vidar | hxxps://www[.]mediafire[.]com/file/wddo7ggxmyc704i/2O23-F1LES-S0ft[.]rar/file

Analysis

max time kernel
1799s
max time network
1692s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
25-05-2023 21:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/wddo7ggxmyc704i/2O23-F1LES-S0ft.rar/file

Score

10^/10

vidar 3a8269adbf2982cc1c6703fbf87bdce7 discovery spyware stealer

Malware Config

Extracted

Family

vidar

Version

Botnet

3a8269adbf2982cc1c6703fbf87bdce7

https://steamcommunity.com/profiles/76561199508624021

https://t.me/looking_glassbot

Attributes

profile_id_v2
3a8269adbf2982cc1c6703fbf87bdce7
user_agent
Mozilla/5.0 (X11; CrOS x86_64 14541.0.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36

Signatures

Vidar
Vidar is an infostealer based on Arkei stealer.
stealer vidar

Executes dropped EXE 1 IoCs

pid	Process
5304	Setup.exe

Loads dropped DLL 2 IoCs

pid	Process
5304	Setup.exe
5304	Setup.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Accesses 2FA software files, possible credential harvesting 2 TTPs
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Setup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Setup.exe

Delays execution with timeout.exe 1 IoCs

evasion

pid	Process
1224	timeout.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133295234423645502"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2088	chrome.exe
2088	chrome.exe
5236	chrome.exe
5236	chrome.exe
5304	Setup.exe
5304	Setup.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 36 IoCs

pid	Process
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe
Token: SeShutdownPrivilege	2088	chrome.exe
Token: SeCreatePagefilePrivilege	2088	chrome.exe

Suspicious use of FindShellTrayWindow 48 IoCs

pid	Process
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
6052	7zG.exe
6052	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe
2088	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2088 wrote to memory of 2264	2088	chrome.exe	66
PID 2088 wrote to memory of 2264	2088	chrome.exe	66
PID 2088 wrote to memory of 3020	2088	chrome.exe	69
PID 2088 wrote to memory of 3020	2088	chrome.exe	69
PID 2088 wrote to memory of 3020	2088	chrome.exe	69
PID 2088 wrote to memory of 3020	2088	chrome.exe	69
PID 2088 wrote to memory of 3020	2088	chrome.exe	69
PID 2088 wrote to memory of 3020	2088	chrome.exe	69
PID 2088 wrote to memory of 3020	2088	chrome.exe	69
PID 2088 wrote to memory of 3020	2088	chrome.exe	69
PID 2088 wrote to memory of 3020	2088	chrome.exe	69
PID 2088 wrote to memory of 3020	2088	chrome.exe	69
PID 2088 wrote to memory of 3020	2088	chrome.exe	69
PID 2088 wrote to memory of 3020	2088	chrome.exe	69
PID 2088 wrote to memory of 3020	2088	chrome.exe	69
PID 2088 wrote to memory of 3020	2088	chrome.exe	69
PID 2088 wrote to memory of 3020	2088	chrome.exe	69
PID 2088 wrote to memory of 3020	2088	chrome.exe	69
PID 2088 wrote to memory of 3020	2088	chrome.exe	69
PID 2088 wrote to memory of 3020	2088	chrome.exe	69
PID 2088 wrote to memory of 3020	2088	chrome.exe	69
PID 2088 wrote to memory of 3020	2088	chrome.exe	69
PID 2088 wrote to memory of 3020	2088	chrome.exe	69
PID 2088 wrote to memory of 3020	2088	chrome.exe	69
PID 2088 wrote to memory of 3020	2088	chrome.exe	69
PID 2088 wrote to memory of 3020	2088	chrome.exe	69
PID 2088 wrote to memory of 3020	2088	chrome.exe	69
PID 2088 wrote to memory of 3020	2088	chrome.exe	69
PID 2088 wrote to memory of 3020	2088	chrome.exe	69
PID 2088 wrote to memory of 3020	2088	chrome.exe	69
PID 2088 wrote to memory of 3020	2088	chrome.exe	69
PID 2088 wrote to memory of 3020	2088	chrome.exe	69
PID 2088 wrote to memory of 3020	2088	chrome.exe	69
PID 2088 wrote to memory of 3020	2088	chrome.exe	69
PID 2088 wrote to memory of 3020	2088	chrome.exe	69
PID 2088 wrote to memory of 3020	2088	chrome.exe	69
PID 2088 wrote to memory of 3020	2088	chrome.exe	69
PID 2088 wrote to memory of 3020	2088	chrome.exe	69
PID 2088 wrote to memory of 3020	2088	chrome.exe	69
PID 2088 wrote to memory of 3020	2088	chrome.exe	69
PID 2088 wrote to memory of 4604	2088	chrome.exe	68
PID 2088 wrote to memory of 4604	2088	chrome.exe	68
PID 2088 wrote to memory of 3928	2088	chrome.exe	70
PID 2088 wrote to memory of 3928	2088	chrome.exe	70
PID 2088 wrote to memory of 3928	2088	chrome.exe	70
PID 2088 wrote to memory of 3928	2088	chrome.exe	70
PID 2088 wrote to memory of 3928	2088	chrome.exe	70
PID 2088 wrote to memory of 3928	2088	chrome.exe	70
PID 2088 wrote to memory of 3928	2088	chrome.exe	70
PID 2088 wrote to memory of 3928	2088	chrome.exe	70
PID 2088 wrote to memory of 3928	2088	chrome.exe	70
PID 2088 wrote to memory of 3928	2088	chrome.exe	70
PID 2088 wrote to memory of 3928	2088	chrome.exe	70
PID 2088 wrote to memory of 3928	2088	chrome.exe	70
PID 2088 wrote to memory of 3928	2088	chrome.exe	70
PID 2088 wrote to memory of 3928	2088	chrome.exe	70
PID 2088 wrote to memory of 3928	2088	chrome.exe	70
PID 2088 wrote to memory of 3928	2088	chrome.exe	70
PID 2088 wrote to memory of 3928	2088	chrome.exe	70
PID 2088 wrote to memory of 3928	2088	chrome.exe	70
PID 2088 wrote to memory of 3928	2088	chrome.exe	70
PID 2088 wrote to memory of 3928	2088	chrome.exe	70
PID 2088 wrote to memory of 3928	2088	chrome.exe	70
PID 2088 wrote to memory of 3928	2088	chrome.exe	70

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://www.mediafire.com/file/wddo7ggxmyc704i/2O23-F1LES-S0ft.rar/file
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff845919758,0x7ff845919768,0x7ff845919778
  2⤵
  PID:2264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1948 --field-trial-handle=1780,i,13610271177081035437,10374718034247325027,131072 /prefetch:8
  2⤵
  PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1592 --field-trial-handle=1780,i,13610271177081035437,10374718034247325027,131072 /prefetch:2
  2⤵
  PID:3020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2044 --field-trial-handle=1780,i,13610271177081035437,10374718034247325027,131072 /prefetch:8
  2⤵
  PID:3928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2968 --field-trial-handle=1780,i,13610271177081035437,10374718034247325027,131072 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2976 --field-trial-handle=1780,i,13610271177081035437,10374718034247325027,131072 /prefetch:1
  2⤵
  PID:2664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4568 --field-trial-handle=1780,i,13610271177081035437,10374718034247325027,131072 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4904 --field-trial-handle=1780,i,13610271177081035437,10374718034247325027,131072 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4940 --field-trial-handle=1780,i,13610271177081035437,10374718034247325027,131072 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5268 --field-trial-handle=1780,i,13610271177081035437,10374718034247325027,131072 /prefetch:1
  2⤵
  PID:1796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5432 --field-trial-handle=1780,i,13610271177081035437,10374718034247325027,131072 /prefetch:1
  2⤵
  PID:324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5924 --field-trial-handle=1780,i,13610271177081035437,10374718034247325027,131072 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5936 --field-trial-handle=1780,i,13610271177081035437,10374718034247325027,131072 /prefetch:1
  2⤵
  PID:1336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=6324 --field-trial-handle=1780,i,13610271177081035437,10374718034247325027,131072 /prefetch:1
  2⤵
  PID:2532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5296 --field-trial-handle=1780,i,13610271177081035437,10374718034247325027,131072 /prefetch:1
  2⤵
  PID:3144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6648 --field-trial-handle=1780,i,13610271177081035437,10374718034247325027,131072 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6480 --field-trial-handle=1780,i,13610271177081035437,10374718034247325027,131072 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5292 --field-trial-handle=1780,i,13610271177081035437,10374718034247325027,131072 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6100 --field-trial-handle=1780,i,13610271177081035437,10374718034247325027,131072 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7080 --field-trial-handle=1780,i,13610271177081035437,10374718034247325027,131072 /prefetch:8
  2⤵
  PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5792 --field-trial-handle=1780,i,13610271177081035437,10374718034247325027,131072 /prefetch:8
  2⤵
  PID:3964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=2556 --field-trial-handle=1780,i,13610271177081035437,10374718034247325027,131072 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=2552 --field-trial-handle=1780,i,13610271177081035437,10374718034247325027,131072 /prefetch:1
  2⤵
  PID:1744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=7712 --field-trial-handle=1780,i,13610271177081035437,10374718034247325027,131072 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5776 --field-trial-handle=1780,i,13610271177081035437,10374718034247325027,131072 /prefetch:1
  2⤵
  PID:4232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=7536 --field-trial-handle=1780,i,13610271177081035437,10374718034247325027,131072 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=7648 --field-trial-handle=1780,i,13610271177081035437,10374718034247325027,131072 /prefetch:1
  2⤵
  PID:2080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=7952 --field-trial-handle=1780,i,13610271177081035437,10374718034247325027,131072 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=4476 --field-trial-handle=1780,i,13610271177081035437,10374718034247325027,131072 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=4524 --field-trial-handle=1780,i,13610271177081035437,10374718034247325027,131072 /prefetch:1
  2⤵
  PID:4244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=7476 --field-trial-handle=1780,i,13610271177081035437,10374718034247325027,131072 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6124 --field-trial-handle=1780,i,13610271177081035437,10374718034247325027,131072 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=7732 --field-trial-handle=1780,i,13610271177081035437,10374718034247325027,131072 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=2572 --field-trial-handle=1780,i,13610271177081035437,10374718034247325027,131072 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7672 --field-trial-handle=1780,i,13610271177081035437,10374718034247325027,131072 /prefetch:1
  2⤵
  PID:2172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=3736 --field-trial-handle=1780,i,13610271177081035437,10374718034247325027,131072 /prefetch:1
  2⤵
  PID:1236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=7456 --field-trial-handle=1780,i,13610271177081035437,10374718034247325027,131072 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=7724 --field-trial-handle=1780,i,13610271177081035437,10374718034247325027,131072 /prefetch:1
  2⤵
  PID:3260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=8088 --field-trial-handle=1780,i,13610271177081035437,10374718034247325027,131072 /prefetch:1
  2⤵
  PID:3388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=8276 --field-trial-handle=1780,i,13610271177081035437,10374718034247325027,131072 /prefetch:1
  2⤵
  PID:4384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1780,i,13610271177081035437,10374718034247325027,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=6876 --field-trial-handle=1780,i,13610271177081035437,10374718034247325027,131072 /prefetch:1
  2⤵
  PID:5500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5876 --field-trial-handle=1780,i,13610271177081035437,10374718034247325027,131072 /prefetch:8
  2⤵
  PID:5556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=5896 --field-trial-handle=1780,i,13610271177081035437,10374718034247325027,131072 /prefetch:1
  2⤵
  PID:5664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3648 --field-trial-handle=1780,i,13610271177081035437,10374718034247325027,131072 /prefetch:8
  2⤵
  PID:5780

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4864

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5896

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\2O23-F1LES-S0ft\" -spe -an -ai#7zMap6389:92:7zEvent28072
1⤵
- Suspicious use of FindShellTrayWindow
PID:6052

C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Setup.exe
"C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Setup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
PID:5304
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c timeout /t 6 & del /f /q "C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Setup.exe" & exit
  2⤵
  PID:3820
- - C:\Windows\SysWOW64\timeout.exe
    timeout /t 6
    3⤵
    - Delays execution with timeout.exe
    PID:1224

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
5a8ecfb2661ff9e15e20f4efc7baa704

SHA1
2dda545f20156c55351e70c38234c2a2f5d559f9

SHA256
74417d0527faf935f9199a51acf01f09f7151db5ef3bb3856ee8483febf407a2

SHA512
22ce9cb31df4c2c1309e0c8f7fee386b61bfe209ae1cf3fd4ffb711bd6dedbbe5edfb7c5285162b629a30aacccf92229801d2fe748145f12322fd4076e56bbbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a2e2d8bb9822928c1cd39ec105f606df

SHA1
9ab71c72ef74c92b89efa4179240fa1a66ba5f01

SHA256
23e7f9c438728f4c5981857c4f5016dadce9dbfef1790c7852ed9ea33ac577dc

SHA512
d93731e5a678d18dc6d514fd02a3f11d9ec0be1d92d6397ef3370c8834db92ca60f4ea90676c8620c8e0221bf25b627f403f307ae5411a5b885a17b0e0cc0318

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
84843557bb7bf9daf309dcdbf92b3e34

SHA1
ac7e11339421dcb01ff02ccb7260d68302bd25fd

SHA256
088aa8816c022d739f5d9793857905bc6880bd1ddcf43aa2d097b466a15ada60

SHA512
87f14d49a1359ec14424a22b4bc97fc3d380f81d91cf6706e5747083289ca2a580f16036be53ba3c312530c2743fb634c1dd0472591b5e56080d98255154ad86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
1374148a5ec46bf9f1a0c86e6480cb50

SHA1
28d7ecdaefa24c0982b0c44e8b7e47f476d9130d

SHA256
a29ec883478f425b517c55f69cbcbb8b4b95415c7100bdf20371d8898bf80e1b

SHA512
82093a2bd1c27cee774e28fa009d660e223c917efd6fb6cf5b26676c18fca6873d8063a3f398430fc76aa694524ddb453dce54309f4034a54eb2f08d0a576921

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\3369465a-b631-4a4a-9794-98d270223b06.tmp

Filesize
5KB

MD5
ecb4c66f7036020224514f38b65f2045

SHA1
9a7c04717602325d01ac0f988d97a2a007c60a17

SHA256
0fc677f03067422ddc33debb8f82f2220c4ef27a193316339fa9b7caf8d824c2

SHA512
f874227abd6467a907367992e42c75565db1dc4056ceddcb88614f750ff7fcd6cb199fcf5e4356f2bc8259108af160d8e5d907e92d2eeab223bde464a5f4712e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
68KB

MD5
9f9b281229534b9cbf3f660ead84240f

SHA1
8064fd04d7a48f7aa3d2bbf31e25f9da77696559

SHA256
5112979ce73be67b4e1fba7d00569526725491ca7cb5329966ed0077bb16d22a

SHA512
d5bc9cc9ab68648afd3cc2933466c3e3a3a1c21b247cbf5c8f2351a046c13d8d9e6dab1d46b6860546b7eb25a14c734c1b685c717c0d4fa69fb1ce5ba68f412c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
15KB

MD5
fd62c96f82a5e392b94da1528e2e4f89

SHA1
6776a2165e13ab7a95d31533c32ee692f7c42083

SHA256
949c15e1cd3a0884f02eac1275104cdbf65e45fc870f9ed592c2fdbe97cd0c7f

SHA512
35307a3955a6c85d0f464a4b586487b9ba411d072796c50add508dfd675168ec2d546617e16ad94b0e2decc5a46d63bf505e59e6d81f3d908c9e3ab171800171

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
12KB

MD5
ab876b228d39e94fb3d132e1164a81be

SHA1
cbbb03039b7907262ce3da75cb940e57ac77ce73

SHA256
bd62bce074564253630e93398f46acd6d0f0c50dd0e7b8529b4ed38f16778a2e

SHA512
58c556be81b1fd9f3a023ed24ec5ddfc339314c2d12bd357d707b33538895d8b7c05e51ea435a87daa27606d76c68b9afed17066907359a6e3d1805cc7e24cbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
a13332c647c04bd5479a5d1f1018a623

SHA1
e1bd0f4e2f0fae396c624b4bcf0dd1d0d4a90ed0

SHA256
31c4c836ae6f44aedf91efe3fd580f9de3bee41bbc242abe985a0190e507cc24

SHA512
da8a683bc61b708fcfb64534a7227a4911446ed6a37b731eb5bdb0edba5693e1da50000a25dd4b363ca212e14be8d8a483fb2cde1a3df4ba887585b1c9f01329

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
8aba37178f50a78077f3809f0916bbe2

SHA1
9dc03bf28f5cb0295500b9d3d204ba4cd285f62d

SHA256
7b7d189f5699b6050225f1ca65e0dfbda355c5113b3ab8f344e515f4d7cf2362

SHA512
6de4eeb62511d84b05c5ee67022a2670961c6f88dae1928a70b594b228334dd2c81b933b274b8c74f8498432e64feca928c2a0da312dbdac31815442578279fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
eb8eab6f98ede3150ed46e048f6cf8f7

SHA1
47ef611eeba1622779b3505a6184830ddfbcde73

SHA256
92bf66455e176e9055ef64bd0cb58e0b16125eaf137bbfecc58369775403ccd5

SHA512
e13c08a53f07347c449df789b791466c4e0e79cc9c0df9fca292d1e909c8b38c47e02a859328d5025338ebaddbfd94e45ca9d2173004b1be53a74f6e8a68ebc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
e64053b9fee1729568101e11f0b11b29

SHA1
1bd2807adf3e2601999bb26648188b65c10c1201

SHA256
ee2735eb805be66b893c0a867b29957343e1c7251db9f1e7d7af03370ca277b3

SHA512
3e950470df8adb7424c0ea055db8a26baa7f0c3d459d83836da3e8e60280774f37d79da92c5cf0b4c9fe2038a7846f05fc6b24c1b6e22a707f9831c14bbbe355

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
f1af7c6099e9f36e486b478f51de6e43

SHA1
41f04263c9f223a67a1a699a10242314deb1ce23

SHA256
f498ba95f7489de8ae6a8194aeac30374c2ff915726584ee187ae787dcce5537

SHA512
b312a8d076fc4b56605789cbb9fcf95b1228060782acd1e0340c26537f8ec37ffce36347744df15ca72ae80c564bbd1e5065689a07d01da1d65d5eaf9f2657c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
2a155e5544dd29afe8a0e52f97699dab

SHA1
c67323f8993ad72947ac1ef1dba5678881314a16

SHA256
c15b4132ce14324c438ff9650c12451eee41617c53a0a16f0e71cfac22b2a1ff

SHA512
375a671af702d8f063025301696ddfa0843c92967715082a6aa0d7793af3a1f52b32c608a98ea1701bf3f750625f7d5c97fa098b9ebd0b5ccd02f6c3eb062185

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
faa967092b41eecb3c1ca7490e4d1c96

SHA1
3ab366e112e2caa9ce1e09510dab46cfd1269f93

SHA256
153b21c7b237152bad320838f2275073d0c7a24684f54f615ca1c08783356bf0

SHA512
c7e987dadaf07944787c8f68ae66e3d3a499d5226a286fcb867e81a9c60afcff29dbf9c3cb2a514885c7e3be7954f0b516b63fa7fbf6a18a85f9affa31347b16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
cd098b00d49256acdc1a40b1e9046192

SHA1
29b19fc548cc5bfe4e9a872f85df6820505638da

SHA256
e3e8f568fbff9a45869fed5c438eb5f78e69e17d6c33bf4155b8851a4b842581

SHA512
dbee4a8baac551bdd605843350274a772fb0e81d313a278f57de7f31a7c896b09bd49db1d5c2bfa3563afbeb84d6249d333d51a951510473613e58ce49cc91b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
76c537f51dfeedcdf5243639b9b8e09a

SHA1
948ccf88081face2c52f790f5dbfbd8ad2b1e55d

SHA256
23d5dde09fc654faf7541ffa4d57e3ff979bd012b8802bb3494db5fd33bedf4e

SHA512
beec87151855593a8e23b7e3015cd22f2416cb60fc670ae918ce930626b0eed069bb543f00878478af6e1f145321e31f4f5c326af798b82396c90f5347267cfc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1be4785d2e896f672494a2254fa258a7

SHA1
e250cb273030f37e5b08dc424b15ee768cfd2465

SHA256
72b5c6dd30df0ae395f1fd48edbcb78765a47493311590ad69987125ffacd274

SHA512
e91598ded083bf0ebf66b41b3629c090aaad2e286c04c66aaf1aa3c81802ba563b446b33ab3b32672594ead46d4f0e0e7057ef453fe0cfb2d2c7f47eada6bf74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
153KB

MD5
b6155f6d67d7bc6e702ee865b1119460

SHA1
68c5e5c71145e5085b8931cde9138bd202e3bcfb

SHA256
743fdb70466f363a41265857ad5911c363ca7c8c11e406f429b2994e6418cdd3

SHA512
c4f1bbf298e5d6691423088332598119ac2b4def88f0d47d7dcec1b96672598f3e7e11372f1636627157f5e9dd1255757fc5b69cfaadc8902701f1ea7170a299

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
153KB

MD5
9abe44a804785c4c235771ebcfd34a6f

SHA1
8cac84935161432905f4d9a8ce05495d289ed97d

SHA256
58ee524f56eaf5d5318382d69df0fb3513f40692c108f1177cc9a4a2e27353b2

SHA512
22ba59e5e7028921264e89fd9a79af5df7270b5461a2ec70e1dd16d1e1f2714bcc7b2ab34c373af069d5dfa3ebe0e0ebfb78c16434c8d974f6bdcfa41e891ac1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
153KB

MD5
9abe44a804785c4c235771ebcfd34a6f

SHA1
8cac84935161432905f4d9a8ce05495d289ed97d

SHA256
58ee524f56eaf5d5318382d69df0fb3513f40692c108f1177cc9a4a2e27353b2

SHA512
22ba59e5e7028921264e89fd9a79af5df7270b5461a2ec70e1dd16d1e1f2714bcc7b2ab34c373af069d5dfa3ebe0e0ebfb78c16434c8d974f6bdcfa41e891ac1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
111KB

MD5
a116361cfeb49587c139e7fcac6f9244

SHA1
b28d8fa0c6bc52ab9e0ed18d8136158cfb467498

SHA256
f7951edd0ad56a58acb46a6b3653a1637aa96f4efb6e72646eefd1396ac032b8

SHA512
cde7d09a52458cf1f8308e034f5632e053c3bdf933c453e14050de126f8c098eb4d12c55d2a9106af8bca3e48c0336c867a296a287c1da912d0c3bb9b49058c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe599466.TMP

Filesize
100KB

MD5
95ae8c511b7c4318f6fb86ffa946c10f

SHA1
bd0799604d5aa52c6fcff2ec856e4ff24c937d34

SHA256
935bd40c405206c4c84809e74c7c71527903ed664c3241b03e1b62eac468e1eb

SHA512
fc9953ab181ffbdeba94580711b0e3ffe4f69046fcaffe35946eabf6c0e418be71eb5903c6b6641c682c6bc63920fe78dc12a92c7b538e8494dad75d130cd7fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft.rar

Filesize
16.1MB

MD5
7dfc684dd97c18828e2a85b6415dee45

SHA1
5c2de26ff4d9993852e1397755c561e4b359853c

SHA256
a76c4f346a0f72cc1fcf8c471abb0ecd2e914c5863a4f4556d884212f8d3b2fb

SHA512
9579a1f3787806fb2864ce8cb6dbe3aeb4d0db7ac336a5352ccfc4cde770c5ce9cb3fd6f1b005fe61da31b341d3ee2eccbe9c592c76dd7347507ef981d4721ea

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Framework\Privacy Policy\UBT_en.rtf

Filesize
78KB

MD5
1aec177b22e45f99fc812d5bfedd2f07

SHA1
2103b6c5ae4f024739485baba385385f15d6b79b

SHA256
6b45386a52901170d24db77537044197450bf3412590b694de589596c5f68839

SHA512
5b207f7d31698f1250722e61dcafab511bfba8868579acf9fdbaa110b78eae1129bcc0bd40e02125354a9812e99b1d8f1c288dae343cc27ed05aea6dabf2415a

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Framework\Privacy Policy\UBT_pt.rtf

Filesize
67KB

MD5
b77c9bd407bd96f78df9de69a4c73d72

SHA1
79e2c3189b94f84e048a1649a622b3bd7775d2fb

SHA256
5716cec8bd05d09a80cb4bc9924b114f7ffd8e1c93478462c6c928bca387f079

SHA512
ccf9e0f935637095bc91bf78f07a2ced51f73460993d6cb9935eb3cb544ccec8247e4a11ef622b7e8f32e89289764757712a37d06958a97a7fd7ddf4705d72e3

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Setup.exe

Filesize
1622.3MB

MD5
76132c8c083dcba9039a77b710c59f84

SHA1
4956a23e70a2190a99ded88df72401898a99e520

SHA256
b5c65fa6b65da2b0e82a6d0db4da90f6025e0ce802ee4a0492338ac8de5ad09d

SHA512
c1cf386277e19f562b3195a5df208f594d7094cfd00cfdcb43e8778aacec12d0dd75a11dcb6ce88dde002b4cb3d9260ef2293b81ca850c901dc62d803e45d604

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Setup.exe

Filesize
1622.3MB

MD5
76132c8c083dcba9039a77b710c59f84

SHA1
4956a23e70a2190a99ded88df72401898a99e520

SHA256
b5c65fa6b65da2b0e82a6d0db4da90f6025e0ce802ee4a0492338ac8de5ad09d

SHA512
c1cf386277e19f562b3195a5df208f594d7094cfd00cfdcb43e8778aacec12d0dd75a11dcb6ce88dde002b4cb3d9260ef2293b81ca850c901dc62d803e45d604

Download Submit
\ProgramData\mozglue.dll

Filesize
593KB

MD5
c8fd9be83bc728cc04beffafc2907fe9

SHA1
95ab9f701e0024cedfbd312bcfe4e726744c4f2e

SHA256
ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a

SHA512
fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

Download Submit
\ProgramData\nss3.dll

Filesize
2.0MB

MD5
1cc453cdf74f31e4d913ff9c10acdde2

SHA1
6e85eae544d6e965f15fa5c39700fa7202f3aafe

SHA256
ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5

SHA512
dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

Download Submit
memory/5304-1015-0x0000000000920000-0x0000000001469000-memory.dmp

Filesize
11.3MB

Download
memory/5304-1030-0x0000000061E00000-0x0000000061EF3000-memory.dmp

Filesize
972KB

Download