3aac301e0c24fc21f9215039261390958393decf1d9f08f0cf8e3cc5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 6ed37138170ede1e23022e7ab0d4efbd
SHA1 c39de50d1a3543dbd98cc523c2ecce644d84ae8e
SHA256 cc8b92fa454c44a50eaa29c580d47323397498197fe0850ac9741ed2461d4118
SHA512 8cb9aae8573c89885defe2650d25626eacd77ffebf7c98804b6d2b353ca4bb182b77bb73b156e2ac63159ec1a85d398e509de516f7a5b686e77f8e2ac0af5ac3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5417f38deece91ce951cee9d4c5af8f0
SHA1 a899f2a9fb6524ff5b9522ff9bb567ea4016bf16
SHA256 5409f1448b4ebb3c90c70f62835264bfb84d5f13d137530c319ab9d2d7a48e74
SHA512 b58553b01b540dd31fbbe48733bbbe8b819c5c95f69897ffeaa06a8183562e32043c44ee4857045bc3769b3112edcf9db41b115f0de9614474812e1d08d26876

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a1bd7ff177120f033c74709c695e2b2c
SHA1 cc599f9d820a444e3a0bbbcf0ff64d3d05059e24
SHA256 1e4ad1a959d2c2c9e329831d93a523ea33e8ad7e1e7ece0d3ac1e9f4248c40ab
SHA512 911341d64ef327b40d7426a7a4948228a17cc4f2ce544cede8db6d2e0f801b0a8ab0e7556b7e38949768022e9dae3edaaf7986d7fe98785bbedb0eab5d1940e4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8aa32a4c2ccfe32e0b65e1bd4e04cd40
SHA1 00ebebac077615e96c25e818c57297c5034dace6
SHA256 e6639230bc60c1069fd7f6365b22bd3c2700ead14689456cdc342b5294e32829
SHA512 ec872da931de7bbcf530e156034084f106cf06f55affdd4cdda271de923b2ea93efbca0b18c4559556077369beb2bb1ad4abb56eda36436ba457bd8340e3c958

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5f3dd32188dc1360c542aebfeb3428b4
SHA1 4cf1e064a5e844aa1b7a94a222ed4f8bd559954a
SHA256 6fcee4cade35b3c280e2cef191d45908fab1ebba514bf0d5d173308259fb48bd
SHA512 1995574d7edc7db03aaed87d19d0d56f535b9dec6567d67d94ee712cd1b0e9a5240cf90515111143c96af13a0c7e9368c77f068266b774d62863a9c9a0e5b43c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d54a9baee802ddbf5204ac15ef435358
SHA1 4d44770da78ee727ddcee4a5ddf9d984b49cd5f1
SHA256 12ae4f2d59f95a990056e2c1a6b4d654c2bc4635f007b1912c29fe5e8fce17c4
SHA512 cdc5b90a0efe7b1ad681147ba0e941508812d93f859d16c579be5c4ea77a275c2f637730e5ea35caa88c6fc4939392d9c4fb929254a2620d798a530eaa5d4479

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 e68cf3b06da4f5d1666f7836430785a0
SHA1 8420eaf71f1e321340b3fa0cd67c95e28de79f27
SHA256 6a6823c96e5ea4104ef66d1f77d36b3f6745b571b6d2e088ce68fe7aa5c3e6e5
SHA512 99baa0d7d5f9f862f20954d7565901b1ebf540e2622928122eed53b3012f6679f6c865e07a10a8160e3996d2a13b542cf1f20a51177326d18f79bf4dfa58357d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b6d527dfbb352df8d2a7599ebe776698
SHA1 88299ceeaf2c7b4d3536cc53f374c15da9efe4a6
SHA256 3ba8050eb39c824f1a22b477fb62d70c4f911af161ad4e3447c29fadaa414fb6
SHA512 a54ec8c2fe4ab0029cc9510687f0fea9b71bf14ceb661bd51cda87eabce4e67bf103c57658feeb69f6300404fa224d25ee9adee21dff58f77225059aa11946ac

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4e1d76e953b36b64781dac893a9c55f9
SHA1 63916ce95b63d396fb1bc102e858ac359c160afb
SHA256 dcfc4b8818b70ca40b97d6918d47160c70f33d716a1034bfd5d57297270f30fe
SHA512 7767d6b4c2e08bcab28133bf3932d4d25aa8173778dd2188067c72b97e6ea9ef20bbd2b250fe8dae915497181d2d835ec93dd5e6c6f9b09d44f1d6c75641c557

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 ca25fa6afc6b226e65805842e6d9534f
SHA1 e2abe708bdd327a79f39194e1e4963dbcc69b502
SHA256 b7eb9ea810855a23b716e832ba0d88de1baae6614171d9e1c396d3046b1983c5
SHA512 d1039e712375ffe696e2036a95b54baa618fc952accfb131c819af0e965ca14228b7d70ada978ed0852f36ee24af6bd1ccbc938baa10e47ee98fffd0d2516014