c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
27-05-2024 13:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

winrar-x64-701.exe
Size

3.8MB
MD5

46c17c999744470b689331f41eab7df1
SHA1

b8a63127df6a87d333061c622220d6d70ed80f7c
SHA256

c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a
SHA512

4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6
SSDEEP

98304:6NRBOBfKgQIm9EOTqw8vjh9Ac9nUNupK4hVvcF+yHrAr:sR/gmeOqv7Ac9F0kB

Score

6^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
4832	winrar-x64-701.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133612908171589293"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Downloads"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616193"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 00000000ffffffff	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Documents"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 14002e8005398e082303024b98265d99428e115f0000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616193"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx = ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\NodeSlot = "3"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 = 14002e80922b16d365937a46956b92703aca08af0000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3906287020-2915474608-1755617787-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\NodeSlot = "2"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
5004	chrome.exe
5004	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1020	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe
Token: SeShutdownPrivilege	3896	chrome.exe
Token: SeCreatePagefilePrivilege	3896	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe
3896	chrome.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
716	winrar-x64-701.exe
716	winrar-x64-701.exe
4832	winrar-x64-701.exe
4832	winrar-x64-701.exe
1020	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3896 wrote to memory of 2036	3896	chrome.exe	91
PID 3896 wrote to memory of 2036	3896	chrome.exe	91
PID 3896 wrote to memory of 2060	3896	chrome.exe	92
PID 3896 wrote to memory of 2060	3896	chrome.exe	92
PID 3896 wrote to memory of 2060	3896	chrome.exe	92
PID 3896 wrote to memory of 2060	3896	chrome.exe	92
PID 3896 wrote to memory of 2060	3896	chrome.exe	92
PID 3896 wrote to memory of 2060	3896	chrome.exe	92
PID 3896 wrote to memory of 2060	3896	chrome.exe	92
PID 3896 wrote to memory of 2060	3896	chrome.exe	92
PID 3896 wrote to memory of 2060	3896	chrome.exe	92
PID 3896 wrote to memory of 2060	3896	chrome.exe	92
PID 3896 wrote to memory of 2060	3896	chrome.exe	92
PID 3896 wrote to memory of 2060	3896	chrome.exe	92
PID 3896 wrote to memory of 2060	3896	chrome.exe	92
PID 3896 wrote to memory of 2060	3896	chrome.exe	92
PID 3896 wrote to memory of 2060	3896	chrome.exe	92
PID 3896 wrote to memory of 2060	3896	chrome.exe	92
PID 3896 wrote to memory of 2060	3896	chrome.exe	92
PID 3896 wrote to memory of 2060	3896	chrome.exe	92
PID 3896 wrote to memory of 2060	3896	chrome.exe	92
PID 3896 wrote to memory of 2060	3896	chrome.exe	92
PID 3896 wrote to memory of 2060	3896	chrome.exe	92
PID 3896 wrote to memory of 2060	3896	chrome.exe	92
PID 3896 wrote to memory of 2060	3896	chrome.exe	92
PID 3896 wrote to memory of 2060	3896	chrome.exe	92
PID 3896 wrote to memory of 2060	3896	chrome.exe	92
PID 3896 wrote to memory of 2060	3896	chrome.exe	92
PID 3896 wrote to memory of 2060	3896	chrome.exe	92
PID 3896 wrote to memory of 2060	3896	chrome.exe	92
PID 3896 wrote to memory of 2060	3896	chrome.exe	92
PID 3896 wrote to memory of 2060	3896	chrome.exe	92
PID 3896 wrote to memory of 2060	3896	chrome.exe	92
PID 3896 wrote to memory of 4376	3896	chrome.exe	93
PID 3896 wrote to memory of 4376	3896	chrome.exe	93
PID 3896 wrote to memory of 4532	3896	chrome.exe	94
PID 3896 wrote to memory of 4532	3896	chrome.exe	94
PID 3896 wrote to memory of 4532	3896	chrome.exe	94
PID 3896 wrote to memory of 4532	3896	chrome.exe	94
PID 3896 wrote to memory of 4532	3896	chrome.exe	94
PID 3896 wrote to memory of 4532	3896	chrome.exe	94
PID 3896 wrote to memory of 4532	3896	chrome.exe	94
PID 3896 wrote to memory of 4532	3896	chrome.exe	94
PID 3896 wrote to memory of 4532	3896	chrome.exe	94
PID 3896 wrote to memory of 4532	3896	chrome.exe	94
PID 3896 wrote to memory of 4532	3896	chrome.exe	94
PID 3896 wrote to memory of 4532	3896	chrome.exe	94
PID 3896 wrote to memory of 4532	3896	chrome.exe	94
PID 3896 wrote to memory of 4532	3896	chrome.exe	94
PID 3896 wrote to memory of 4532	3896	chrome.exe	94
PID 3896 wrote to memory of 4532	3896	chrome.exe	94
PID 3896 wrote to memory of 4532	3896	chrome.exe	94
PID 3896 wrote to memory of 4532	3896	chrome.exe	94
PID 3896 wrote to memory of 4532	3896	chrome.exe	94
PID 3896 wrote to memory of 4532	3896	chrome.exe	94
PID 3896 wrote to memory of 4532	3896	chrome.exe	94
PID 3896 wrote to memory of 4532	3896	chrome.exe	94
PID 3896 wrote to memory of 4532	3896	chrome.exe	94
PID 3896 wrote to memory of 4532	3896	chrome.exe	94
PID 3896 wrote to memory of 4532	3896	chrome.exe	94
PID 3896 wrote to memory of 4532	3896	chrome.exe	94
PID 3896 wrote to memory of 4532	3896	chrome.exe	94
PID 3896 wrote to memory of 4532	3896	chrome.exe	94
PID 3896 wrote to memory of 4532	3896	chrome.exe	94

C:\Users\Admin\AppData\Local\Temp\winrar-x64-701.exe
"C:\Users\Admin\AppData\Local\Temp\winrar-x64-701.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffe473ab58,0x7fffe473ab68,0x7fffe473ab78
  2⤵
  PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1896,i,17386402257079829048,9766507335182950037,131072 /prefetch:2
  2⤵
  PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1896,i,17386402257079829048,9766507335182950037,131072 /prefetch:8
  2⤵
  PID:4376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2280 --field-trial-handle=1896,i,17386402257079829048,9766507335182950037,131072 /prefetch:8
  2⤵
  PID:4532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2976 --field-trial-handle=1896,i,17386402257079829048,9766507335182950037,131072 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2984 --field-trial-handle=1896,i,17386402257079829048,9766507335182950037,131072 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4352 --field-trial-handle=1896,i,17386402257079829048,9766507335182950037,131072 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4452 --field-trial-handle=1896,i,17386402257079829048,9766507335182950037,131072 /prefetch:8
  2⤵
  PID:2652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4652 --field-trial-handle=1896,i,17386402257079829048,9766507335182950037,131072 /prefetch:8
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4800 --field-trial-handle=1896,i,17386402257079829048,9766507335182950037,131072 /prefetch:8
  2⤵
  PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4948 --field-trial-handle=1896,i,17386402257079829048,9766507335182950037,131072 /prefetch:8
  2⤵
  PID:228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 --field-trial-handle=1896,i,17386402257079829048,9766507335182950037,131072 /prefetch:8
  2⤵
  PID:2688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5000 --field-trial-handle=1896,i,17386402257079829048,9766507335182950037,131072 /prefetch:8
  2⤵
  PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4532 --field-trial-handle=1896,i,17386402257079829048,9766507335182950037,131072 /prefetch:8
  2⤵
  PID:1372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4764 --field-trial-handle=1896,i,17386402257079829048,9766507335182950037,131072 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4360 --field-trial-handle=1896,i,17386402257079829048,9766507335182950037,131072 /prefetch:8
  2⤵
  PID:404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3272 --field-trial-handle=1896,i,17386402257079829048,9766507335182950037,131072 /prefetch:1
  2⤵
  PID:3040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3408 --field-trial-handle=1896,i,17386402257079829048,9766507335182950037,131072 /prefetch:8
  2⤵
  PID:3656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3016 --field-trial-handle=1896,i,17386402257079829048,9766507335182950037,131072 /prefetch:8
  2⤵
  PID:524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4584 --field-trial-handle=1896,i,17386402257079829048,9766507335182950037,131072 /prefetch:8
  2⤵
  PID:3652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=2756 --field-trial-handle=1896,i,17386402257079829048,9766507335182950037,131072 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3996 --field-trial-handle=1896,i,17386402257079829048,9766507335182950037,131072 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=1788 --field-trial-handle=1896,i,17386402257079829048,9766507335182950037,131072 /prefetch:1
  2⤵
  PID:3508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=1880 --field-trial-handle=1896,i,17386402257079829048,9766507335182950037,131072 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=3108 --field-trial-handle=1896,i,17386402257079829048,9766507335182950037,131072 /prefetch:1
  2⤵
  PID:1368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5164 --field-trial-handle=1896,i,17386402257079829048,9766507335182950037,131072 /prefetch:1
  2⤵
  PID:1312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 --field-trial-handle=1896,i,17386402257079829048,9766507335182950037,131072 /prefetch:8
  2⤵
  PID:2400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5824 --field-trial-handle=1896,i,17386402257079829048,9766507335182950037,131072 /prefetch:1
  2⤵
  PID:2992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5864 --field-trial-handle=1896,i,17386402257079829048,9766507335182950037,131072 /prefetch:8
  2⤵
  PID:396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6020 --field-trial-handle=1896,i,17386402257079829048,9766507335182950037,131072 /prefetch:1
  2⤵
  PID:628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6188 --field-trial-handle=1896,i,17386402257079829048,9766507335182950037,131072 /prefetch:8
  2⤵
  PID:1196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6348 --field-trial-handle=1896,i,17386402257079829048,9766507335182950037,131072 /prefetch:8
  2⤵
  PID:1724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6516 --field-trial-handle=1896,i,17386402257079829048,9766507335182950037,131072 /prefetch:8
  2⤵
  PID:1060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=5836 --field-trial-handle=1896,i,17386402257079829048,9766507335182950037,131072 /prefetch:1
  2⤵
  PID:844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=5908 --field-trial-handle=1896,i,17386402257079829048,9766507335182950037,131072 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=6976 --field-trial-handle=1896,i,17386402257079829048,9766507335182950037,131072 /prefetch:1
  2⤵
  PID:2740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=7036 --field-trial-handle=1896,i,17386402257079829048,9766507335182950037,131072 /prefetch:1
  2⤵
  PID:1676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7116 --field-trial-handle=1896,i,17386402257079829048,9766507335182950037,131072 /prefetch:8
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5924 --field-trial-handle=1896,i,17386402257079829048,9766507335182950037,131072 /prefetch:8
  2⤵
  PID:3656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6552 --field-trial-handle=1896,i,17386402257079829048,9766507335182950037,131072 /prefetch:8
  2⤵
  PID:1648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6888 --field-trial-handle=1896,i,17386402257079829048,9766507335182950037,131072 /prefetch:8
  2⤵
  PID:2016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6808 --field-trial-handle=1896,i,17386402257079829048,9766507335182950037,131072 /prefetch:8
  2⤵
  PID:3584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5940 --field-trial-handle=1896,i,17386402257079829048,9766507335182950037,131072 /prefetch:8
  2⤵
  PID:776
- C:\Users\Admin\Downloads\winrar-x64-701.exe
  "C:\Users\Admin\Downloads\winrar-x64-701.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6848 --field-trial-handle=1896,i,17386402257079829048,9766507335182950037,131072 /prefetch:8
  2⤵
  PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6592 --field-trial-handle=1896,i,17386402257079829048,9766507335182950037,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=6632 --field-trial-handle=1896,i,17386402257079829048,9766507335182950037,131072 /prefetch:1
  2⤵
  PID:3172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=6916 --field-trial-handle=1896,i,17386402257079829048,9766507335182950037,131072 /prefetch:1
  2⤵
  PID:668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7120 --field-trial-handle=1896,i,17386402257079829048,9766507335182950037,131072 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:1020

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4748

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\419f25b4e7414342ae4b5274c7f0ccd2 /t 4200 /p 716
1⤵
PID:524

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\8fc9f54cac6f49a693f7db6a877baf7b /t 3540 /p 4832
1⤵
PID:2828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002b

Filesize
69KB

MD5
0ed8278b11742681d994e5f5b44b8d3d

SHA1
28711624d01da8dbd0aa4aad8629d5b0f703441e

SHA256
354730711c3ca9845bf98ec5dfb58a16e50984f9edcf0e8f432742326334f8a2

SHA512
d296ab1f1b418b125f09598ca6645d984a1cf67092a914956b8879d285ee35521b408363b47da195de79086e3be3ed9b1709bc8f9cd2e32d5dccb720a010bc8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c

Filesize
326KB

MD5
6930ea7c53f0ce009cb02aaff619f4eb

SHA1
93bb7b8749e7e8f074294731776207371043d3b4

SHA256
16f28dd66541dcdac4dc74947b37305a05d20351e57e69662f7e37abef045f8b

SHA512
2806b3203ba93c5acab0f76bbe2d96a782fd65948ba61cdf49cd97fcf5b24ea1f811bf26a7900537b7f3c9ea4f5372d7e2d7998659036841789d4d5451d90427

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d

Filesize
133KB

MD5
da1d252e947bce39c6b4fc3270383195

SHA1
f6e8fcd9d63683e56e457bbf1dfbd684586382fc

SHA256
28ac23c8020d600a3141888b982e3061d34aeaad83fe5993d8e61cf2a70b7bd4

SHA512
320539f5ec40d9bf31f6b9b7c1c99f6c644937060c5f29726b6719f2ff5d2043d237ddcbf4be20055e9b13673fc0e4e025d172bcd51495caf65ca57a689e2eb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004c

Filesize
19KB

MD5
2b845c3bbfbcb4e28ffbd1838368decd

SHA1
4414c101a651bbc06ab2d1eced6932338278e7fb

SHA256
addd85cdf92ff6c8fe37ab271bbaf49b204ebb8f0e0782ff412959c1e9ac57e4

SHA512
c6a374402b6b038387d385b81040d0d6ae83b2a503be91335b4b641e9eaecace2696871b7ac79af7e78e526212de77f128738cd47142c8ff1494a11bc3a4548d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
9dc3f8111fdfbd2585128594b478aa96

SHA1
37ba3bfe232a6ddbc2279f1929b69398b9974333

SHA256
4174f552ad132fb5a1a80a6253698479e29d5293aaa7bb4915c2326b6b2cf616

SHA512
ab1fb2fc8df73aad69df599716bab93a36e6f81e07b7afa99be226e8d8d0b79ea6049616eff61fcf811b93a5c7b8f4aaa20f2f6c6b6a816322c4622ac1d68dde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
3b091208c91aa71dc8ab28d08250242c

SHA1
24475257f8e51a076e65f68d6a03518d77998a53

SHA256
7065e3906019937ffd46b14845944901999f1b45b92d31401d69adaf4747e1f1

SHA512
625a1c620f78afca4514d01dc942daee1a8e1f66f5c3762a6e07b8eb9bac01921979d3927b8d29860c89e9b1d20d4eb08f7d9501b99eeaa755a4c03b89e53bce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
30dd1394a830fdac919fac9a275dc97f

SHA1
4888ad470f322a3b88524d139ee95568fa05e6ac

SHA256
7ce87abcf41d720a9414523c33fca2a730513ba0bfe4e37d270b4e49515b700d

SHA512
c13719b43bad53bfa760a37e9422db5a8e912a6df5400b545c6112690b2a670acf8e0a2d33e1f1a48cf7be295f7478bde3db1bc2904588669b82008687ce0519

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
fbedff67e262f6e91df041e5aa5b92c0

SHA1
c291ca10588e15b562c3d1780db3b84f2910da50

SHA256
8dd538f23d3c9594f08a4ee036b98c9af904f0b0a8a3f05cadfef45eb020c11e

SHA512
dd6f01cbf3e95d405bc921b13e34bbc7700da0a492bdf2398e58c79a50775f0b1396541d17293a6daa34b3ec5bf62ea2e67b133ec761a9d43215b8ca210fa958

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e4b87d96264c46839787a1c85dd982f5

SHA1
323de09c33cac154624eb9b80be8bf5fc19d5b23

SHA256
762a4b175533a8b5f7381aa6f20a80d8a24dcd334bdffe313051df4093813fad

SHA512
22fdafe81d6fc7719bec624235a868f43bdc31e5f40f4c75838dcdbdfbc82d3c9425fef02c3487bfde26d0f680003df7a05c765cf9c27408ed4afe84f640f071

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
77d6472095b2014a1b85db0be3de9a77

SHA1
3fb96b4afb71790b3bccb31684dd817b325aae0b

SHA256
ae723ca0cb611cb085ba2c375b56484186315d64e115cb9740f6cf398dd535f8

SHA512
1cb48f8b5005d193c04fd3bcaed98ce1d4c53d8ff2efdb086bf4d128bf7082e81e59f820f662ad160a15d20e67261e71eb8af6d71c06db7ed439869c51492bc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c64252738c862c7f2e610316dfad8379

SHA1
ce5987f09961a182aa3dfc521761eab337124b07

SHA256
47512f17238c4820084fad75f6651ed27fd1c528d375f7166a2bf9758661978e

SHA512
678e4afe84a95951b2600d4a567b48cb1eb5338b78c62f8db6cefc008a09c771281b80a7af5ac5925167af4363dd65735105fbebd9f04c00ad05fe27acf8bc50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
77aecbb5af64d9a4caf7dcb20ee379bd

SHA1
52b6c2171a2ab1bca66d99293b2a8af143b1aacc

SHA256
91319ee3fa1e7ed011b824778de38c2fead1533b214dcbfbea681b386acf755a

SHA512
1d50f7605048da85692857bc25622d0f6a2f4cdf56db601937f8252b9a722cba891631acffd87dc10d7ca0f364234bce9ec57322486f63f034ed78c08f0dc2b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
bb9ba11356a8ddc8f720aa3a9ca9bf5c

SHA1
cf8271beecc1ec99d7a9858b5af75496e3748546

SHA256
ca316be2159aadc84490f1ab13c04406631f1e34d0b275b4f794a0c4b793473b

SHA512
834583d0e88b188caecee37d9dd0cf643ffeb224cffbec87b9546099e0370888c367bcc5bc930476a81ae362664b5bac796fd901ed46bc3998618b7110a9f611

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
19adad52456e041cf66fbd09b8210074

SHA1
8b545ce930ea78c0ee7b2ec887764cb0cd504c9a

SHA256
26dab798b1550e47cf0ff69125826263f6e726e69a0b11ee3ba01e465bbef891

SHA512
d15f1345812896f1e68b3904af199272b6d9e57035d55d4e1cef2eebc3a17fa77868400eabd488eee68377695f6691c2829e9d68a6007a01f77714ad84f4b572

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7013f5271f996e65977d6bac44a025e6

SHA1
2cbae1d6ec0c15a3fbf450bae4ee6f4015b8f921

SHA256
16c2c2920a5633ca6bbd57d5cf51669bd4b299adbe9c39a883474147fc140e0f

SHA512
a6518b636ff22fe18e39e53254cc9343a4be4b35afa0daca9995b4e886d0fbce43e26d44426bebe2f52e1edbc01e42414735831d43d8b9230415564c2a1659c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
614eaa75a9257b2b1f591afa2430a256

SHA1
104f20d24bd97349350eba726980799639eeeeb5

SHA256
6d1fb277240f1ca43d5da1a4fe4f043d3b2dc453d4524cf9906cf5c423cb3476

SHA512
cf8359cdc6b062032683288a5fd9cbfdafb8bf8efc2beabe2aec5cc65fe86a87d7e28bf28942ae1cd44350925e6f340fac95557cdbe5dd6eeb40374127c318f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d8ab0f68eff2ffa7b9c36358b800f42d

SHA1
1ed370e0910dd0c673e5124be034fc15d1008033

SHA256
4d145d4c8f355b5c0ea988db5055b7075775364f07d1ce7fa31394ac25c2cdde

SHA512
d5f1f008aa1e400998533ec2c87d4bfcfeafbe6f54b466a37cc66ab80d351957113b22620f9e86b41f4bdb0cc23b34b5869ad2c3458091559ccdccb38a799339

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
4a7cb55d67e6339248fd37c329841358

SHA1
446420e242da8385c339d881f93df5a8b6ac1bf1

SHA256
035c93eae8e1e0f7445c3778a4c0ea211719177a76efdcde35907b3ec0a58aad

SHA512
b7af9bed8763bbc8d22ef5991076242384a3cb7454dfaa510a43c0f84e586d9896276b19698a47fd723b988fe552500bb49346d34f3947ad2930c7917545b47e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c75f9f28e13525d3173e152e00c784b5

SHA1
e9597fad0221b415fba05f44f78b6142485937ed

SHA256
788074afb4bb90391e550f02d5ace0610a2e759be66848807e0431a4a46d6e4a

SHA512
0f1358423bf6f764071a9792cf9f6d80a7c6db6fad94d29ab0d4a9b12121332d43882798d8a3b518c4562482130a287d3a57672063f9f690466c1d3566a1bf52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
4c2a58a1c20d2cbb3e6e583752992b8e

SHA1
1d1b52d3a4cd48620428b19e7975d2bed821cb61

SHA256
83f3e33d99ef5d6712a91b5898d5094bceea03e6843dced44f44014e4f163f95

SHA512
c9b58d25d59aae9facd302192c242ab85b83283bc0c53d29268c83548a549a57e4d90fa941e468e6e0fadca5b54d73ccbcca6117d64fff2ec61d8d6a4acebe67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
0bc9dce4674831e7239a0148634ee766

SHA1
7d71eee8edd33b4761a9793766384648484d76c4

SHA256
f09d5959f1cbf15a499b995fea97de85a6f50f2d09f0df0038ff70a712d41929

SHA512
c67fc37097385e27f4b9d603877f76aad9042f0129f578180f17b95311de0c0357446c5792d43b4a7b967a33d3fbf496604940db9cc4938e1ec4881386821cc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
50c2d28c60c86e394840e2ac4ce0c46b

SHA1
a5c28f325cb38f5cc48156d6c9a6978f3c00289e

SHA256
c6c7566bf902f2f6d5b8ba5c9a4701053cb6bba732e195ffb20d60dd26191cd5

SHA512
40b52222c8bb913c986eeec2e5c9b690f9e64a529e17b2118b7930247f96e32b13ad923f1ab2d1ff528d5f1d8370c6af9dd53e1471b72684748f0873360fb88f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a64a2b3a596248f67a5fcd9ca360cff3

SHA1
8bcaa08f550f0b8690dc8574786b0bb6721d1dce

SHA256
86e93ed1560ca8ff11f51f9d0179aafd171075c88249d3e44fc74498a7fed034

SHA512
75a9e5e96ded94c7fc1efe6f272f98a74a32c1752047199cbd2547f09d4fae4801ba1b9c161c16cdcc221b74709cac2c596f8e897e9b3571cc2a1213922ef7c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
37aa442fb0aee7315e0f677080e3e72e

SHA1
d603612cff3cb3a4a2f961ad384d4e43309b8045

SHA256
cc080797e91f9a65dd5fe92766af9e22c0f2da22a07d3edd8d474628f15ca3fb

SHA512
4ae675970fc4e1dd2c113a31f1bcb09eee64eaf4211e3026f0ecdfa15194e6b38bf504784ac67aa2315f034cb5b5394f2b582379b14b0d1c0a7261dd9ed09cca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
94275bde03760c160b707ba8806ef545

SHA1
aad8d87b0796de7baca00ab000b2b12a26427859

SHA256
c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968

SHA512
2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5898ef.TMP

Filesize
120B

MD5
7166f311f1d994fcaf38bf5f4114d403

SHA1
be8cf9bfc33b1fcc203d8c1f9ac1c2ca2131f3b9

SHA256
dd559bf37b970cb8a71954808deefe3fe4a30435a72b7f6342674482028543f3

SHA512
af8eb3a8979b4406f25ab6c6f1763035183ce0045a7f5c7d0c4cf86e6eec1df210fc3c0bf8cc226393382c85f55a1f84905e94ea6fb213b1443149ce25a3af8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
131KB

MD5
f4bbe207be4ffb18a02ec39248a034a5

SHA1
4097571086458f62639924f4fa90645a07298861

SHA256
c36a8a3a3d9b4d0c2446492f074b13a853877ef88cf02a8ffa2447a99f802a62

SHA512
e6cad3f225750b04939a0d9e0263f57a63db2321e7c261cfb8bad30e5a7be949d9bde0de3749bb116a1c79e8c45a8253708f8d0fb64c8b12342175a2e91b5f3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
282KB

MD5
9573c23cfec846d2812a1b08b68eb791

SHA1
9d87c8e12ae376e38272dc324545de5b74f3452c

SHA256
276aff07e8f0a3260a59d2da821b322d91edd058ba7ba69f3fb1801f45174da9

SHA512
df27edbd73f55728cb9d2e3fd193e143e87f80a69aca096b7aaeb98aa06a316a6cca765b5b83ecd118b0ed6e05699a7729f2fad7032f20551a481d7afe458128

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
262KB

MD5
7e4cd3f0ea01d9db12946cc0051fec8f

SHA1
4405c1e4d88fbb26728ea2099a752a250026f820

SHA256
c20f7ac2a1799303b0aaef5249281561104985f2a8d70688264cb8b8f7b80f79

SHA512
02e1bcf426f2d8e10932a711c0e22977b3b26b76a25d8dfd3cd1827f12d0a4d758b8c66f72046b6d5f2152aaf6329bf414f3208c5b9700c67a5cfa22f99d13d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
262KB

MD5
a9a98863f1bf32810a7c0151d2e8fc8c

SHA1
c1024bdc59a0d84f9e95c3f240e46e97138c3530

SHA256
cbd3b0eb0e54d2be2eb41bdad8f36cf3d5b8f8dbd04ad573b3697ca749865ca9

SHA512
817ba9c442bd765299a26748ee949ad501da2d3b1a29e773473a5f87ceffbaa7f465fad6c73e010157a01f9f83ff5b78ca88d242e1f78015ec9649cff873d0b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
91KB

MD5
636bfbca69eb43df198a9298a2efe698

SHA1
894daebd7889dcbc4a63f9b94234cbcbf1a8761d

SHA256
5396ee4d781b6fc0aa60d1c50b512d2eff49d01332f02351b4b3ab8813365cbc

SHA512
8870a4230ee365cafbc6d1a4b10125f19637389e23b86ef8c96a2baaeed4ad9dfd29c68e9581b264d4a73d52188224e47dbf9368b2a91c8176aaf7995de300cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
94KB

MD5
809eea34b8f2f26bc5fcbf7a48124c0d

SHA1
c968c280e33106605b07052b4ad35902148f3d18

SHA256
d03c6eb2191852f4dfc97ce33cf972240eda599ff16c4f0cf3f0406c2052decb

SHA512
ffead1cb2712b0f166244ac1f36a588b06551e91fde54c922a05ee4d75f6e059ca07e974f96c9b3e971ef0088af9229a5f91a04fabfd82106c97c21e22896050

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
727d7248a8586fcefd4058a63c03b717

SHA1
186beac06c6db27d171022a3fb8ec7176fac7d22

SHA256
451cebb1e69338f6281319e446e3778e64870ce2ab018d59fc0b6a0a77d5ca82

SHA512
8918c427473bf3c836872bdad75b5873689f83fe6976c21feac401633a0df82631669b091f260e12997b19c4ab44230268565748fd04af9fa4dc9e6a853a388c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
107KB

MD5
0601bc5cac9df592989be9bd8fb620c3

SHA1
19b932081468607b3a90ed4b040c364e1753a98e

SHA256
3f764af711598d18fa17b1e357540a98526767b56527858cf0f71f836f75f5a2

SHA512
531535c4a8a6c2c64faf1b652fb1b6a1e849d5546ca47973b4b83ba33e5a9af3ba7f28e3efb926634379eef4b7f6ff9983214ff72489c598630af7417fec7add

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57bce7.TMP

Filesize
88KB

MD5
5b6fcaf59480aa32f5b1294c73c4c8b4

SHA1
0a46b6cc16e1b86e788e40cb7d090d9f63985403

SHA256
0e6fc46a91cea533dc66061f5d9f428f6febb75a42671549d1cb6a220d43dc86

SHA512
e3f22e969767f1f6950af1912cc85286bab63ba025597da71ac3e8c2c856299962e2a70e053a133f005e3d5e6ec50c2a5e137831b8dfa038d1880ee1de26e752

Download Submit
C:\Users\Admin\Downloads\_Getintopc.com_CyberGhost_VPN_v6.5.1.3377_Final_Setup.rar

Filesize
26.0MB

MD5
29ad2011eea96c9316cec1f6aa24f76c

SHA1
865d04b28a200be2aa894b009f3288a20b8cb008

SHA256
e763fdbe0f484ace39060bc846f2bd9c271e0553f1282595a088c86346e75033

SHA512
91c509afab6b88ccb9e7c1beb9d4fc3ad55fe81e88135fc1a2ae2c9b68c5223f3b7be60d7695fb2afde4e7d62199ffa4d88cc393e37ea6016b44b5d3c0bfe991

Download Submit
C:\Users\Admin\Downloads\winrar-x64-701.exe

Filesize
3.8MB

MD5
46c17c999744470b689331f41eab7df1

SHA1
b8a63127df6a87d333061c622220d6d70ed80f7c

SHA256
c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a

SHA512
4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6

Download Submit