18b6bf293b3589aea4f4cbfe700b8372bc6f0f383ed69f404037e93dc0af84ab

Analysis

max time kernel
270s
max time network
268s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2024, 15:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

winrar-x64-700pl (1).exe
Size

3.9MB
MD5

ba812b4837d0a245795103bbb9d3e00e
SHA1

cfcfff6f2492c160c1037b6d1a3b7071d94776cc
SHA256

18b6bf293b3589aea4f4cbfe700b8372bc6f0f383ed69f404037e93dc0af84ab
SHA512

9593fa3d43cbf57216f1c2ac0cfd0527d25e9fb488cb9e42d8db0ddd5f0b125403ee028dc44dfa6ec402199fa766ff255e235827a59bac2110f55577e8e6fae3
SSDEEP

98304:fWapxBfKiTEAPzh7ix1cN8sD0k8i+55jRLKKVWXdnuoIJTGTVMHQh:uagiTEAP1K1W800kH+vRLBidtIJKRMwh

Score

6^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 5 IoCs

pid	Process
1476	winrar-x32-700pl.exe
3568	winrar-x32-700pl.exe
3344	winrar-x32-700pl.exe
4048	winrar-x64-624pl.exe
1900	winrar-x32-700pl.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133607800850909206"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1432	chrome.exe
1432	chrome.exe
2248	chrome.exe
2248	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe
Token: SeShutdownPrivilege	1432	chrome.exe
Token: SeCreatePagefilePrivilege	1432	chrome.exe

Suspicious use of FindShellTrayWindow 57 IoCs

pid	Process
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe
1432	chrome.exe

Suspicious use of SetWindowsHookEx 15 IoCs

pid	Process
1516	winrar-x64-700pl (1).exe
1516	winrar-x64-700pl (1).exe
1476	winrar-x32-700pl.exe
1476	winrar-x32-700pl.exe
3568	winrar-x32-700pl.exe
3568	winrar-x32-700pl.exe
3568	winrar-x32-700pl.exe
3344	winrar-x32-700pl.exe
3344	winrar-x32-700pl.exe
3344	winrar-x32-700pl.exe
4048	winrar-x64-624pl.exe
4048	winrar-x64-624pl.exe
1900	winrar-x32-700pl.exe
1900	winrar-x32-700pl.exe
1900	winrar-x32-700pl.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1432 wrote to memory of 4072	1432	chrome.exe	97
PID 1432 wrote to memory of 4072	1432	chrome.exe	97
PID 1432 wrote to memory of 4568	1432	chrome.exe	98
PID 1432 wrote to memory of 4568	1432	chrome.exe	98
PID 1432 wrote to memory of 4568	1432	chrome.exe	98
PID 1432 wrote to memory of 4568	1432	chrome.exe	98
PID 1432 wrote to memory of 4568	1432	chrome.exe	98
PID 1432 wrote to memory of 4568	1432	chrome.exe	98
PID 1432 wrote to memory of 4568	1432	chrome.exe	98
PID 1432 wrote to memory of 4568	1432	chrome.exe	98
PID 1432 wrote to memory of 4568	1432	chrome.exe	98
PID 1432 wrote to memory of 4568	1432	chrome.exe	98
PID 1432 wrote to memory of 4568	1432	chrome.exe	98
PID 1432 wrote to memory of 4568	1432	chrome.exe	98
PID 1432 wrote to memory of 4568	1432	chrome.exe	98
PID 1432 wrote to memory of 4568	1432	chrome.exe	98
PID 1432 wrote to memory of 4568	1432	chrome.exe	98
PID 1432 wrote to memory of 4568	1432	chrome.exe	98
PID 1432 wrote to memory of 4568	1432	chrome.exe	98
PID 1432 wrote to memory of 4568	1432	chrome.exe	98
PID 1432 wrote to memory of 4568	1432	chrome.exe	98
PID 1432 wrote to memory of 4568	1432	chrome.exe	98
PID 1432 wrote to memory of 4568	1432	chrome.exe	98
PID 1432 wrote to memory of 4568	1432	chrome.exe	98
PID 1432 wrote to memory of 4568	1432	chrome.exe	98
PID 1432 wrote to memory of 4568	1432	chrome.exe	98
PID 1432 wrote to memory of 4568	1432	chrome.exe	98
PID 1432 wrote to memory of 4568	1432	chrome.exe	98
PID 1432 wrote to memory of 4568	1432	chrome.exe	98
PID 1432 wrote to memory of 4568	1432	chrome.exe	98
PID 1432 wrote to memory of 4568	1432	chrome.exe	98
PID 1432 wrote to memory of 4568	1432	chrome.exe	98
PID 1432 wrote to memory of 4568	1432	chrome.exe	98
PID 1432 wrote to memory of 4684	1432	chrome.exe	99
PID 1432 wrote to memory of 4684	1432	chrome.exe	99
PID 1432 wrote to memory of 3956	1432	chrome.exe	100
PID 1432 wrote to memory of 3956	1432	chrome.exe	100
PID 1432 wrote to memory of 3956	1432	chrome.exe	100
PID 1432 wrote to memory of 3956	1432	chrome.exe	100
PID 1432 wrote to memory of 3956	1432	chrome.exe	100
PID 1432 wrote to memory of 3956	1432	chrome.exe	100
PID 1432 wrote to memory of 3956	1432	chrome.exe	100
PID 1432 wrote to memory of 3956	1432	chrome.exe	100
PID 1432 wrote to memory of 3956	1432	chrome.exe	100
PID 1432 wrote to memory of 3956	1432	chrome.exe	100
PID 1432 wrote to memory of 3956	1432	chrome.exe	100
PID 1432 wrote to memory of 3956	1432	chrome.exe	100
PID 1432 wrote to memory of 3956	1432	chrome.exe	100
PID 1432 wrote to memory of 3956	1432	chrome.exe	100
PID 1432 wrote to memory of 3956	1432	chrome.exe	100
PID 1432 wrote to memory of 3956	1432	chrome.exe	100
PID 1432 wrote to memory of 3956	1432	chrome.exe	100
PID 1432 wrote to memory of 3956	1432	chrome.exe	100
PID 1432 wrote to memory of 3956	1432	chrome.exe	100
PID 1432 wrote to memory of 3956	1432	chrome.exe	100
PID 1432 wrote to memory of 3956	1432	chrome.exe	100
PID 1432 wrote to memory of 3956	1432	chrome.exe	100
PID 1432 wrote to memory of 3956	1432	chrome.exe	100
PID 1432 wrote to memory of 3956	1432	chrome.exe	100
PID 1432 wrote to memory of 3956	1432	chrome.exe	100
PID 1432 wrote to memory of 3956	1432	chrome.exe	100
PID 1432 wrote to memory of 3956	1432	chrome.exe	100
PID 1432 wrote to memory of 3956	1432	chrome.exe	100
PID 1432 wrote to memory of 3956	1432	chrome.exe	100

C:\Users\Admin\AppData\Local\Temp\winrar-x64-700pl (1).exe
"C:\Users\Admin\AppData\Local\Temp\winrar-x64-700pl (1).exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0x80,0x108,0x7ff8e21eab58,0x7ff8e21eab68,0x7ff8e21eab78
  2⤵
  PID:4072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 --field-trial-handle=1920,i,15002479511690047730,4260485284167829091,131072 /prefetch:2
  2⤵
  PID:4568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1920,i,15002479511690047730,4260485284167829091,131072 /prefetch:8
  2⤵
  PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2240 --field-trial-handle=1920,i,15002479511690047730,4260485284167829091,131072 /prefetch:8
  2⤵
  PID:3956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1920,i,15002479511690047730,4260485284167829091,131072 /prefetch:1
  2⤵
  PID:4476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3116 --field-trial-handle=1920,i,15002479511690047730,4260485284167829091,131072 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4328 --field-trial-handle=1920,i,15002479511690047730,4260485284167829091,131072 /prefetch:1
  2⤵
  PID:3260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4536 --field-trial-handle=1920,i,15002479511690047730,4260485284167829091,131072 /prefetch:8
  2⤵
  PID:180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4540 --field-trial-handle=1920,i,15002479511690047730,4260485284167829091,131072 /prefetch:8
  2⤵
  PID:2460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4772 --field-trial-handle=1920,i,15002479511690047730,4260485284167829091,131072 /prefetch:8
  2⤵
  PID:1720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4244 --field-trial-handle=1920,i,15002479511690047730,4260485284167829091,131072 /prefetch:8
  2⤵
  PID:364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4796 --field-trial-handle=1920,i,15002479511690047730,4260485284167829091,131072 /prefetch:8
  2⤵
  PID:64
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4512 --field-trial-handle=1920,i,15002479511690047730,4260485284167829091,131072 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4236 --field-trial-handle=1920,i,15002479511690047730,4260485284167829091,131072 /prefetch:1
  2⤵
  PID:756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3948 --field-trial-handle=1920,i,15002479511690047730,4260485284167829091,131072 /prefetch:1
  2⤵
  PID:4252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4140 --field-trial-handle=1920,i,15002479511690047730,4260485284167829091,131072 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4852 --field-trial-handle=1920,i,15002479511690047730,4260485284167829091,131072 /prefetch:1
  2⤵
  PID:4384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4756 --field-trial-handle=1920,i,15002479511690047730,4260485284167829091,131072 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4928 --field-trial-handle=1920,i,15002479511690047730,4260485284167829091,131072 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 --field-trial-handle=1920,i,15002479511690047730,4260485284167829091,131072 /prefetch:8
  2⤵
  PID:3656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=2728 --field-trial-handle=1920,i,15002479511690047730,4260485284167829091,131072 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2404 --field-trial-handle=1920,i,15002479511690047730,4260485284167829091,131072 /prefetch:8
  2⤵
  PID:4344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=1740 --field-trial-handle=1920,i,15002479511690047730,4260485284167829091,131072 /prefetch:1
  2⤵
  PID:1096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 --field-trial-handle=1920,i,15002479511690047730,4260485284167829091,131072 /prefetch:8
  2⤵
  PID:4304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5556 --field-trial-handle=1920,i,15002479511690047730,4260485284167829091,131072 /prefetch:8
  2⤵
  PID:4748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5588 --field-trial-handle=1920,i,15002479511690047730,4260485284167829091,131072 /prefetch:8
  2⤵
  PID:4668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 --field-trial-handle=1920,i,15002479511690047730,4260485284167829091,131072 /prefetch:8
  2⤵
  PID:4336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5604 --field-trial-handle=1920,i,15002479511690047730,4260485284167829091,131072 /prefetch:8
  2⤵
  PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5648 --field-trial-handle=1920,i,15002479511690047730,4260485284167829091,131072 /prefetch:8
  2⤵
  PID:448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1968 --field-trial-handle=1920,i,15002479511690047730,4260485284167829091,131072 /prefetch:8
  2⤵
  PID:2956
- C:\Users\Admin\Downloads\winrar-x32-700pl.exe
  "C:\Users\Admin\Downloads\winrar-x32-700pl.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2600 --field-trial-handle=1920,i,15002479511690047730,4260485284167829091,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=1732 --field-trial-handle=1920,i,15002479511690047730,4260485284167829091,131072 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2756 --field-trial-handle=1920,i,15002479511690047730,4260485284167829091,131072 /prefetch:8
  2⤵
  PID:5104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5084 --field-trial-handle=1920,i,15002479511690047730,4260485284167829091,131072 /prefetch:8
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3344 --field-trial-handle=1920,i,15002479511690047730,4260485284167829091,131072 /prefetch:8
  2⤵
  PID:868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5784 --field-trial-handle=1920,i,15002479511690047730,4260485284167829091,131072 /prefetch:8
  2⤵
  PID:1548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4076 --field-trial-handle=1920,i,15002479511690047730,4260485284167829091,131072 /prefetch:8
  2⤵
  PID:1516
- C:\Users\Admin\Downloads\winrar-x64-624pl.exe
  "C:\Users\Admin\Downloads\winrar-x64-624pl.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=5612 --field-trial-handle=1920,i,15002479511690047730,4260485284167829091,131072 /prefetch:1
  2⤵
  PID:5036

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:588

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f8 0x4f0
1⤵
PID:740

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\f1da2fb198e24da0a9a1575d1dc49cb9 /t 4600 /p 1476
1⤵
PID:4916

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\3dc803c100a341e5bf98d2c463ee4694 /t 3264 /p 1516
1⤵
PID:4696

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:996

C:\Users\Admin\Downloads\winrar-x32-700pl.exe
"C:\Users\Admin\Downloads\winrar-x32-700pl.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3568

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\ecb05052753548dcb35688bb2812f042 /t 1388 /p 3568
1⤵
PID:2536

C:\Users\Admin\Downloads\winrar-x32-700pl.exe
"C:\Users\Admin\Downloads\winrar-x32-700pl.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3344

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\58067ac5953d4dad928d58a9824ec02c /t 4956 /p 3344
1⤵
PID:2212

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\5d4dfdcd45a045d68c97c5bbc6de1e38 /t 2592 /p 4048
1⤵
PID:448

C:\Users\Admin\Downloads\winrar-x32-700pl.exe
"C:\Users\Admin\Downloads\winrar-x32-700pl.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1900

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\fadae7ff643c407ea0b78c9721895cba /t 2248 /p 1900
1⤵
PID:2008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
73KB

MD5
45cb631f810d7e5d4965333281a30c11

SHA1
2dd9fefdf0a7aa351ca9a12932ec081796d1fceb

SHA256
4d81fda05f9ff0feb990189c013149ddce86214d0388b27322ba736f11b5d68a

SHA512
80c01f440fe1ff0771db4f8058a1bf4b01de39163118427884fcf66547bbcabe9618738d44df59ec77013e9a401f836ddef4f5cb45c01e45f603c73e02ced034

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
87KB

MD5
e6b3ad8b77e1975b60131864db2d324f

SHA1
ec02f398fcd53c6b6131652f25986d53bc7f648d

SHA256
9e3259635524e27fc9091713c9f37d993add28c7ad34793281a04f088e5f948f

SHA512
090f3c10b21d7316b591f5c8f855126fb54d84625ac9e18b989fa824e7318659bf01264578d3acf9732e7a780be160a9011f36b17b63e7d899870bf247e48ab9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
51KB

MD5
7381b86824082760033f44bf807a319b

SHA1
1690154299fe3872769c58cb3a11ea90b50f1421

SHA256
95e579bb0eb98b49eba18c34ab91b26c297e41a5abd0ff95c5e1a12bbc229278

SHA512
72d56641ebf581b8699b1bdd7a0671235827694fcfde638ff5ae197280dfb3d5f055f35ef20ea38f71721dd507820b723ef403025122640c33fadbf2bd49ae72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
140KB

MD5
fbdd7bd08458bf95d34d2693f4a4b1bf

SHA1
b06bde95f71213e1017f6c825cd1d291bc358240

SHA256
9981dc81300e7affc4b9dfc872e93486c29ef913bce6c03319faf958042f8e20

SHA512
8cbef733042c57740297846bbc94fd19a730907907646303fa05a92c98ddf6e99df317f162afb223c62d67f3f732e58814b0477bdb5e88de6ae4295b2484d591

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
64KB

MD5
0d195dd38e9406c75882ba90cb063949

SHA1
117557761105bcfcc3f49c5d6312ce8bd382d2b4

SHA256
e7f8740f6058aa21acb34e453bae47d0749fcfb578d8f2ca15c48fec85f2191e

SHA512
99aa204b190bcda69cd9a5b812f27b5b3f5ad30583e34baac713fc23f51eca18e8bfba490fa3c40f31911ee4b337d01c0f3e8278479c99fe76020ce630365524

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
19KB

MD5
23b27116b3c4831452570f751338a118

SHA1
7d554a38e31099d02daafad046e94fc1adccedfc

SHA256
c55c717441910dabc60477e7cc7c912c593b992a88fdb173fa8308735b07a69a

SHA512
ecd101f01cde501c64d961d050686245672426afb50ab00cb35e9462615477a267568cd3310fc7e5dbb39e345d0a30cb3b532ff2e0600b08a2851fcdbac13828

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
47KB

MD5
015c126a3520c9a8f6a27979d0266e96

SHA1
2acf956561d44434a6d84204670cf849d3215d5f

SHA256
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

SHA512
02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\93be306d8437e0ed_0

Filesize
32KB

MD5
64688d07a2b1f2c840d4bb5a5422a683

SHA1
c460a9eeca7ab859c3ba933d70c2f78ea89a2ca6

SHA256
a8df488bf3fa468b289f674ebc8afe2f7d9bcc94e63ea7b4d9cd006f9282ee8b

SHA512
3c72274eb34a179cb109860acf3e2f3fbb7e6e57eed0624c94bfe2ad9fb4d91124006a43a3e29520924f52868f039d02a4e5f54ad23c18ed953adbf7b2853c4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\96e0ed2b997e77d7_0

Filesize
3KB

MD5
a9c84855e2af104335565092ab9bc3e1

SHA1
0c111c455c651486e5f6dd1fc315086d8a3b0658

SHA256
5131225f8fadc8a92d7ee6c1387f2590fe9cc5f095de53011d8bf696de540ef9

SHA512
d064d4ba0a370d7666bab60fb81b4925392a1a2e0b69de2bd11e98d6adafc51003a5c8683e8f7e7c5fc8a0fb72965cf76b345f13d65ce827378efdb44fed1cf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b2cfaf3604758f06_0

Filesize
322B

MD5
63d2b93e6975c8b751109c76f42ab7de

SHA1
f0a1be5dd2ac8abb204ba8464bb1d8f75490a053

SHA256
0346104c1dc9fef34a2e0c523f4d26a6cb65b015ff34b76700d87f33d88ade87

SHA512
f3973b321a10be8d024952063ff98e4855ca04837e63b406dacaf216e9e2adb0633e14a08a8d5196197eb09266a1f16d5538df97c491173a8945c18ee8f88b55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\bd8152c43f213991_0

Filesize
292B

MD5
11e2db875de0bb35cb7717792a02efc2

SHA1
71cd9cf97966df95efa333e6cb7123cc5f70da25

SHA256
6289e485e37b045dba7f148f300a35043750c4471e56b9bb98be575eafa52aed

SHA512
2f609a460406e6fd367124c522015d37f51432c89e92209ec68725b10803ddae4062070383ba7860adf6396280b526f853874032ea48add8d3dec2c9d11643e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\cde8f7804f2c84bb_0

Filesize
297B

MD5
1f87b7ce25fbf6f83aa4ce3f685bde29

SHA1
84a2457dce6cca6000de8d24b19fad9ce0c9c669

SHA256
8afc35bd7d088f8a811fa55b715a4eb69598eb0d453bd4e338fdd41b32483b10

SHA512
8c118de63dae2ca47eb9413f2e0682dcfeb7a22fe2ea13b4f7942fa5c8892ef3bb743049f4f09347ff07e2518d687c4d43468474f312d96cf9683952451d3eba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d8f8bbbe41bc1ccc_0

Filesize
53KB

MD5
760ed757c11efd33567fb820f6621025

SHA1
7f3aeaa1d23a95552a7248ae7414adaa4d4b362c

SHA256
c73b29f1b44f01a17a8a524e5d6002370267c57ba9d3c17e4d85b819e8aca170

SHA512
6ce7cd3bf78591f9feca2873069eb320094f1a6c4c0e85470f5e0066115d11561871be27301a8050549e74cacfb42953197b5fceaeda8d5a4c65acc144490303

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\efd470f612d656bb_0

Filesize
36KB

MD5
08f66a22748041543b1cc7a4be92408a

SHA1
0879e990dbf4ee52de2dada10bf522206595a0a9

SHA256
b7719eb06aaf0b2416552a8ba34908ddc97afd3c69a97ac72a245a6b2d53ae9b

SHA512
fb8ffe779e8032408a265d957e5826a729ee25aa881b60e0c96b6e2664727250d488d0d051a4e84f1b13cbd161fe5410a7fcd79fa4026f1a8b8c04523c87d2ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d11836dda455d8e87d5c45d767d4abda

SHA1
d260156bb56b77598ffbf7e49cd8f4c251ab2982

SHA256
e8da4ee04551489b79c5375bd9dfc0b704945d72d15d091dadf9918a5d5a4cf7

SHA512
f098abfa984517757ae04600c6368a2630e45a67515cc6b8926dcb436a4a4f6df5b07e9ff796e35dd4914304a1b3081c03337da48d9b7041ad5c0f7a3f278567

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
62d044807e0ea9ad9cdb7948c1b8b828

SHA1
8e864daad7ffd39147e8fcc4ff15b2defa5ff18d

SHA256
1b926007791807cabcd35afb5a38388948e316fca31472419f4152946b491b8c

SHA512
e5fcb9721945d63dcb783963839908828c90853da3c7a251b8395a49ae1a70fc1fcb89e981e59eba147f1f6e2470d0d80e4c739b78271554f107f161774249d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
bee6801dc8edf864c6158f2e124d90f5

SHA1
f3df4f4b3836d1d589d0e104c0c11bee14ad6267

SHA256
01a5300989fee01dfb3e9fbbcf1641cb0d47183de4f2e58418015d7cf53011bc

SHA512
20b79ebf703906d601a64f0d0ce2a573ed3896d7fa4f530a96a4d403ac876d2c306cb928f246307f67d1bf940f1bed023bcc4bb6b49a4ce3011cecea9f395b54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\5440e4a1-87fe-4644-a5da-a71532183618.tmp

Filesize
1KB

MD5
5c0fb8af0c7ddf30f38f525fe597edd6

SHA1
933d057030ce62f4c62c7a6d2b53ac870e4126e6

SHA256
99ee38f0dd6f643765c12cc0460940dab38798eec78e9d0cb877de699a3b2361

SHA512
2acb6d881402c612d219f4a267b9e006ed3ff32f80c0e6e88af082e2e4e92decf2476c35cc82d4fbd73aedaee78d6a8fee1eac19b05427b7aeb484af67a57ba9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
83b5745a1bc15ae15f6a09bd6d397ce1

SHA1
ec75d4cb8132a7e53c32cc26cf5faf99076373fc

SHA256
bf60bae5fa0b187d25b37ea4f7da49991e182e3316b8d63588a94a4b247603fd

SHA512
4cc7a3d697e2c7567e2d27f25d1adce2858c3cef330447cfb8078dfa58596e07e7a92ca7174e6b10baa05acb30720500d177ab8461da3064c0b180b5d5bd41d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
5232bb0b41708064535518556edd3b4f

SHA1
13e0f05192ea0adc683f594961220c0453e2acd6

SHA256
d9878a8a6ad7e00221571e0d76753e25f959d7808fae6783f9f79731dddb1682

SHA512
57e7d528f2c432590f3a31683c4b3f5de3205bdb84662d36c2396002dadb17c097840e675e77bf818a5c7d1c7cd2ec4391ae7ef4520b82056be0a114d10b0d50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
adb26c2ef79cc6abc7521c9ccdc86a9e

SHA1
66bc326f76e04813b2e8c57a64c95598ca9c8287

SHA256
bd50d31b7cd3f01d51f400bf7a1a5bcbb64bce14aec7bc41df0c0ca6b3b3a859

SHA512
e9fa6769a33a0b88bd615ffdfc4b112834b760bf238fc93a9a6b6ba8cd7351d8cb0faedd78b09782fb8885fcaf2cd28d30618776fa4e311859e3850d316bc146

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
7ad3e5d921d78f6883b6f409efe54dc9

SHA1
652d899fb1db933c04f8cc4f7453a54f0cf7d23e

SHA256
0ae54a20b97f02cc8ab531f1d3e0100f935278c92d4edc02e13d12b27ece5bbd

SHA512
cdf7cd4727b1d9138126bb771c129690487e6edf1c72cfd3804a85d5cce560f02a93eb3c5de798cbf3f2d9abeecb64be7732c380b908bd10ef2a4ab667df5ac3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4601f858bf67cf029f996027f9128fe9

SHA1
b07aeb605dee11be62272a2c35e1e3421e02fc5e

SHA256
aa84e1cdbfc597c90b7491dd392499a08c864493450cb834693801fd03a15928

SHA512
a073d5d5cd55231615cffa8ff1837c75d8bc2534abe9e466c04ee4a65860dca7e8cd27706f63b1c6fd761678e1ffe8a70590ab90c8abf522ecc94a6f1fbab154

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
11dbe5a64ee7926e1c0c012606754cf4

SHA1
023d366fa9e16ccf0a7ef677332a6a2daa758291

SHA256
8d2b43aa41feac389046e0bbfd8d7813ca342023720e03794d90111fed87ced9

SHA512
93011f44fde3e6d1d3636a5491584de02cc4175f09306a72cb65cf74e0696aee813517a7c897e9205fdfab40d7d1882760d33e45ca5d272cbd9fbe13c4c5facf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
31bedef62f5766648e9d3d14bf4376b5

SHA1
a193af7b4821fe43a9005af93051cdb6efdbcec9

SHA256
90fa7b093fca01dae20992bb4724c9c7d060916123d6e9e2de716cb112dd1d5a

SHA512
e20d77d7cc7c2df544edf60c2ed4d20e51f22d36aa7b9fc030a715fd8949666b1e46a64dec176afd6c2bdb3cb374e0a2e56484905193160856223b32e842249d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1a03dfd5e36d2aea576a8dbc1e2fe721

SHA1
5b7ce5b489ab04290a6a691485b52f9733851518

SHA256
b873f99e71690e20b8be6550ce7aa155644e9f2527f1e55565838e9c6bd2bdff

SHA512
7bcac9bd9192c177c6d2967f5c1ae23f258bd5ef9eb0db57a06d06f9624e3fa64d2eb8bac6e93f1eb44c97e51e4c05af8e41ffce2954f49492e9e59001d80547

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ad1d938c4752a5b502de3f0a5f077ba3

SHA1
bb59831a7a284ebfc956d8d2a3ecc420c9c5c1bb

SHA256
4e074ff888c3b2118c5ee3981ec2fee33690377ed6c2aecb32b63834c931a306

SHA512
bb1a9451d79db7193a2f2040ce9656c68d53a27b308037fdf17ca253d8a105a7d74d9689f16ed0e612aa2540d3b7b1234b8b6a3bc996476053f71fc0e9488cb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c38bde2bfd0577784b6329a75013ca71

SHA1
2bd521075987491ef0c6f7bf6d7cdfb53b902729

SHA256
9df73ccaf83087f612d1968e948ce3e400716edd5803577b9294ef6193c1add2

SHA512
03d3251a70c640cfb01bf555f17f0efc0ef7caa21d7b9cdaa186f79496a3a077e36019af8d6b54ee5a25529a9ff5f9049179e665cf84bf99cc10845c17154f9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
acf79e9f681fdda4889dcb8b854d0d7f

SHA1
4e64b186f5e9b7f6efc669076d4159d069e6749f

SHA256
6d1040a10ea29e6bce867386ecd86626229e3a524088d1afd87e5e4779d159a2

SHA512
a86e56bb56e61d09308d981b9794c17c998217b1e4c84903edb83e5ec4a04ce4f657388cea08cae60426e9014ce2bfa339a65877bff9a932dc29e06d4b4a0f69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
33246c7b7c9fe40c2e549593f0d6a8ab

SHA1
fa6b426b31c044ead6a05838eb68dba59877508b

SHA256
772c29260c9202648de30c2ae9b01b410a436867554469d0818664487e75bc0a

SHA512
c0f00761cb6a9e517fd149e3cbba1eb4ed8a7bca381229835c9995fb7dbc361e943f7b57ac3c846984d3d2497faf549aeac78bd9423fbf6522286ab45d73bd92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
3f90b326186dc160d42617acedf9d651

SHA1
027425d2064019e292526d814d40dc5554cee00b

SHA256
8c207c14ce3362652e18d0d4a5ab8de5643bfb43b12de9041aea643bd566e0af

SHA512
481f21feb1a1a9f7bcc5ebb89ffb2fd64941638dbbadc4465056d5c583d7cfbee843867240dbd22d9c31caf3d6a7aefe886d1926accd3082df784ea5974f1262

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a0b86c19f95957bd9cef406344e24cc1

SHA1
7b9d54f85a0d70b6e0ab4a024303649b2fa1a876

SHA256
6d33cff39e710b9b8fc8fcdc622381c9f0bc7066d3b37ca3e0c48d57b4b468b0

SHA512
e7c5421486375b08b973d082462803ea28673a339a3efc1d79d4eca5efce08520961760314f48dc64e4e4ea1dfbfbd2a7cff091a5b512dd31733e078b3a898cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
76227b60e85c6757f09d55a6b0b55125

SHA1
0b5a6f69a98f0e8a2584689769da886e6048304b

SHA256
2cda036be04272df25690f62dd97af88c422ee559e7edb485248868801ba6306

SHA512
21953bb7dfaa407b42cfe543a86ab7723b7d6c40b873363003b37025afc128a8cd686966a44b82970eb21a74e8e69a99156020306f5616f0f39e5a6de654df3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
5bf19a26d561fbb636925b99558deaed

SHA1
e18ce88680df09cb7a68f87abaae7f544c603bcd

SHA256
b778ebf22baa73e4843736b9a9717e8fcd2f964f9505f6b4a5c53af26ec2188c

SHA512
f30c3226bf7e3e40a5f6f5046c48b8d82b9350279b67e41594c798c757c0a150690b8e0cf01787d8d679909ebcaeb8c7d29e4bf9e4c57866d7ef3370d0a09a0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
259KB

MD5
1d4505ed6159ad4ba5baabc8221dab81

SHA1
b4b4ad2e3c6b9e572870e4b4007b6c2afad7de24

SHA256
5bf59eed24e2c933c66b8bf51f5eead5686c163b8e14a9b583d40adb6e3260a9

SHA512
986097fc4cda6f3f8cd1f241a15cd063d2985e4ab3eeb4c711445976d46a8148001865de4dd7383dc9556f480dab56885ea50f79cd69a46373d4c1da9b8b6645

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
259KB

MD5
f8d81cc64dddce4b260a4f784ebb2db9

SHA1
544382055fd73c28fc0a5060c26a85940cb71671

SHA256
e92c514bfaf3d909d7325c470320d485cbdbfebf306cea2f542d12f2bd201317

SHA512
ff9c310e21dac2dd0862bb6bd91ef81f32ef26272329de427ed074badad08933e00d42281f2baf68e25aded3bd845661aa374fb40ee49370e931fcee6cc4acb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
91KB

MD5
b8025badc63317cbcc8375748cf60e84

SHA1
99286bcd3b8d5126f7fad77ea9d5f8c4431d0700

SHA256
030b9b17ce9018c46cab043f041412c6b8f4bfd04c3e0a73b1c03018062adfad

SHA512
e9e7199a7976797db0cc23ef886424170627f655ce4b8b2774b8caf2c04ad13eef3ab650575a865e51fdde2165d05baacb5ced453f00c003b571e6065b560524

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
104KB

MD5
208470197b765800507accaa8bd8a05f

SHA1
e995ebba0526d71477d59f2170148fdc035d3748

SHA256
da921d236852538f37e4d916a0c7a94c386fcd8d6f30a222c18a4fd5541bc167

SHA512
b73372e2bbfa7ead0a89f813085884729bfa32fa85b665434a44b9a64547ab8d327a0bb139dccef63975cd5d41e79f100f28e3e24ea24d76254e5ee9f90386df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57df06.TMP

Filesize
88KB

MD5
b462afa0019e3487cf4be124efe23b9b

SHA1
0d3a6c02b7f7467060a9caf1fed5f853554a76ac

SHA256
62d91d611a6de341edf7953ffbf86aa737507784699e6de501fee02003ce3e37

SHA512
390d1120f4f973cd6f712853148b025732e0845c73ce1dc785685de3394532ac631da8fc5c08836dd34078c5b83b2df6ae166389116c0f10af0205cea1fb3907

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\be1c0106-7c61-4e5e-98a1-e649f3e38237.tmp

Filesize
259KB

MD5
ce4233bd78ba475a8606a854c8a47273

SHA1
dcea2755b2c14d60e5880bb7b9b45b12095f5df6

SHA256
07fd37a9fb28354a345add5c449cd31b28ce7b3604ab55c91f31cde6b509b311

SHA512
f3836c35dbf735fd9159d43054d3e5a6ec17ae4ae4bde5e357af26ef3aabe5404231624e41015675500583236164c7d0a1eb0766229e0a112fbc0449586af093

Download Submit
C:\Users\Admin\Downloads\1c36f2d3-d040-4d38-a9f4-6bbee4d3897d.tmp

Filesize
31KB

MD5
f7ea7b824ce6f85e7c2916c8abb8a79a

SHA1
4b7e8159705832fa4de4b8bd145200024b2f9eb9

SHA256
8830ee651e25fc349914bf5d1441517bf58da619230e12a38c53e5660848630a

SHA512
bbde606c73b69dce511d2b4f2666db13f0ec0bd5117d9487e233372da24b2e5a51a3de4e128f122c28dffaa0c8303a4d6b2a9c0c495e4b331c416d05d5cf3912

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 483884.crdownload

Filesize
3.7MB

MD5
b3ccf0278ae9c44515b926ed754d5110

SHA1
f0733be6b39fb82cc461a6f5169ccc16631a5905

SHA256
c4358c6a6e45858ad8125aa13682bcac6cb11ae5a1117c949ccfba5fc3fe1b51

SHA512
780fa1733d6e77da35a0e23ff0a3dfd637c83e437796284d6181fb45295120170ad8bcfaf802fff95a892ffc8ec2f5d8e8d38a8e378232b0f2c5311dbc9f06b4

Download Submit
C:\Users\Admin\Downloads\winrar-x32-700pl.exe

Filesize
3.6MB

MD5
a776631ae12773189efedc46d3555cc4

SHA1
446d6b75b302b44fc60a24c2e873db92584762e4

SHA256
0a79ba5b36f5617c63609bbeddb37aab746a209087e92c2c3bf5c7b0cd0d790b

SHA512
d5317fa0bc026415f3eded985a5c5268ba28a1dd61be4bd1fb30dc50a18d9225bb01fddca0cf7264844cc5ce9e429078d6aea38824132e1e5ea60c4663b58eb3

Download Submit