Malware Analysis Report

2024-12-07 16:33

Sample ID 241113-3ys2hsvmgn
Target lol.exe
SHA256 8d98280392f4d9b7a9913c910aa03249d97bda9941613712b88bed6f09fb230d
Tags
defense_evasion discovery persistence
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

8d98280392f4d9b7a9913c910aa03249d97bda9941613712b88bed6f09fb230d

Threat Level: Likely malicious

The file lol.exe was found to be: Likely malicious.

Malicious Activity Summary

defense_evasion discovery persistence

Downloads MZ/PE file

Executes dropped EXE

Adds Run key to start application

Subvert Trust Controls: Mark-of-the-Web Bypass

Drops file in Windows directory

Browser Information Discovery

Unsigned PE

Modifies data under HKEY_USERS

Enumerates system info in registry

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

NTFS ADS

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-13 23:55

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-13 23:55

Reported

2024-11-13 23:58

Platform

win11-20241007-en

Max time kernel

149s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\lol.exe"

Signatures

Downloads MZ/PE file

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\lol.exe N/A
N/A N/A C:\Users\Admin\Downloads\lol.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\AppData\Local\Temp\lol.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\Downloads\lol.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\Downloads\lol.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\lol.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133760157799328136" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 545822.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\lol.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2516 wrote to memory of 4064 N/A C:\Users\Admin\AppData\Local\Temp\lol.exe C:\Windows\SYSTEM32\cmd.exe
PID 2516 wrote to memory of 4064 N/A C:\Users\Admin\AppData\Local\Temp\lol.exe C:\Windows\SYSTEM32\cmd.exe
PID 5008 wrote to memory of 2572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 2572 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 2492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 2492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 2492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 2492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 2492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 2492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 2492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 2492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 2492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 2492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 2492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 2492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 2492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 2492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 2492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 2492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 2492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 2492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 2492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 2492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 2492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 2492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 2492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 2492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 2492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 2492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 2492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 2492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 2492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 2492 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 2252 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 2252 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5008 wrote to memory of 3556 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\lol.exe

"C:\Users\Admin\AppData\Local\Temp\lol.exe"

C:\Windows\SYSTEM32\cmd.exe

cmd /c "lol.bat"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffda6cacc40,0x7ffda6cacc4c,0x7ffda6cacc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1824,i,16795181594842017253,6334526368440803099,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1816 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2120,i,16795181594842017253,6334526368440803099,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2124 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2216,i,16795181594842017253,6334526368440803099,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2192 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,16795181594842017253,6334526368440803099,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3272 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,16795181594842017253,6334526368440803099,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3316 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4412,i,16795181594842017253,6334526368440803099,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4472 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4776,i,16795181594842017253,6334526368440803099,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4832 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2968,i,16795181594842017253,6334526368440803099,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4764 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffda7113cb8,0x7ffda7113cc8,0x7ffda7113cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,3324220528413652020,905753752753527267,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1960 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1872,3324220528413652020,905753752753527267,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1872,3324220528413652020,905753752753527267,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,3324220528413652020,905753752753527267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,3324220528413652020,905753752753527267,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,3324220528413652020,905753752753527267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,3324220528413652020,905753752753527267,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1872,3324220528413652020,905753752753527267,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1872,3324220528413652020,905753752753527267,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5600 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,3324220528413652020,905753752753527267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,3324220528413652020,905753752753527267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,3324220528413652020,905753752753527267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,3324220528413652020,905753752753527267,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,3324220528413652020,905753752753527267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,3324220528413652020,905753752753527267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,3324220528413652020,905753752753527267,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,3324220528413652020,905753752753527267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,3324220528413652020,905753752753527267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1872,3324220528413652020,905753752753527267,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5072 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1872,3324220528413652020,905753752753527267,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6840 /prefetch:8

C:\Users\Admin\Downloads\lol.exe

"C:\Users\Admin\Downloads\lol.exe"

C:\Windows\SYSTEM32\cmd.exe

cmd /c "lol.bat"

C:\Users\Admin\Downloads\lol.exe

"C:\Users\Admin\Downloads\lol.exe"

C:\Windows\SYSTEM32\cmd.exe

cmd /c "lol.bat"

Network

Country Destination Domain Proto
GB 216.58.201.100:443 www.google.com tcp
US 8.8.8.8:53 42.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 100.201.58.216.in-addr.arpa udp
GB 216.58.201.100:443 www.google.com udp
GB 216.58.204.78:443 clients2.google.com tcp
N/A 224.0.0.251:5353 udp
GB 88.221.135.42:443 www.bing.com tcp
GB 88.221.135.42:443 www.bing.com tcp
US 104.18.111.161:80 tinyurl.com tcp
US 104.18.111.161:80 tinyurl.com tcp
US 104.17.151.117:443 static.mediafire.com tcp
US 104.21.42.32:443 privacy.gatekeeperconsent.com tcp
US 104.22.74.216:443 btloader.com tcp
US 8.8.8.8:53 cdn.amplitude.com udp
US 8.8.8.8:53 cdn.otnolatrnup.com udp
US 104.21.63.106:443 www.ezojs.com tcp
US 172.67.199.186:443 privacy.gatekeeperconsent.com tcp
GB 216.58.212.238:443 translate.google.com tcp
FR 18.244.28.11:443 cdn.amplitude.com tcp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 104.18.159.164:443 otnolatrnup.com tcp
US 104.26.3.173:443 www.mediafiredls.com tcp
US 104.26.3.70:443 ad-delivery.net tcp
US 104.26.3.70:443 ad-delivery.net tcp
FR 13.37.187.223:443 g.ezoic.net tcp
US 8.8.8.8:53 73.80.16.104.in-addr.arpa udp
US 8.8.8.8:53 11.28.244.18.in-addr.arpa udp
US 8.8.8.8:53 164.159.18.104.in-addr.arpa udp
US 8.8.8.8:53 14.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 173.3.26.104.in-addr.arpa udp
US 8.8.8.8:53 70.3.26.104.in-addr.arpa udp
US 8.8.8.8:53 102.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 50.201.222.52.in-addr.arpa udp
US 172.67.142.121:443 go.ezodn.com tcp
US 172.67.142.121:443 go.ezodn.com tcp
US 172.67.142.121:443 go.ezodn.com tcp
US 172.67.142.121:443 go.ezodn.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 130.211.23.194:443 api.btloader.com tcp
GB 216.58.212.234:443 translate-pa.googleapis.com tcp
US 100.20.102.35:443 api.amplitude.com tcp
GB 216.58.212.194:443 securepubads.g.doubleclick.net tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
FR 18.155.129.21:443 tags.crwdcntrl.net tcp
GB 173.194.76.154:443 stats.g.doubleclick.net tcp
GB 142.250.200.3:443 www.google.co.uk tcp
GB 142.250.178.2:443 googleads.g.doubleclick.net tcp
US 104.21.87.79:443 go.ezodn.com tcp
IE 52.48.130.160:443 bcp.crwdcntrl.net tcp
IE 52.48.168.123:443 bcp.crwdcntrl.net tcp
FR 3.164.163.90:80 crt.rootg2.amazontrust.com tcp
FR 3.164.163.90:80 crt.rootg2.amazontrust.com tcp
FR 3.164.163.90:80 crt.rootg2.amazontrust.com tcp
US 205.196.123.162:443 download1474.mediafire.com tcp
US 205.196.123.162:443 download1474.mediafire.com tcp
GB 216.58.212.194:443 securepubads.g.doubleclick.net udp
US 205.196.123.162:443 download1474.mediafire.com tcp
US 8.8.8.8:53 90.163.164.3.in-addr.arpa udp
US 8.8.8.8:53 162.123.196.205.in-addr.arpa udp
US 104.18.159.164:80 otnolatrnup.com tcp
US 104.18.159.164:80 otnolatrnup.com tcp
GB 216.58.212.238:443 fundingchoicesmessages.google.com udp
FR 18.155.129.5:443 woreppercomming.com tcp
FR 18.155.129.5:443 woreppercomming.com tcp
US 104.21.79.34:443 www.chancial.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
GB 216.58.212.234:443 translate-pa.googleapis.com udp
US 216.239.32.36:443 region1.google-analytics.com udp
GB 216.58.212.234:443 translate-pa.googleapis.com udp

Files

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\lol.bat

MD5 bcd18d9e2fb68c343b933838dcbbfb88
SHA1 93dfff2500fac124d03eca481e2ee7e018d32e22
SHA256 fa46e3d1a8c2c3dd5b8b4ca0e0b08ce15fa9ac29a014741d41d5b9a496fa6834
SHA512 fc365961b9d61ee783545da6684676533b5f4ccbb743fea91b379a6c52353a57cf388bdbfb72074dd824295fbb84af69dc069baa6b1837c1f090f2d318bf57e5

\??\pipe\crashpad_5008_NDYAQZGLGMWRXUMH

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 270a663788d4e237989821877ffae263
SHA1 2695f7787d23d60f4e0a3f2fbd0ecdf398ce985d
SHA256 6f4af91ce15c7f866717d409d122a9812e1bc8edbb51afe4934ec5418fa6609a
SHA512 18316e7ce18103254998fc0f6a942346665b316f30c8e7fe98fe3fdc54487dc65cf0bfffcf657c5c38432e2425207fa7c58af8d96b4c739bbd8ad25002052769

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1b1aa2e8240502901ad1eaf8420cbbb1
SHA1 13f9fc9c9ee207f1c0ef9f08db83df298b6b0b83
SHA256 e3b52cfcb057d1b57c87963df28707ef9b9bbfb89f5abcaf7f95a652cb3cd4eb
SHA512 ee9240558a63ab8f3b9b1e1f54dd26b5f6f8b0a21df9ae2d6eeb307e666f6e61b25b1ea10a8d23bfce026fb10c17dbfb92d354a376a019dbbccb1dbcef540e36

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 472fa87216d675ef9b7c5b54184049b4
SHA1 6f79dbaf083db4dc4c041e62c9412e69fee5cfd1
SHA256 b01fe1b6e2ddd9aed51a2dd8ca1d037c5500aaf53f8b5364aeb4591369e1e544
SHA512 ea9ca5e527810c91aebae3155624fd7c6480715da0be51d2a7b4546d9c7f1deefe5ca129f4307c7108108efb69fb9ec6fdb6a320eb0e9b357c78cebf56a38dde

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 28bde0e9d378785d51726adab0db6e36
SHA1 b77dfc2c4019d647204597025c53d9d8e9cbc4f0
SHA256 efac8d201aabf6ca682571507ac62b4c9b11b68d4ff8f7702e6ba3542ac604cd
SHA512 18d4d89c503589e6884f96717a16c18d2b0e8d8c8c3890e35328895c02d5b30ab50fa34d1e09d0d78454c3dcac0b137cec178ad45091c0c5e0a2ea21d6230d55

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 2d2db1d025ab9b2340f9c74a89839a37
SHA1 8f9f0fd6b93bc49b9d807f817b2b13468edad2ab
SHA256 f0e9e6999e8dd27c55f68c1b8e2eef69452025806a738f72a23676aafdd9a54e
SHA512 9fc8869a709698fc5b7579fde6a4f4900f011c294bb2cf2996eb4031416df21c0d9674d2766cae30f5515ff6eca893ad1e4cf093a9e8e2d7bab82f8610eb6c19

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 1fc959921446fa3ab5813f75ca4d0235
SHA1 0aeef3ba7ba2aa1f725fca09432d384b06995e2a
SHA256 1b1e89d3b2f3da84cc8494d07cf0babc472c426ccb1c4ae13398243360c9d02c
SHA512 899d1e1b0feece25ac97527daddcaaeb069cb428532477849eba43a627502c590261f2c26fef31e4e20efd3d7eb0815336a784c4d2888e05afcf5477af872b06

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e9a2c784e6d797d91d4b8612e14d51bd
SHA1 25e2b07c396ee82e4404af09424f747fc05f04c2
SHA256 18ddbb93c981d8006071f9d26924ce3357cad212cbb65f48812d4a474c197ce6
SHA512 fc35688ae3cd448ed6b2069d39ce1219612c54f5bb0dd7b707c9e6f39450fe9fb1338cf5bd0b82a45207fac2fbab1e0eae77e5c9e6488371390eab45f76a5df1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4fa0008adb6c59146a87ce1b794f8cfb
SHA1 d5ff24ae0dc00b1cc87b7bbe586e82675a67f33a
SHA256 115a63aeafed12970ca75f9087b1f757e7a66b43f896becbb0b53135cdb726da
SHA512 f88aad8eee739859cb8508b640ca6efd5f79cf72663409236aff1c6de2cdc8e878699c1b465d9d5ba0a9e4c2cb9681559073dd507070f2014a40b5f06433a503

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 63448744c7b668f538bd854052416ce4
SHA1 1f48bbd69da3ad0d42592e68444f07503630de81
SHA256 9d4d78b6ce38e29b6b3f95ae9a701eb4aae4eac410b075e99e3ad30b45aeaf14
SHA512 bb322c8dd865aa5b41f0c0cf4270c7d33f195faf5609026da7b8fcbdad009be33e44cb9c7bd629fdd41d13ecb7b7b92cf7e1cd7316945e618f9280c74931c4f2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ae8120210b446bc2fe1980904a7a31a9
SHA1 395abf36ab9734d9cc31eee1db9497c796cbfe39
SHA256 a211e845d6cd4e561de7500e9a61079972c6a2cd5364a3b24c6bdeedc12f6a23
SHA512 29d4927b60287f21cdfa970aa14a7f0aa55dbc2b2e20122f28646210a8dc93dc095e6a1600dae5af44624ac6e0427c5dcbffa677eb0812e1b8d92905900488ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 710c9168ded54b34c6cbfb92359ce75b
SHA1 1981db176694bd006c46c075486df411b4eb47d3
SHA256 067d5d8ce37930e1962f6a8f3e411f26de9782e28a2900c2567f818eaf357681
SHA512 c93e3206202be3078c479e6e06b42a0d5d85da8f9338b9f88cdaf3789976777f202579d85af99689ccd14eec892a46a787a98ac208cfa10f1894ff5716ed3746

C:\Users\Admin\Downloads\lol.exe

MD5 a0c0b4121c28c1878d9f92d15f187753
SHA1 ab4be2c5be5040f62b08b9af72191f7c9286bd4d
SHA256 8d98280392f4d9b7a9913c910aa03249d97bda9941613712b88bed6f09fb230d
SHA512 a86eb8211f4aff97bb2ecc68eb4a8590a5736c06574ff1bc3944c713f8d3a0703d6c84237131344cc0a0748eac5f7eb6426eee5de9e1481b6935326b52e418ec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 634bcd30a9a3c598c7be2dc4c33e322a
SHA1 da309e3e98caf2d5adf7b95348a9baf29d61b219
SHA256 b68d0fa79fc4a44c01333407f718fa0ba750f1e860217a17e8fdcd3c1acf8270
SHA512 b4b0c2870717cd28ae06dc5999985893e8180b7ea22dc4b6844555a26116f7218cb28df3ed7106659af254c29e686424f3f5d8c41472e81d08b9d9e3da3d1356

C:\Users\Admin\Downloads\lol.exe:Zone.Identifier

MD5 7201a8281b5864ab563aff958b2549e6
SHA1 718ed9faef1ee9a0b3529a626dd90e2c2ab4f8a3
SHA256 e58cb7d23ee02b73ba111eaf5368b2e756e20868cfae20710a5b14dd472f1cb1
SHA512 392863c96a969ea2e5541825e7d045e32508109744021e384243b908a758934a3701df71223cf5e763e908494d96d68a48bce104f890969281047c6117bc1e2d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 cc223aed76eb89a819c3f65e0b9f7b5b
SHA1 ef552720a9c8284196f0291bf000b625bb3565b1
SHA256 bfa2a9ac8d04c414fa4360db1289ad453af8c206a8678f0e9c0639b27441edc1
SHA512 321a3f9469469c4a9bab683f38935b471a9698b3790949d9e55552425dd0995a384208a35b5e5e43757177e975e5fbbc0e6e53f4ca23d7253def8877e82a8482

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\fdf21604-5060-48c1-94ab-9abc2ca3be74.tmp

MD5 08b0294b1dbfd6f8d38e9dccdec57e0e
SHA1 fb340bb22223b66ae9e75b0ffceaadd11f21f0fc
SHA256 5412cea7ff1883e94425e54b884c8e802ed5621a2d0b5625816fedf7fecc384d
SHA512 0dc3a4251935e2594d687d808b2ad7fb4c363fd87596b2a9b8635b88b32d88062916211b5911cca14bc118f595c2fd45ce0354962e90bf0ea78a327723d14594

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 851c7f5c9e5e9be5ef96c91493f675f2
SHA1 3f94cf769d092a0c419336a5e78a815445a5d273
SHA256 5f9c90bc5456304bc4fb5cdcd21670fd399826116a5c81badb2d7ed1002db225
SHA512 91cb06926e306820d1eeed66edc6095dfb0d6b723b81027758339f66c3a1582aea3635baf6fe1e48a21d3f8660c3757b44d57a9965feebbe0b5891aa449239a1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 f0ac9113871e81744f5460b5d8255495
SHA1 abe118c2fea9757fe254a3b51f80809c2467e9ef
SHA256 890a8c7f121f4b032938e47d869b137ff25815f42d84c2e766b1f4e549b2f57c
SHA512 881a2cec956769ae0d0d5a6eb6bf8f19d61eff8aaeaede807033a1cdafee0793931aab3bc760765d5df0453a1de6cd2c3ef877feaca89fe977b6f247a8d2414e