hxxps://transfiles[.]ru/wjvp4

Resubmissions

03/08/2023, 21:22

230803-z79h3sgb67 7

03/08/2023, 21:17

230803-z48sdagb57 8

03/08/2023, 21:14

230803-z3rsgagb52 7

Analysis

max time kernel
243s
max time network
248s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
03/08/2023, 21:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://transfiles.ru/wjvp4

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 3 IoCs

pid	Process
2508	CoolSoftWare 2.1.exe
392	CoolSoftWare 2.1.exe
636	CoolSoftWare 2.1.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133355710618983652"	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4992	chrome.exe
4992	chrome.exe
3124	chrome.exe
3124	chrome.exe
2508	CoolSoftWare 2.1.exe
2508	CoolSoftWare 2.1.exe
2508	CoolSoftWare 2.1.exe
2508	CoolSoftWare 2.1.exe
2508	CoolSoftWare 2.1.exe
2508	CoolSoftWare 2.1.exe
2508	CoolSoftWare 2.1.exe
2508	CoolSoftWare 2.1.exe
2508	CoolSoftWare 2.1.exe
2508	CoolSoftWare 2.1.exe
2508	CoolSoftWare 2.1.exe
2508	CoolSoftWare 2.1.exe
2508	CoolSoftWare 2.1.exe
2508	CoolSoftWare 2.1.exe
2508	CoolSoftWare 2.1.exe
2508	CoolSoftWare 2.1.exe
2508	CoolSoftWare 2.1.exe
2508	CoolSoftWare 2.1.exe
2508	CoolSoftWare 2.1.exe
2508	CoolSoftWare 2.1.exe
2508	CoolSoftWare 2.1.exe
2508	CoolSoftWare 2.1.exe
2508	CoolSoftWare 2.1.exe
2508	CoolSoftWare 2.1.exe
2508	CoolSoftWare 2.1.exe
2508	CoolSoftWare 2.1.exe
2508	CoolSoftWare 2.1.exe
2508	CoolSoftWare 2.1.exe
2508	CoolSoftWare 2.1.exe
2508	CoolSoftWare 2.1.exe
2508	CoolSoftWare 2.1.exe
2508	CoolSoftWare 2.1.exe
2508	CoolSoftWare 2.1.exe
2508	CoolSoftWare 2.1.exe
2508	CoolSoftWare 2.1.exe
2508	CoolSoftWare 2.1.exe
2508	CoolSoftWare 2.1.exe
2508	CoolSoftWare 2.1.exe
2508	CoolSoftWare 2.1.exe
2508	CoolSoftWare 2.1.exe
2508	CoolSoftWare 2.1.exe
2508	CoolSoftWare 2.1.exe
2508	CoolSoftWare 2.1.exe
2508	CoolSoftWare 2.1.exe
2508	CoolSoftWare 2.1.exe
2508	CoolSoftWare 2.1.exe
2508	CoolSoftWare 2.1.exe
2508	CoolSoftWare 2.1.exe
2508	CoolSoftWare 2.1.exe
2508	CoolSoftWare 2.1.exe
2508	CoolSoftWare 2.1.exe
2508	CoolSoftWare 2.1.exe
2508	CoolSoftWare 2.1.exe
2508	CoolSoftWare 2.1.exe
2508	CoolSoftWare 2.1.exe
2508	CoolSoftWare 2.1.exe
2508	CoolSoftWare 2.1.exe
2508	CoolSoftWare 2.1.exe
2508	CoolSoftWare 2.1.exe
2508	CoolSoftWare 2.1.exe

Suspicious behavior: GetForegroundWindowSpam 5 IoCs

pid	Process
2508	CoolSoftWare 2.1.exe
392	CoolSoftWare 2.1.exe
4436	7zFM.exe
636	CoolSoftWare 2.1.exe
3576	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe
Token: SeShutdownPrivilege	4992	chrome.exe
Token: SeCreatePagefilePrivilege	4992	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe
488	taskmgr.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2508	CoolSoftWare 2.1.exe
2508	CoolSoftWare 2.1.exe
392	CoolSoftWare 2.1.exe
392	CoolSoftWare 2.1.exe
636	CoolSoftWare 2.1.exe
636	CoolSoftWare 2.1.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4992 wrote to memory of 4260	4992	chrome.exe	82
PID 4992 wrote to memory of 4260	4992	chrome.exe	82
PID 4992 wrote to memory of 928	4992	chrome.exe	84
PID 4992 wrote to memory of 928	4992	chrome.exe	84
PID 4992 wrote to memory of 928	4992	chrome.exe	84
PID 4992 wrote to memory of 928	4992	chrome.exe	84
PID 4992 wrote to memory of 928	4992	chrome.exe	84
PID 4992 wrote to memory of 928	4992	chrome.exe	84
PID 4992 wrote to memory of 928	4992	chrome.exe	84
PID 4992 wrote to memory of 928	4992	chrome.exe	84
PID 4992 wrote to memory of 928	4992	chrome.exe	84
PID 4992 wrote to memory of 928	4992	chrome.exe	84
PID 4992 wrote to memory of 928	4992	chrome.exe	84
PID 4992 wrote to memory of 928	4992	chrome.exe	84
PID 4992 wrote to memory of 928	4992	chrome.exe	84
PID 4992 wrote to memory of 928	4992	chrome.exe	84
PID 4992 wrote to memory of 928	4992	chrome.exe	84
PID 4992 wrote to memory of 928	4992	chrome.exe	84
PID 4992 wrote to memory of 928	4992	chrome.exe	84
PID 4992 wrote to memory of 928	4992	chrome.exe	84
PID 4992 wrote to memory of 928	4992	chrome.exe	84
PID 4992 wrote to memory of 928	4992	chrome.exe	84
PID 4992 wrote to memory of 928	4992	chrome.exe	84
PID 4992 wrote to memory of 928	4992	chrome.exe	84
PID 4992 wrote to memory of 928	4992	chrome.exe	84
PID 4992 wrote to memory of 928	4992	chrome.exe	84
PID 4992 wrote to memory of 928	4992	chrome.exe	84
PID 4992 wrote to memory of 928	4992	chrome.exe	84
PID 4992 wrote to memory of 928	4992	chrome.exe	84
PID 4992 wrote to memory of 928	4992	chrome.exe	84
PID 4992 wrote to memory of 928	4992	chrome.exe	84
PID 4992 wrote to memory of 928	4992	chrome.exe	84
PID 4992 wrote to memory of 928	4992	chrome.exe	84
PID 4992 wrote to memory of 928	4992	chrome.exe	84
PID 4992 wrote to memory of 928	4992	chrome.exe	84
PID 4992 wrote to memory of 928	4992	chrome.exe	84
PID 4992 wrote to memory of 928	4992	chrome.exe	84
PID 4992 wrote to memory of 928	4992	chrome.exe	84
PID 4992 wrote to memory of 928	4992	chrome.exe	84
PID 4992 wrote to memory of 928	4992	chrome.exe	84
PID 4992 wrote to memory of 4252	4992	chrome.exe	85
PID 4992 wrote to memory of 4252	4992	chrome.exe	85
PID 4992 wrote to memory of 4480	4992	chrome.exe	86
PID 4992 wrote to memory of 4480	4992	chrome.exe	86
PID 4992 wrote to memory of 4480	4992	chrome.exe	86
PID 4992 wrote to memory of 4480	4992	chrome.exe	86
PID 4992 wrote to memory of 4480	4992	chrome.exe	86
PID 4992 wrote to memory of 4480	4992	chrome.exe	86
PID 4992 wrote to memory of 4480	4992	chrome.exe	86
PID 4992 wrote to memory of 4480	4992	chrome.exe	86
PID 4992 wrote to memory of 4480	4992	chrome.exe	86
PID 4992 wrote to memory of 4480	4992	chrome.exe	86
PID 4992 wrote to memory of 4480	4992	chrome.exe	86
PID 4992 wrote to memory of 4480	4992	chrome.exe	86
PID 4992 wrote to memory of 4480	4992	chrome.exe	86
PID 4992 wrote to memory of 4480	4992	chrome.exe	86
PID 4992 wrote to memory of 4480	4992	chrome.exe	86
PID 4992 wrote to memory of 4480	4992	chrome.exe	86
PID 4992 wrote to memory of 4480	4992	chrome.exe	86
PID 4992 wrote to memory of 4480	4992	chrome.exe	86
PID 4992 wrote to memory of 4480	4992	chrome.exe	86
PID 4992 wrote to memory of 4480	4992	chrome.exe	86
PID 4992 wrote to memory of 4480	4992	chrome.exe	86
PID 4992 wrote to memory of 4480	4992	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://transfiles.ru/wjvp4
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff950019758,0x7ff950019768,0x7ff950019778
  2⤵
  PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=364,i,12530926026554719188,11257064165664113937,131072 /prefetch:2
  2⤵
  PID:928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=364,i,12530926026554719188,11257064165664113937,131072 /prefetch:8
  2⤵
  PID:4252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=364,i,12530926026554719188,11257064165664113937,131072 /prefetch:8
  2⤵
  PID:4480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3004 --field-trial-handle=364,i,12530926026554719188,11257064165664113937,131072 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3012 --field-trial-handle=364,i,12530926026554719188,11257064165664113937,131072 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=5024 --field-trial-handle=364,i,12530926026554719188,11257064165664113937,131072 /prefetch:1
  2⤵
  PID:3428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4792 --field-trial-handle=364,i,12530926026554719188,11257064165664113937,131072 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4628 --field-trial-handle=364,i,12530926026554719188,11257064165664113937,131072 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3916 --field-trial-handle=364,i,12530926026554719188,11257064165664113937,131072 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5884 --field-trial-handle=364,i,12530926026554719188,11257064165664113937,131072 /prefetch:8
  2⤵
  PID:4500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5848 --field-trial-handle=364,i,12530926026554719188,11257064165664113937,131072 /prefetch:8
  2⤵
  PID:4184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6124 --field-trial-handle=364,i,12530926026554719188,11257064165664113937,131072 /prefetch:8
  2⤵
  PID:1380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5148 --field-trial-handle=364,i,12530926026554719188,11257064165664113937,131072 /prefetch:8
  2⤵
  PID:4872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1000 --field-trial-handle=364,i,12530926026554719188,11257064165664113937,131072 /prefetch:8
  2⤵
  PID:5068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5780 --field-trial-handle=364,i,12530926026554719188,11257064165664113937,131072 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5800 --field-trial-handle=364,i,12530926026554719188,11257064165664113937,131072 /prefetch:1
  2⤵
  PID:3372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6292 --field-trial-handle=364,i,12530926026554719188,11257064165664113937,131072 /prefetch:8
  2⤵
  PID:4408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6428 --field-trial-handle=364,i,12530926026554719188,11257064165664113937,131072 /prefetch:8
  2⤵
  PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 --field-trial-handle=364,i,12530926026554719188,11257064165664113937,131072 /prefetch:8
  2⤵
  PID:1612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6416 --field-trial-handle=364,i,12530926026554719188,11257064165664113937,131072 /prefetch:8
  2⤵
  PID:1172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6600 --field-trial-handle=364,i,12530926026554719188,11257064165664113937,131072 /prefetch:8
  2⤵
  PID:1572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6264 --field-trial-handle=364,i,12530926026554719188,11257064165664113937,131072 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5992 --field-trial-handle=364,i,12530926026554719188,11257064165664113937,131072 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6544 --field-trial-handle=364,i,12530926026554719188,11257064165664113937,131072 /prefetch:8
  2⤵
  PID:2104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5316 --field-trial-handle=364,i,12530926026554719188,11257064165664113937,131072 /prefetch:8
  2⤵
  PID:368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6488 --field-trial-handle=364,i,12530926026554719188,11257064165664113937,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 --field-trial-handle=364,i,12530926026554719188,11257064165664113937,131072 /prefetch:8
  2⤵
  PID:1220
- C:\Users\Admin\Downloads\CoolSoftWare 2.1.exe
  "C:\Users\Admin\Downloads\CoolSoftWare 2.1.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:2508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5380 --field-trial-handle=364,i,12530926026554719188,11257064165664113937,131072 /prefetch:1
  2⤵
  PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=4896 --field-trial-handle=364,i,12530926026554719188,11257064165664113937,131072 /prefetch:1
  2⤵
  PID:1104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1596 --field-trial-handle=364,i,12530926026554719188,11257064165664113937,131072 /prefetch:8
  2⤵
  PID:1236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6736 --field-trial-handle=364,i,12530926026554719188,11257064165664113937,131072 /prefetch:8
  2⤵
  PID:3804

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:636

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:488

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1120

C:\Users\Admin\Downloads\CoolSoftWare 2.1.exe
"C:\Users\Admin\Downloads\CoolSoftWare 2.1.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:392

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:1816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff950019758,0x7ff950019768,0x7ff950019778
  2⤵
  PID:4732

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\CoolSoftWare 2.1.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:4436
- C:\Users\Admin\Downloads\CoolSoftWare 2.1.exe
  "C:\Users\Admin\Downloads\CoolSoftWare 2.1.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:636

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\CoolSoftWare 2.1.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:3576

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
f083bcd6a0628fa4aca1d134179c94f7

SHA1
dad1bdfa0fa12bbf89581b0f2349d34d5e48c412

SHA256
598abb8646aa2b6371f79de998960b5bc7a28e195a594ad15d8da9e86995892d

SHA512
33d2a799420f46ee769a83499852bf7a62f4f0887a036a7a1989c096fd977763685c230616429a4840636d0f0cc9eb9f19c415271fade01a10eab5d92d2d3e8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
f083bcd6a0628fa4aca1d134179c94f7

SHA1
dad1bdfa0fa12bbf89581b0f2349d34d5e48c412

SHA256
598abb8646aa2b6371f79de998960b5bc7a28e195a594ad15d8da9e86995892d

SHA512
33d2a799420f46ee769a83499852bf7a62f4f0887a036a7a1989c096fd977763685c230616429a4840636d0f0cc9eb9f19c415271fade01a10eab5d92d2d3e8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
f083bcd6a0628fa4aca1d134179c94f7

SHA1
dad1bdfa0fa12bbf89581b0f2349d34d5e48c412

SHA256
598abb8646aa2b6371f79de998960b5bc7a28e195a594ad15d8da9e86995892d

SHA512
33d2a799420f46ee769a83499852bf7a62f4f0887a036a7a1989c096fd977763685c230616429a4840636d0f0cc9eb9f19c415271fade01a10eab5d92d2d3e8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
173KB

MD5
d3d1aff7a71e5f6f4537a0b3cbbd5c23

SHA1
82bbaa35980290986094ec5b2f33da17fe0e1ca8

SHA256
d3ac13e9bebf6119830ea38adf6715f42a193e7cc5834087abcd77bec3c07291

SHA512
9f5a8f657438a49e2b60db1372ced7edca4ca714efc63ff8791ff232d4252178b5a148a02b049f279007f095e7ac5b649367a2fb3dbffa14b39b637f1d30d42b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
7da2da10262b3d126947c5663c0f576a

SHA1
00dd04e477833707161e7a84578144babfe55acb

SHA256
caf12b61acdaf0dbb394f4003b23610ef0b0e2101ac14c17b6a18650d15ae43f

SHA512
8634a6731615b6fdd1342bfcccee5f7271e1fd7459dcd74011b64376380504574bb2602c8c6010d002d6793396b16ebf5a471576ca268b4b54bdda6eff248d81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
696B

MD5
c62b029c3519d98f6ccffb367459b359

SHA1
43d5fff8f05900854e7b05ac3ce4ac2ded331c66

SHA256
0682a69afa18bd350e177b8822dcfc1025e23cf2a55b683801e1fc0f11679129

SHA512
bb2f9f6789d4218f9a9bd9337dfab4dab8fdc248df4bf72594684b01f3359a16a24de6acd5a44d936d59902771884fad721011da8d485f5e9bb26ae67d106512

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
4373a64e2e79f1a77e46db10b03618f6

SHA1
1f575b5cfa097dc75df682aecdca66bc97d2ffe7

SHA256
3f8cf3196a95a97f5ff56259b2592146840a4f1567ee5ef4318175427aaa4e18

SHA512
ff34763051109a32e233d9b38a08373d9e388f86711fabcc920bafa1171c5bd85c524225bb72b10e817566566e2afd654a04f0427b2b6063f1b1c44d039c9522

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
b77273525b0fecde8c6fbd0b16581c2a

SHA1
d5418024ae421aba077c776837e8805d04de4763

SHA256
93ebbb72157011829cf9d61a1699cb5826ee3e65853699cd266b0cf82fece7ee

SHA512
06c35500314769297c7384d7ac931d9a9192b710c9a967a8dcfd04a96d909f5fefcf5d1f2b459b8ba5218f17ab389233521a05f6516cb31f35265e0172268df0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
5a2a3a475d32a06d885d245fec2c6713

SHA1
56c6e3dc514baca5f52c219445c4a1d3b1af3d2a

SHA256
28017af6c72b8871b7c9c22b1200e8a0df8147082615a2c26274cf136bfd22d0

SHA512
c04c768e92d544d7adee15706e4e4262ea0ac84e0214bfa13391d25defd3adbd9b015773c1ed77fc9243825b4d4ff5571e1b0b1e6ef2e23f9d881a3adb83fa64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
673af4b2cfb15ce5dc0841c1550ef972

SHA1
b4d4905a41b2348a8268843baedcca7c414c9cd2

SHA256
80fb094ffd665ef1d5f45fa6a1c1f2b3fa07364e4348f6b9d374cc96e7f3431e

SHA512
581063eaf620754632d6b659cc6a604f68184cf6caefde996efc69e16ac93f243d714f6f483b72b9c56662fd7545750305331594f091246e896580be955e5a7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7bfb1f23b44f7ca33f3b2122a4e58f4a

SHA1
267e3dc6b946fb699bc7f19ec287cf3bddce5961

SHA256
49156a0e628329b74f88fd9f195a5fff5c7d5b4ce069ebe7e8d4b0a8b5bd6d83

SHA512
5a5bd2a1fb2bf5470311309ea0478b2aba73c551e6a53debc14270d2f36b7bf6057a6bfbff9ec85a543e6b13421702201ad3faaaaf81c6f080ff888377d07c74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bdd8eb69f3ca6093d017106b0252606e

SHA1
cfd4f21c91be7bd67bcf96500c5e1c03e6fc2929

SHA256
b7876335521802455ddb2057f5a9741379b639842ae333e672e76d7e1dc8e46b

SHA512
bcd9e18441642c49537b6d388309ba373806d6a5a5a0db64b5a4931dcb51708bb310e6db867e3a78a5d683a0b40e834caa04f093e53d9f2bb700b1362795194e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
25a81b937d8ac5ee4ad5ea5a15606d67

SHA1
a9c6e0b3dba98a07804dc7aea7454f7c710bb62e

SHA256
8a579fce4717ae54bf0ef7a86d6d8896c505a5842770d9207c92afb474cfe496

SHA512
e6f4d00b5347b92f182c61e9d5040e8fe801ae5c1cefed874c1a01fa4e5e70081a37614b63fbee9754aba5b97bc2d8881cf7114e65a2c8ffa3910bc7bdad58fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1342b59484d82398a3854092c379a83f

SHA1
b20f272a166d0458f199a71a4aaee8561eacbb55

SHA256
a054675a238b7130a9dda51876b97b5e0074778b021906100458494b124035a3

SHA512
3ba66e1c6cd14e75d630ad22c2221f902c2083cb25a2079a56162fa277ff050f48606357d630719a10e02f0310012f7f24538f445d0007d70d26ac7ae32e910f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3355d9de037d7ea3700cb2d3bfb904f7

SHA1
6ef232bf21a8189a74c3c5df37d3c4fe7e5d131b

SHA256
ad2442987693a9c50682fa7f7f565d3a9e941ffcc3a61c7b7519259ba3e2c4df

SHA512
6e327ff83ee035dab82c51fe4c88412ff3418b6d7d59afecf5d2062b48f8e5a3ef9d0614c948c1b14d9fdba7a412bec5fe72d2c7d4de4f3bef82b28b79d40c33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f4f37d8780e630bc193b9c9ad7579e38

SHA1
a9f10ffa6c2c78f52f6fe350bf5c4bb521e1b3e6

SHA256
a716fb50720ba82d21d2098e7f76e25d5078877a9928ec1e6ce18f6243fd1cbc

SHA512
9365ecf4eaff1fe6578889adf87afc2a07609663ace48ac46e9c3a4d94f86604918d47ceddac98143d8fd8cca52b64b67b7155a73c3e0828efc6b8056e8cbd45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
86da7431c6fd1b4f5e8e72a959df9de2

SHA1
39ae71a335c2e4bcb407b43495e520fa2a6d2242

SHA256
ac2bf54979d0e02be6f4d72e318551b94a388227aa7e3139dc38274aadef5aad

SHA512
a5736015f0c6d6bb1af304a9fed46cf7e124112ec1045ec9dca825f387c1ae5e6822a6e4d4cd70c3a29e9729356b2d0950d6565810ecd7362facfb49f9bab355

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9c808ea3dc2446443498c18949301ef8

SHA1
942ff90515b9483c1b0a02363b06855f7870351a

SHA256
ff1005c25fb81494ec41a39158c8f34f3cfdb5f02ba82095c0b486f808dc294e

SHA512
1caa67463dd7b489f9e4b2ee0b0fd62d05322f5349dbb251ca2342a9d05edb9ed47355fbcf19c088f638ca0aefd0a50e9ad8622aaad61a3e390e3724ca7ddb5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
bd856b7e3b96fd19e2d0cb363307a436

SHA1
90ebaf5506109b6bde4ad60065852346a1d093e9

SHA256
bbf07ecdf16e7a326c9a6428246de1215b962df004b95cb2540100995eee8c26

SHA512
8ee0f23a2da7bc42e42c159542c29929a799c6fee539e9ebb311a3a7f1253c5b999abbd0a85b6a813295cf5f7b0c786bad100c9eedf63298b2335f56f2d35aef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e8f69e8d0b9033d91b326ac4b8099175

SHA1
5079dde922333ee8bc98ebc62dc6ea0f7382b8bc

SHA256
e1dbad3c335acccbb9ba7dabc56981b851a6891063045b226f62cc304abaca0a

SHA512
ebf084ace2b94ced5981b82c099a6aa4285466827bb4111064d498b9009c701c365aa9a5e666a1f187e2b09b45cc6af5665822eb77d52efd53662dd650fe610c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
5cd9b20c0cd75d52cb2520b7e8adf602

SHA1
e081f432d8673bceb8f4fa359945aae4217ae870

SHA256
eca072f2f41351708ae630f226ff1ae7351f7056906c483b7dc91f4377779284

SHA512
9785023296eab9ba21bde271503d7143ca8ecac7f5b433afc540e8b74e838d4c514b1f521c09227f7f5e9d2261f7dd1543f9bdfb7526aca135f01265f4b7709a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
398bd381da0e2a10b9040cb602ea3295

SHA1
170d84bb4d4ddfca1ff76c117082915546ce74ee

SHA256
33d1d1ebea735d3631639a7a8fe442fe31a71e29e4593dcee72ad3c9ecbfb7a7

SHA512
e0850e8555c5cc79622b76f22f170ca23e13413024e603d68b581a8bbe97ab6acc9ddcd277c1a9ce0b9461a0c2be6245f96f11a46a84329e6675a74b88d0f6c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
57e7c1d36c0dbf9056b35b43b76a53dd

SHA1
e257533ce78d49da3620aca7c8658d6f43c4eecf

SHA256
128ec78d75876b8b8e5842a14be7e7d456aed1e7bbca39f21d23fb84c7174a5c

SHA512
7d34a9ab3f41bd9fb7b94dc035aad2c2fea2415c984b436a3a35923d6d6f2bc7741c0197033cb0c279b47a5277b79fa405e4e96b944f16bec6f43c58a548fe15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58af08.TMP

Filesize
48B

MD5
5970af7a0ae0b340076326e3d8a694aa

SHA1
2ad2b6058006ec3d4a915aea9e81f9a596b66076

SHA256
812f2f805522a7555e4bf05ed3b8a3de326c68d6922a5c26e3e5eb6ab4cc0031

SHA512
098b42522b87326bb326a2b10b18940536ab795581a1731a2cf5906a837ba4cf6cfdb6e50a0011b9ae80bb5eff7bc1e77d0dc1d1aa2411be902198f583e00040

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
203a15395b96e5d482d3f2820151a567

SHA1
0cd0a805682e148081d5d85ca05d4aa7dd445eb8

SHA256
683954bf495919a87bc81c888dc9e8f94ca2463d7a64d1524b9be7939f080510

SHA512
321bc22d50e630338c3481b19cdbd07a437e949fdbd3b5768ac84d91642515bcac4cea56ff20caac06784b5185323be475a999d94bb062dceca2d27f600e309b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
106e091f2b62348faa1472de2644a078

SHA1
632a751b91b3e37f0be473d86abcd75d0535ca89

SHA256
e0c056a8132c80b8a77e83ae0adaae0563a1b54e36c3affd454c05776e1f7b79

SHA512
da17de1b9be8492dce1d71df4274e75125b6a4578de03278ea02e9d07978c300e659943a8aa5c5d438f059e9bfd4f0150ccf06556a4138e0a1e302e4f7af4f08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
f8697c22e0bc58ba1dfecfe41a3ac89d

SHA1
c56d68de7ac5fcc84b7032eb7afa9ca22621d305

SHA256
07bc1d845d13718c12072f505f7cfe3b2d5596595fba6ec2799ac49855e80f55

SHA512
a8ec2261775b033d9ecdaf60a12f9d5ad249aee391989b9ab47478d19dc226c4173b548148b989cbd083b2aaa884070d75c44460add0e6d3d57c289c48163362

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
117KB

MD5
87140834637bcb106f8da5326ce6de04

SHA1
a38f8ab39cb576b7992b74f996bcb2005bae886a

SHA256
d89fe0a8b3369bc2952c5eb396924a624e665316ccf3ba148870b192a69b1855

SHA512
c8462d3524e83c0a794c1e2cf3ef736272ab0396093cdcbf12ca050eae1e6fd373b1c98ea83b300d1783659354d143905f4a85c627a1788e67dc069fe4d91dd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
110KB

MD5
ad76fddb608978656d5fa473038c7fdf

SHA1
4609990c6d4b27bf74a60d0d0288595ea638b8c9

SHA256
04e8423ab986f2dbf62b583de6074f19a0ee9eabb4236a5321d1452bc466eeef

SHA512
308dd9eac8438e89c81dfffbd111bf89e91fe234a1bb264b4e614edf3312617e4f0805a5a248b798df95339f5a617720847ba80aab79b15b2595880c0728f6b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5883b2.TMP

Filesize
104KB

MD5
452c7bd0a449f49802680a3a680b3a5b

SHA1
68c0397fdb5e154aa025dfd2c618dc21a62c2834

SHA256
2e50a232840e1c77ef3117816bee788dbb92e2b025d7fe6c3a342a4c9b8acd60

SHA512
f5a2b248f082cb3b7bf912e77d63937a6d5ff1300d0b4f57524a17e27f6c4acaab16143df73fc04a3cdfd697a2e36ca1015f667a1f81205ab92a38d07830dbc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\CoolSoftWare 2.1.exe

Filesize
815KB

MD5
1341a7db06d95d52a5702eef0c864cf6

SHA1
378d7751911b0783a798c3bdd9616d6c684570fc

SHA256
1b3b8d589987482a5d43ec9df5ba8ef745e3fd6077d3bbed0d31dba562f129a6

SHA512
c8ac4a9ab50cc5d60af97712dfe6836cd62e35e67471af2506e2779d2b9c2260aa3e88b95e9cb253a0b6d7b5cfb72ea4e328c809b6fea531627c620430168a0f

Download Submit
C:\Users\Admin\Downloads\CoolSoftWare 2.1.exe

Filesize
815KB

MD5
1341a7db06d95d52a5702eef0c864cf6

SHA1
378d7751911b0783a798c3bdd9616d6c684570fc

SHA256
1b3b8d589987482a5d43ec9df5ba8ef745e3fd6077d3bbed0d31dba562f129a6

SHA512
c8ac4a9ab50cc5d60af97712dfe6836cd62e35e67471af2506e2779d2b9c2260aa3e88b95e9cb253a0b6d7b5cfb72ea4e328c809b6fea531627c620430168a0f

Download Submit
C:\Users\Admin\Downloads\CoolSoftWare 2.1.exe

Filesize
815KB

MD5
1341a7db06d95d52a5702eef0c864cf6

SHA1
378d7751911b0783a798c3bdd9616d6c684570fc

SHA256
1b3b8d589987482a5d43ec9df5ba8ef745e3fd6077d3bbed0d31dba562f129a6

SHA512
c8ac4a9ab50cc5d60af97712dfe6836cd62e35e67471af2506e2779d2b9c2260aa3e88b95e9cb253a0b6d7b5cfb72ea4e328c809b6fea531627c620430168a0f

Download Submit
C:\Users\Admin\Downloads\CoolSoftWare 2.1.exe

Filesize
815KB

MD5
1341a7db06d95d52a5702eef0c864cf6

SHA1
378d7751911b0783a798c3bdd9616d6c684570fc

SHA256
1b3b8d589987482a5d43ec9df5ba8ef745e3fd6077d3bbed0d31dba562f129a6

SHA512
c8ac4a9ab50cc5d60af97712dfe6836cd62e35e67471af2506e2779d2b9c2260aa3e88b95e9cb253a0b6d7b5cfb72ea4e328c809b6fea531627c620430168a0f

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 79393.crdownload

Filesize
815KB

MD5
1341a7db06d95d52a5702eef0c864cf6

SHA1
378d7751911b0783a798c3bdd9616d6c684570fc

SHA256
1b3b8d589987482a5d43ec9df5ba8ef745e3fd6077d3bbed0d31dba562f129a6

SHA512
c8ac4a9ab50cc5d60af97712dfe6836cd62e35e67471af2506e2779d2b9c2260aa3e88b95e9cb253a0b6d7b5cfb72ea4e328c809b6fea531627c620430168a0f

Download Submit
memory/488-577-0x00000255564D0000-0x00000255564D1000-memory.dmp

Filesize
4KB

Download
memory/488-578-0x00000255564D0000-0x00000255564D1000-memory.dmp

Filesize
4KB

Download
memory/488-581-0x00000255564D0000-0x00000255564D1000-memory.dmp

Filesize
4KB

Download
memory/488-576-0x00000255564D0000-0x00000255564D1000-memory.dmp

Filesize
4KB

Download
memory/488-572-0x00000255564D0000-0x00000255564D1000-memory.dmp

Filesize
4KB

Download
memory/488-570-0x00000255564D0000-0x00000255564D1000-memory.dmp

Filesize
4KB

Download
memory/488-571-0x00000255564D0000-0x00000255564D1000-memory.dmp

Filesize
4KB

Download
memory/488-579-0x00000255564D0000-0x00000255564D1000-memory.dmp

Filesize
4KB

Download
memory/488-580-0x00000255564D0000-0x00000255564D1000-memory.dmp

Filesize
4KB

Download
memory/488-582-0x00000255564D0000-0x00000255564D1000-memory.dmp

Filesize
4KB

Download