Malware Analysis Report

2024-12-07 16:40

Sample ID 241114-avqg1a1mdx
Target https://mega.nz/file/EfEUhK6J#49yZUq8NgIt0vE1s9we6Jnd0yMzwj2dk-eN6ufV0Rkc
Tags
defense_evasion discovery
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://mega.nz/file/EfEUhK6J#49yZUq8NgIt0vE1s9we6Jnd0yMzwj2dk-eN6ufV0Rkc was found to be: Likely malicious.

Malicious Activity Summary

defense_evasion discovery

Downloads MZ/PE file

Executes dropped EXE

Drops file in Windows directory

Subvert Trust Controls: Mark-of-the-Web Bypass

Browser Information Discovery

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Modifies data under HKEY_USERS

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

NTFS ADS

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-14 00:32

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-14 00:32

Reported

2024-11-14 00:38

Platform

win11-20241007-en

Max time kernel

321s

Max time network

320s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://mega.nz/file/EfEUhK6J#49yZUq8NgIt0vE1s9we6Jnd0yMzwj2dk-eN6ufV0Rkc

Signatures

Downloads MZ/PE file

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
N/A N/A C:\Users\Admin\Downloads\winrar-x64-701.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\winrar-x64-701.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133760179632063450" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix C:\Windows\system32\BackgroundTransferHost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\system32\BackgroundTransferHost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\system32\BackgroundTransferHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\MuiCache C:\Windows\system32\BackgroundTransferHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\ExitLag.zip:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened for modification C:\Users\Admin\Downloads\winrar-x64-701.exe:Zone.Identifier C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3024 wrote to memory of 1404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3024 wrote to memory of 1404 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3024 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3024 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3024 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3024 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3024 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3024 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3024 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3024 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3024 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3024 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3024 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3024 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3024 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3024 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3024 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3024 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3024 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3024 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3024 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3024 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3024 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3024 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3024 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3024 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3024 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3024 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3024 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3024 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3024 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3024 wrote to memory of 1496 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3024 wrote to memory of 2280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3024 wrote to memory of 2280 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3024 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3024 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3024 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3024 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3024 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3024 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3024 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3024 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3024 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3024 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3024 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3024 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3024 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3024 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3024 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3024 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3024 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3024 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3024 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3024 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3024 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3024 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3024 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3024 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3024 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3024 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3024 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3024 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3024 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3024 wrote to memory of 1272 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://mega.nz/file/EfEUhK6J#49yZUq8NgIt0vE1s9we6Jnd0yMzwj2dk-eN6ufV0Rkc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb03bcc40,0x7ffdb03bcc4c,0x7ffdb03bcc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1792,i,6894687800125778428,1099760939847679811,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1788 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2012,i,6894687800125778428,1099760939847679811,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2076 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1196,i,6894687800125778428,1099760939847679811,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2368 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,6894687800125778428,1099760939847679811,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3096 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3092,i,6894687800125778428,1099760939847679811,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3132 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4568,i,6894687800125778428,1099760939847679811,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4416 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004E8 0x00000000000004EC

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4340,i,6894687800125778428,1099760939847679811,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4756 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5088,i,6894687800125778428,1099760939847679811,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4764 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\system32\BackgroundTransferHost.exe

"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5304,i,6894687800125778428,1099760939847679811,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4352 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5548,i,6894687800125778428,1099760939847679811,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5560 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5392,i,6894687800125778428,1099760939847679811,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5684 /prefetch:1

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5524,i,6894687800125778428,1099760939847679811,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5928 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=2676,i,6894687800125778428,1099760939847679811,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5888 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5636,i,6894687800125778428,1099760939847679811,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5640 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5612,i,6894687800125778428,1099760939847679811,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5736 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5884,i,6894687800125778428,1099760939847679811,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4964 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5660,i,6894687800125778428,1099760939847679811,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6080 /prefetch:8

C:\Users\Admin\Downloads\winrar-x64-701.exe

"C:\Users\Admin\Downloads\winrar-x64-701.exe"

C:\Windows\system32\werfault.exe

werfault.exe /h /shared Global\b7a41f8ace1846a5a0126989a0f1579e /t 3500 /p 4052

C:\Users\Admin\Downloads\winrar-x64-701.exe

"C:\Users\Admin\Downloads\winrar-x64-701.exe"

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc

Network

Country Destination Domain Proto
US 8.8.8.8:53 mega.nz udp
LU 31.216.144.5:443 mega.nz tcp
LU 31.216.144.5:443 mega.nz tcp
US 8.8.8.8:53 5.144.216.31.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
LU 31.216.144.5:443 mega.nz tcp
NL 66.203.127.13:443 eu.static.mega.co.nz tcp
NL 66.203.127.13:443 eu.static.mega.co.nz tcp
LU 66.203.125.16:443 g.api.mega.co.nz tcp
LU 66.203.125.16:443 g.api.mega.co.nz tcp
NL 66.203.127.13:443 eu.static.mega.co.nz tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
N/A 224.0.0.251:5353 udp
LU 89.44.168.99:443 gfs270n383.userstorage.mega.co.nz tcp
LU 89.44.168.99:443 gfs270n383.userstorage.mega.co.nz tcp
LU 89.44.168.99:443 gfs270n383.userstorage.mega.co.nz tcp
LU 89.44.168.99:443 gfs270n383.userstorage.mega.co.nz tcp
LU 89.44.168.99:443 gfs270n383.userstorage.mega.co.nz tcp
LU 89.44.168.99:443 gfs270n383.userstorage.mega.co.nz tcp
GB 2.18.66.48:443 tcp
US 95.100.195.142:443 www.bing.com tcp
US 95.100.195.142:443 www.bing.com tcp
US 95.100.195.142:443 www.bing.com tcp
US 95.100.195.142:443 www.bing.com tcp
US 95.100.195.142:443 www.bing.com tcp
US 95.100.195.142:443 www.bing.com tcp
US 20.189.173.15:443 browser.pipe.aria.microsoft.com tcp
US 95.100.195.183:443 www.bing.com tcp
GB 216.58.201.100:443 www.google.com tcp
GB 216.58.201.100:443 www.google.com udp
DE 172.217.18.99:443 beacons.gcp.gvt2.com tcp
DE 51.195.68.163:443 win-rar.com tcp
DE 51.195.68.163:443 win-rar.com tcp
DE 51.195.68.163:443 win-rar.com tcp
DE 51.195.68.163:443 win-rar.com tcp
DE 172.217.18.99:443 beacons.gcp.gvt2.com udp
DE 51.195.68.163:443 win-rar.com tcp
GB 23.218.72.229:443 cxcs.microsoft.net tcp
GB 92.123.128.194:443 www.bing.com tcp
GB 2.18.66.48:443 tcp
US 13.107.253.64:443 fb-unicast.msedge.net tcp
US 150.171.85.254:443 p-ring.msedge.net tcp
NL 20.107.96.130:443 373e2eb1b6898dd26f97eaf20343b85d.azr.footprintdns.com tcp
US 95.100.195.142:443 www.bing.com tcp
US 95.100.195.142:443 www.bing.com tcp

Files

\??\pipe\crashpad_3024_CXNMKVDWONIAKGDD

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\p\Paths\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000027

MD5 950eca48e414acbe2c3b5d046dcb8521
SHA1 1731f264e979f18cdf08c405c7b7d32789a6fb59
SHA256 c0bbe530abfce19e06697bc4358eb426e076ccdb9113e22df4a6f32085da67a2
SHA512 27e55525ade4d099a6881011f6e2e0d5d3a9ca7181f4f014dc231d40b3b1907d0d437b0c44d336c25dd7b73209cd773b8563675ac260c43c7752e2d2d694d4d9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 3c4ae3a82e77a86b3f35c5022a947323
SHA1 872a2ddd254e78138e596113056255f1bc36fff0
SHA256 3d2103c1897ab8c1655979952499ef04fc081e4f486b1c9fc8b9890ddfa04e69
SHA512 0b4318bca86e04acdd610de88e1582b7287024e27af987a165bea3fa9a8534a6eb1afe35710f1569320af48ed27ca39fa03183fd093cc5708387e56081f216a1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 67c063b5e9691f8d7521bb189893765e
SHA1 96b6cc58af482c51519c6363fe87e69cd7777c95
SHA256 9e91cde4072be9ec24f93b54113fca8c538910906f6f6ccd61060be579197987
SHA512 d7ac794062935d96c17d4098fd511d67d36df0a80e42d8b9f8572ea15c28ff54e361b0f08cf28e8faf57a3968f427e1afd4e7ebe5da992dafbf48f79d29db79b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a1c2ae2a4e5595b265e2c5195e36b37c
SHA1 421ab407193a4e77ca35ba19287d8fcb13cacab3
SHA256 aa0776673ab2aea3966afc8eccc6b3e3e5c33d396f39c9a1753addddf6204210
SHA512 261058dab35216b1fded38770cce12c738b3077712a1e2496a806984d8b487a3216df5d2f93c443400da3067a8b4d4a056c76e7bae8c95b2a580ab3ba8f74619

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9f916411c203fbe6a5b8a0c76e870238
SHA1 a6499969860789db84a49b9b5925d9d7c8921c54
SHA256 c5c7a74cd6e61684a66ef8317bafe09bc3c978d0e9597df962770b4838a663a9
SHA512 48ff2013e4e29349c731a3d434110d5beba6abee154f27344b948477bd02fdb3d85fbbac22bf2a97ba1b84ff9f11d43fd5aa87c998d646b4cf04c28b8da6d302

C:\Users\Admin\Downloads\ExitLag.zip:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 531694757aeffda577cfb83595a7d215
SHA1 d50dd51692d764510770c6e977a31f8492c8011e
SHA256 2d9e1c3fb876fc3cfac030436113d3c763d55837d71442f140a2dde89f591985
SHA512 30eb35fc1f711e638f4b5348bc7b12d8c2e4cd338914c6b657c7245890e1e609539c46daa342bfbfd3425da3092ac81fa3cbb29fa13c9c88e47d246d66bcbcf9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 52c58198bf67f2713d58b1fd5d9182f6
SHA1 6110d54479641b9ac32012806ea78226b9eaefdc
SHA256 e4804ffa2ec25a03a485fc7b8d58312306bafc9ef5fc38d4d6344555d29c7867
SHA512 368059ad0fb375713dc320136e6b1ac152be3f3b827c04c97ed35b52567ce3d482629d462a01b7168dbb5abc3dda52c2ae690a3271c09e7466e492f2b56ab7df

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 98f6f55a4658a3b1711d92e88d10dda9
SHA1 2cac49209d4369c7a7471e42be3739199caeb5b4
SHA256 2052e83f7ce2cd0655e1508805cd96d106851abd601b354dcec409e0bfb21342
SHA512 a9f75dc87a49a29727960b3cd90a6ff8f03f36a6eed8b5f4a56c5ff70d7786f4dd14f23cceb846172eb3fec1e003197f748295778930e85ab0b3664748ee415c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 aa7fae2b4bb842b0b8930777a6c8912a
SHA1 4452edf91c3db98051b8d3328bd454fd3c17ab7f
SHA256 c6cdf7e71106cef472e80f115b04a9fabbca0e9ce2db33710ee96acc0c16070d
SHA512 01872ff1271c718711fc85fc31376c131ad662ba00856f7016d26fc73cd3de4c436a08b2865183c6960d1798b13aebb715d94a9670968caf4e0b5a599559ab6b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 bcc27ed4ea457726ed897fb9e3c773c4
SHA1 2958f875f9fe3bccfe8f6d7b74a759f062b0ac48
SHA256 db9559c59fc86ff3e97049718f2789288cbc3d6bbfac26bc75de0d30be06723d
SHA512 a2d27a6f43ee739683fdf0d46537c6d7787f4f030bd5aa39aff9e3a9be5831a122aeda73cc12c1ad7fe8df21ccbef689bd5a12dc7ff5d7e4b93eaa9693f1874d

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\b7d45a7d-7604-4fd2-9afd-16335f2846a9.down_data

MD5 5683c0028832cae4ef93ca39c8ac5029
SHA1 248755e4e1db552e0b6f8651b04ca6d1b31a86fb
SHA256 855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e
SHA512 aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c4e56f97a43160f556b1d584d97cef59
SHA1 f16e09630d9f9ab89e0b14df13c15f611442a1ae
SHA256 f1a3e917c3804dcd7cf3d2c8ca1c393e25985d937236a40381035c62a8bcafde
SHA512 754dd197525cc34e69218cc72601db0a1a1c5c57ef097fff8dfe5a8173b44a03b4b0913b8d9175e456f2b9b6b610c387d5e884c1d5ff48ced4ba581e5df023b9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

MD5 e579aca9a74ae76669750d8879e16bf3
SHA1 0b8f462b46ec2b2dbaa728bea79d611411bae752
SHA256 6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf
SHA512 df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3b1a81046dc9a41373aa333344a9ee86
SHA1 c3a776be0e96bfef0ae08e2ca9fe3a98354eab76
SHA256 3f2d776bb79ed0152245582885a3722effdb40a7cbc1ccf44c1add07399c62dc
SHA512 ce3344f7441747579983cc0db3bedfd0ca7efb1ec03523769308071c7e0a310326d13dcb1806a6be1affce355b329af42db91f12390f5243af830fc9aadb73c0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 2cd758de658f8942256056eb50fb26b1
SHA1 d8b8996705a8e0a7c27fc4823e64f94dd120c646
SHA256 a056b39415037ba69e9dda27350c13fef8805386641a98533c1822fa9d8d9f62
SHA512 7f95eececfb706ce36b1e5316787ec8e572193cb82e68f2af5dc0c1ec01c983aa9715e7c65800c6382adc5496e8f5f7dcf04d077a9caf4b320fcca0e75f3b62a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 495b21979f2bb01b491e5da736aa2171
SHA1 0baa4130488e54718847d4b0ddc991f98fa2a6ec
SHA256 745513bdf41249dc6d9343ce97e3527af4fdbedd32bda04373b043dab5e0ec78
SHA512 31dd28169b643a6c7440ccc211bb0094c95859d2495152d75cc8bf0178d3ef0f3098326d821e06b8ed220de7aba7e6955bba8a66e9f83607ac683ea644bb04ce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 510fc5a052a187e98cbf0ddaaf235f36
SHA1 364db7ade2059c1f0a41897f5c31de85c5988bc1
SHA256 f33d8ab3c27cd3f5868b90482006007ab67c8e3df905a349aaace31137bbf06a
SHA512 27448fd8af762adbde73e8aa3bb58b74035952f089cf926d197106dc06402f8b0a1c3e150703c4573fcc8d271cbeb2d514e2f494d0a1cfb1b6786edd6758b607

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\028d6dd9-c135-484c-94f2-3d019b7f852d.tmp

MD5 ccb4324599039a814656aa4ff35b7be2
SHA1 11c9e440378c34eab0c503845cb70722f82ac975
SHA256 7bcd09f8db003dff9fc2b5780e670bb8d918debb356ce9143e5b31690c2b65c6
SHA512 ea753c5fd8c73bba79d65357b57ef359d70bc4d18abee20eda8b0e9072ffec8281648a35fdcf4370317c76f471cc7e0191f9a41f281355068f6ccb222d89ef02

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 bbb485720f59387e22af403417dc48ac
SHA1 089d5355418fdc46fd77cd9f3aeef67683616d22
SHA256 dbe09f43c0cdd9c49e0cddcd60c8849009f6965507edf5c3561d5ea214f196e2
SHA512 92877197a4d0603e1eb176fa746da16c452f12adb8dc1cd1130c1cc433cafb22573e556a944933852d6fae0ff04005ceee6d713e4f94f1c82c29ea110a29230b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 38b24d055da5792243612c0ef379fb9c
SHA1 b123e42d1dd461f2e38401ed7597a8953fe5e030
SHA256 642d3631f140c1c7a302b90bff0d13de976e63b9134a70385d202bb8e7d835c1
SHA512 7c4adc6732c31504a65226a79848863dedb7e265f1f0cf5281a25cc128c43edb03cd1aa0c7989d76df0c0a952bec4c8184ecd8713c32846197b410d928ca36a5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d81c83395cfb7bf91485e9f7137e6f94
SHA1 377af16474083268eeeb7ae7b6cc3f40abd99dbc
SHA256 074277c2270d8339a57c223a2e33d6b372da8f46d600593aa2a68567ff5f7232
SHA512 a265338e4c77eae2b65a87825c804901fe915e95524f1aed08651a270b92dee72897895c2c03e0eb3beedeed7da4a2c09222bfe88be99913d9143969bf4e6dc1

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

MD5 f49655f856acb8884cc0ace29216f511
SHA1 cb0f1f87ec0455ec349aaa950c600475ac7b7b6b
SHA256 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba
SHA512 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

MD5 b5ad5caaaee00cb8cf445427975ae66c
SHA1 dcde6527290a326e048f9c3a85280d3fa71e1e22
SHA256 b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8
SHA512 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

MD5 d222b77a61527f2c177b0869e7babc24
SHA1 3f23acb984307a4aeba41ebbb70439c97ad1f268
SHA256 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747
SHA512 d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 fa46fd68531df64400da50739f0833fa
SHA1 5cabd6303b29cef4147e46ff1ab82d8d7989d946
SHA256 899cbbf1ac68e94c1e9c4e5dade58713fdc88c61ba1b961c36009975102b9ddd
SHA512 4be82b4265aeedd19d74c6a1084f381101d6abf6f49233fe1c10bdf1fafb52d5c4b8ac2f339b13d62e9fdb426fde482c269e4d23c7d64e0e6699e3e0a47f2613

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7948ae836d31c74f521379bc74a0e5c8
SHA1 3ffc2556c67b7d5793d0e877f852a32e13a83b7e
SHA256 d08114338e59041a3ad82522b99ad37e79c305d296a103c6d25660881655222f
SHA512 5e960489c5b9ea3a9a1ce9c6b9b373ebb3f2c1804ca212ccaf49a1f0f685cc7fff2edbdafe015242d658dc059b9b6716a99cfd9da17f259639ea64f25d657b30

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 31d75336c23452eddcdfa738775cb4c5
SHA1 a24fe031cd10adaf3ae8e22f429991acaf96ce91
SHA256 3da798c7ceb7fce26af62dc61c23d55ee9321da88bb0f0c54ceb5b1663e2e398
SHA512 2f90ac6f101b67510d3420e6d085b8005a739010674ba68673b1815fd755223d8481fb2a6601ac2e28787735486f2400fcd0a13504728a02ad2fb466d23a39ea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b137eede0e011740f787bc080328a379
SHA1 6119918a8956a7da4c5a530795b3e747acadf230
SHA256 664c3d2b867dba8e19548d94986edfd36598c8ffea2a50c8928807cf8e6390b4
SHA512 3acf474a8258dc382f7a3ae5ab8dd45c93ddbaba25728b427e400aa47a77196a9d19fd858fc30c36cc850501a41ce557a60899d0f46e5ce555d7bf39abfdb939

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 491f11dbfffbd071e73d098253e60b0f
SHA1 6e0bd552a701371cd31c498cf5b82d002c189d34
SHA256 80f9be1720fc655745e7c6101cff30e3f5d76cca800d538d7acdb61e364e736e
SHA512 48c1da8d6782429e4ff1c4a86420af627d4d18a3e48ca9c96e28233df0a7a50980861827d20dbcdac48c32b0f8b9b994759fa66b5394b8ede69090922872b8ab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 dfaea82384108e0719907e3e675fc7ec
SHA1 938447e6480a90011ed7a90bdb922dc74fa238c9
SHA256 689a77d2ed86a6970708f3db0a7010f4889da2096c421a411749de0e30a45228
SHA512 0d17de5a0a99b806531f4411265c8a1dd73327071ac98b86e53c52d900750b2981fb8a57d00e7eab8768fc4164faa9074f1189f08f4446df9840fadf1e7c9201

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 74c054b2397e4a23aaf51eae1bd551aa
SHA1 765c1f3f5d4187d4b1f7b99f8c6dcd9923bcdb8f
SHA256 045a7813cae633dbaaa77b5eb21287cd91132866a156725450cc7970506ca125
SHA512 cd0d41d22d3b6a55f684d8bd4b1e63e7d5e6c7d243d5758a8af99c39f2488ef7d72dcb34a26dded48e211f8157f6cb5c602e7b8f4a075a9511b7a2e45830fb79

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3e99a9c30df30d33dbed5790fced87d1
SHA1 18862909fe88418b46b9075af9523878d58fcf9e
SHA256 5f7f639c2058004f840f5b606a2e4166465c886c775f8d9734953735ed43df41
SHA512 94fe7d5d09f15be14d65d631816043686e054077f9a14f5cca50d9c3dc04e7ac8ea3497c1dee15134369fddae3182a4fd8d6c059dde8cee22d5782f92cefb2b2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 da794597d378baed7651de46492f02e8
SHA1 156cf1cf54a4a41c55ddfcc5b17a19140b1a7dfc
SHA256 61f7270f065ff3d166abe17fb1964441e77e97f0ed4a5e3f72c29701bc1eac55
SHA512 6b8637df7c6563a9c123bbce3cc38413adfc7c791f0953a620310615b55e947c016b6467baaa1023f5d4527a8d7b8b280c6c30c2007c9ad041961162b0881b39

C:\Users\Admin\Downloads\winrar-x64-701.exe

MD5 46c17c999744470b689331f41eab7df1
SHA1 b8a63127df6a87d333061c622220d6d70ed80f7c
SHA256 c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a
SHA512 4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 6b1464b10a136c63dfbd225885e1edde
SHA1 4ac610636412a14ed8048b3f6160eb55b9d7219d
SHA256 996b10fdfa6d09ca9935d90cff9814f5b2807d354cf3286a2eec5dac1090c3bc
SHA512 00dbf3ca48c00da4ac37addbd5704a0f49b31567f4c39f5b68fc5b56b183a4fbf4bf7cb67163d804f2ad8b7ce1b8fb9a2f28f140bf8d0bdc357fae2930ff3f0a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 80bbba5a254bfc191a276beddf49fa7f
SHA1 23d7080f4f240fab610b9b8ac040bc9a2aa5afc9
SHA256 c62a849e9a046a98d30583181697de82ce14cdcbe20334c4677718d83105b25e
SHA512 7c2d2e47585f3dbaf8ae41fb939d5a35ef18afe55865843098c6cf46f5646fd8ccd26aa415a052aa963e68bc95c22d7b56b098e7551bfbe0dc4950cb0967d1bb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a9b48224eb409d4e68562d9a0b1e2ee5
SHA1 789adc71bb242bac3ccd7e2a54724e4d1ff10c62
SHA256 3c2b900f83125a38ee92d9431e1355eab86d12a88cc9a0334426731c8dc7c901
SHA512 2c48f00ce13a7ea153c2acac55fe1c34635f1ded329d42ad5892e844a51147e1af92a2e16270d56fdab3fc699d2d94c5ac78e4afc0fe907ea2d78a0ef8c7d951

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 4b65282f6b441d1f592baf8c9f643392
SHA1 461e60e005796ea940e3bd016695fb60769a1445
SHA256 f18fdc1c90e5669aa37f5725f46b27c6d89e75f756fb390a879f5eec8778928d
SHA512 e7c1ba3f880c388447228995b7e6959befa7866b796f9d9900adc896b2ac360d22be5c738af113958afe8df0375322c88f2dbb0ffa404895b19335b00330a89e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 399656255ad7b323b6b3c2295d4c29bd
SHA1 ec034b5404d3ab558e1d9cd4d9bd49ffa9635b1e
SHA256 769cbf8dab8037e7792b99a9cb9ad79ce0dc11badf3070f00283ca838522596c
SHA512 f0135d47a107eb7e02d753680c8681954c5f1abc67e7f3ba047a543a0bdd807fadf269cd647633981d09ba31cd04f3a00954f3f3619808679d838db84967ee5d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a103480d5144e870a9eb79f7fc19a6fc
SHA1 f798d8551cd6ac9e54c2cb93e6a9f7db48bd87bd
SHA256 0aa008c28100863e06a9246782493328a5d15dfeedcf0b37fcf2ae070893565f
SHA512 b1e66e069a7f1184503ed57d35835e6094e365fd5c4b525be162dae6b7974b5210ded3dd8b1acf6ce8cecb111f77dea2341f2901656499110a8402d117aa0104

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cebd8ac4ea0713f9562959e5ca767512
SHA1 0bd4cdd445f1f41d5f44b7d970cdc7a7e7b3e3a7
SHA256 28b4fa504e5405461aad961a6ad4ad8f3d5d595e40d3a1b327f699d79acf69cf
SHA512 bf348e961bde427806147845cd9dac09e6d4763be8f97ad8572a3388cb53c0deb2e220d1504626019ba549ea46c130bd8be8db804a99e8f9aa6173ab6240ec62

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 93a22c81badbb0d0ae6c347fd20481d9
SHA1 59a08516a2e4d547b9cb129ef8d9e6222d617256
SHA256 cda8c6e7088038720dfad2514e4fdbc50b4605f7d9c285cd78a80d73ad3f3a16
SHA512 93e7be8fa27e8078395c6a653f4c3a2960e7bd50398e7d8b009be25441d9398530c30c596e856e8c7d28a2be717e4e4aff04c219203c2ba8437e22d5a9d5a3f9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 c70d60f3bd5a3ac80480bfa7d654f7b3
SHA1 c3deca00acbddbab8a04a008c313504d74f0878b
SHA256 9ff89d0ff2b613bbbc819a4ff5d033ec50249fca4162984f46b12214f0952280
SHA512 a958b9f49313da9c3c157d46a5e74b9929bb2da108e8f1f0bd698a0280d5c087b4e66819cc2c91a74b494dac1a7f549cedfb2eff2fdfb4f33d7a6beb7c45f41e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f9f6c5c8771581a06f5640219c889d28
SHA1 c367e532aa6539ed3d4d2f867b3adf914c06125a
SHA256 61616ea5fbfe8571b5a066c418300bbcce277a8aa183265febc447a3b92d13a2
SHA512 80f2fa80a6388d6717ad79ec9be062573f96eb49599e8a8c99e70d646c32e191c38e3474c37468ec2ced2591e2f02c7c7225c51c10a234d63eda814c1c863691

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 44d9032b0659587233ae7d1d3bd3624a
SHA1 2a4d98a82f7800987a681e6285fdef8ea9255fa8
SHA256 39537ddf8a2deb0d5576df6eab6a215324d9844a8e0f1d88ca0a09520a153c74
SHA512 90b68af42d540905e546c7b995ef3262f3b3fe8b2de3c152286cfb436fa9e696713f514e7b4bb152e1b56740034f9ea2eb5be4b7fe63dc08187e4c69b8441004

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 4a55e5f2f3563c08dab9e8be05abdf90
SHA1 639f42e559dbd2a564eb192d6350934cdddb54ec
SHA256 c1790fb340d6877c1bd585d108b09c2bb43a23b8f5de9ee7c8d32537983f7f14
SHA512 b438a85651c622ef4cee9988636f68973b2c7023c1792deb03a442da50920f4b82df853aa463adcdaf9c8b12926f2b7373ed1eec8060402a546ee3b8d196df2d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2f7870666dfed1ae99ebc08dc1d7e0fe
SHA1 2129a369ecaf70e988ca3293838ee59e0b511eed
SHA256 951680b63d4a63d4ae65bbb7b36287ac89f8ba3b02865913a82178aacf7a18fe
SHA512 720471576642c013ee4ce43be913f3fa2d8dc13c71c5f7fb6a5b36afad82538adfc3fa1f1649e6a4f51a355efdf9bf8004c328ed463dfdc48baf3d45961865a8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 7015b83a8073fc3275434f889975dc0d
SHA1 a4d2092a7fb9b60207f750138c07f9f68e60de4d
SHA256 3c383736acfde2a78317dfb026ba9ddf84675dcca08b7aba5cf1b3a28f9777e9
SHA512 ee28beede56f61394434c39e73ca31d7765ef32a42fa229d259e4e6b6fd902691c3eb195a129ce15ed1910f0e01ef2079c9b91b375875cadea2787e8a8a5e0e4