hxxps://drive[.]google[.]com/file/d/1kf3WPsCjLDB4KOMSrpRh2tugjjGHU3bJ/view

Analysis

max time kernel
1799s
max time network
1738s
platform
windows10-2004_x64
resource
win10v2004-20240508-es
resource tags

arch:x64arch:x86image:win10v2004-20240508-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
05-06-2024 22:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1kf3WPsCjLDB4KOMSrpRh2tugjjGHU3bJ/view

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
1276	winrar-x64-701.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
6	drive.google.com
10	drive.google.com
11	drive.google.com

Drops file in System32 directory 11 IoCs

description	ioc	Process
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00001.jrs	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.jfm	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jtx	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSStmp.log	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00002.jrs	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jcp	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log	svchost.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133621017050092930"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings	mspaint.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings	mspaint.exe

Suspicious behavior: EnumeratesProcesses 50 IoCs

pid	Process
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
3600	chrome.exe
3600	chrome.exe
3856	mspaint.exe
3856	mspaint.exe
4716	mspaint.exe
4716	mspaint.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4696	chrome.exe
Token: SeCreatePagefilePrivilege	4696	chrome.exe
Token: SeShutdownPrivilege	4696	chrome.exe
Token: SeCreatePagefilePrivilege	4696	chrome.exe
Token: SeShutdownPrivilege	4696	chrome.exe
Token: SeCreatePagefilePrivilege	4696	chrome.exe
Token: SeShutdownPrivilege	4696	chrome.exe
Token: SeCreatePagefilePrivilege	4696	chrome.exe
Token: SeShutdownPrivilege	4696	chrome.exe
Token: SeCreatePagefilePrivilege	4696	chrome.exe
Token: SeShutdownPrivilege	4696	chrome.exe
Token: SeCreatePagefilePrivilege	4696	chrome.exe
Token: SeShutdownPrivilege	4696	chrome.exe
Token: SeCreatePagefilePrivilege	4696	chrome.exe
Token: SeShutdownPrivilege	4696	chrome.exe
Token: SeCreatePagefilePrivilege	4696	chrome.exe
Token: SeShutdownPrivilege	4696	chrome.exe
Token: SeCreatePagefilePrivilege	4696	chrome.exe
Token: SeShutdownPrivilege	4696	chrome.exe
Token: SeCreatePagefilePrivilege	4696	chrome.exe
Token: SeShutdownPrivilege	4696	chrome.exe
Token: SeCreatePagefilePrivilege	4696	chrome.exe
Token: SeShutdownPrivilege	4696	chrome.exe
Token: SeCreatePagefilePrivilege	4696	chrome.exe
Token: SeShutdownPrivilege	4696	chrome.exe
Token: SeCreatePagefilePrivilege	4696	chrome.exe
Token: SeShutdownPrivilege	4696	chrome.exe
Token: SeCreatePagefilePrivilege	4696	chrome.exe
Token: SeShutdownPrivilege	4696	chrome.exe
Token: SeCreatePagefilePrivilege	4696	chrome.exe
Token: SeShutdownPrivilege	4696	chrome.exe
Token: SeCreatePagefilePrivilege	4696	chrome.exe
Token: SeShutdownPrivilege	4696	chrome.exe
Token: SeCreatePagefilePrivilege	4696	chrome.exe
Token: SeShutdownPrivilege	4696	chrome.exe
Token: SeCreatePagefilePrivilege	4696	chrome.exe
Token: SeShutdownPrivilege	4696	chrome.exe
Token: SeCreatePagefilePrivilege	4696	chrome.exe
Token: SeShutdownPrivilege	4696	chrome.exe
Token: SeCreatePagefilePrivilege	4696	chrome.exe
Token: SeShutdownPrivilege	4696	chrome.exe
Token: SeCreatePagefilePrivilege	4696	chrome.exe
Token: SeShutdownPrivilege	4696	chrome.exe
Token: SeCreatePagefilePrivilege	4696	chrome.exe
Token: SeShutdownPrivilege	4696	chrome.exe
Token: SeCreatePagefilePrivilege	4696	chrome.exe
Token: SeShutdownPrivilege	4696	chrome.exe
Token: SeCreatePagefilePrivilege	4696	chrome.exe
Token: SeShutdownPrivilege	4696	chrome.exe
Token: SeCreatePagefilePrivilege	4696	chrome.exe
Token: SeShutdownPrivilege	4696	chrome.exe
Token: SeCreatePagefilePrivilege	4696	chrome.exe
Token: SeShutdownPrivilege	4696	chrome.exe
Token: SeCreatePagefilePrivilege	4696	chrome.exe
Token: SeShutdownPrivilege	4696	chrome.exe
Token: SeCreatePagefilePrivilege	4696	chrome.exe
Token: SeShutdownPrivilege	4696	chrome.exe
Token: SeCreatePagefilePrivilege	4696	chrome.exe
Token: SeShutdownPrivilege	4696	chrome.exe
Token: SeCreatePagefilePrivilege	4696	chrome.exe
Token: SeShutdownPrivilege	4696	chrome.exe
Token: SeCreatePagefilePrivilege	4696	chrome.exe
Token: SeShutdownPrivilege	4696	chrome.exe
Token: SeCreatePagefilePrivilege	4696	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
4696	chrome.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe
1600	taskmgr.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
3856	mspaint.exe
3164	OpenWith.exe
4716	mspaint.exe
3284	OpenWith.exe
1276	winrar-x64-701.exe
1276	winrar-x64-701.exe
1276	winrar-x64-701.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4696 wrote to memory of 4672	4696	chrome.exe	83
PID 4696 wrote to memory of 4672	4696	chrome.exe	83
PID 4696 wrote to memory of 1524	4696	chrome.exe	84
PID 4696 wrote to memory of 1524	4696	chrome.exe	84
PID 4696 wrote to memory of 1524	4696	chrome.exe	84
PID 4696 wrote to memory of 1524	4696	chrome.exe	84
PID 4696 wrote to memory of 1524	4696	chrome.exe	84
PID 4696 wrote to memory of 1524	4696	chrome.exe	84
PID 4696 wrote to memory of 1524	4696	chrome.exe	84
PID 4696 wrote to memory of 1524	4696	chrome.exe	84
PID 4696 wrote to memory of 1524	4696	chrome.exe	84
PID 4696 wrote to memory of 1524	4696	chrome.exe	84
PID 4696 wrote to memory of 1524	4696	chrome.exe	84
PID 4696 wrote to memory of 1524	4696	chrome.exe	84
PID 4696 wrote to memory of 1524	4696	chrome.exe	84
PID 4696 wrote to memory of 1524	4696	chrome.exe	84
PID 4696 wrote to memory of 1524	4696	chrome.exe	84
PID 4696 wrote to memory of 1524	4696	chrome.exe	84
PID 4696 wrote to memory of 1524	4696	chrome.exe	84
PID 4696 wrote to memory of 1524	4696	chrome.exe	84
PID 4696 wrote to memory of 1524	4696	chrome.exe	84
PID 4696 wrote to memory of 1524	4696	chrome.exe	84
PID 4696 wrote to memory of 1524	4696	chrome.exe	84
PID 4696 wrote to memory of 1524	4696	chrome.exe	84
PID 4696 wrote to memory of 1524	4696	chrome.exe	84
PID 4696 wrote to memory of 1524	4696	chrome.exe	84
PID 4696 wrote to memory of 1524	4696	chrome.exe	84
PID 4696 wrote to memory of 1524	4696	chrome.exe	84
PID 4696 wrote to memory of 1524	4696	chrome.exe	84
PID 4696 wrote to memory of 1524	4696	chrome.exe	84
PID 4696 wrote to memory of 1524	4696	chrome.exe	84
PID 4696 wrote to memory of 1524	4696	chrome.exe	84
PID 4696 wrote to memory of 1524	4696	chrome.exe	84
PID 4696 wrote to memory of 4784	4696	chrome.exe	85
PID 4696 wrote to memory of 4784	4696	chrome.exe	85
PID 4696 wrote to memory of 4888	4696	chrome.exe	86
PID 4696 wrote to memory of 4888	4696	chrome.exe	86
PID 4696 wrote to memory of 4888	4696	chrome.exe	86
PID 4696 wrote to memory of 4888	4696	chrome.exe	86
PID 4696 wrote to memory of 4888	4696	chrome.exe	86
PID 4696 wrote to memory of 4888	4696	chrome.exe	86
PID 4696 wrote to memory of 4888	4696	chrome.exe	86
PID 4696 wrote to memory of 4888	4696	chrome.exe	86
PID 4696 wrote to memory of 4888	4696	chrome.exe	86
PID 4696 wrote to memory of 4888	4696	chrome.exe	86
PID 4696 wrote to memory of 4888	4696	chrome.exe	86
PID 4696 wrote to memory of 4888	4696	chrome.exe	86
PID 4696 wrote to memory of 4888	4696	chrome.exe	86
PID 4696 wrote to memory of 4888	4696	chrome.exe	86
PID 4696 wrote to memory of 4888	4696	chrome.exe	86
PID 4696 wrote to memory of 4888	4696	chrome.exe	86
PID 4696 wrote to memory of 4888	4696	chrome.exe	86
PID 4696 wrote to memory of 4888	4696	chrome.exe	86
PID 4696 wrote to memory of 4888	4696	chrome.exe	86
PID 4696 wrote to memory of 4888	4696	chrome.exe	86
PID 4696 wrote to memory of 4888	4696	chrome.exe	86
PID 4696 wrote to memory of 4888	4696	chrome.exe	86
PID 4696 wrote to memory of 4888	4696	chrome.exe	86
PID 4696 wrote to memory of 4888	4696	chrome.exe	86
PID 4696 wrote to memory of 4888	4696	chrome.exe	86
PID 4696 wrote to memory of 4888	4696	chrome.exe	86
PID 4696 wrote to memory of 4888	4696	chrome.exe	86
PID 4696 wrote to memory of 4888	4696	chrome.exe	86
PID 4696 wrote to memory of 4888	4696	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/1kf3WPsCjLDB4KOMSrpRh2tugjjGHU3bJ/view
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb6f9bab58,0x7ffb6f9bab68,0x7ffb6f9bab78
  2⤵
  PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1920,i,18296124147309465735,5845347123750191232,131072 /prefetch:2
  2⤵
  PID:1524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 --field-trial-handle=1920,i,18296124147309465735,5845347123750191232,131072 /prefetch:8
  2⤵
  PID:4784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2252 --field-trial-handle=1920,i,18296124147309465735,5845347123750191232,131072 /prefetch:8
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2908 --field-trial-handle=1920,i,18296124147309465735,5845347123750191232,131072 /prefetch:1
  2⤵
  PID:2852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2916 --field-trial-handle=1920,i,18296124147309465735,5845347123750191232,131072 /prefetch:1
  2⤵
  PID:3208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4376 --field-trial-handle=1920,i,18296124147309465735,5845347123750191232,131072 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4480 --field-trial-handle=1920,i,18296124147309465735,5845347123750191232,131072 /prefetch:8
  2⤵
  PID:4128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4764 --field-trial-handle=1920,i,18296124147309465735,5845347123750191232,131072 /prefetch:8
  2⤵
  PID:1404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4764 --field-trial-handle=1920,i,18296124147309465735,5845347123750191232,131072 /prefetch:8
  2⤵
  PID:3496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4852 --field-trial-handle=1920,i,18296124147309465735,5845347123750191232,131072 /prefetch:8
  2⤵
  PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 --field-trial-handle=1920,i,18296124147309465735,5845347123750191232,131072 /prefetch:8
  2⤵
  PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4912 --field-trial-handle=1920,i,18296124147309465735,5845347123750191232,131072 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4764 --field-trial-handle=1920,i,18296124147309465735,5845347123750191232,131072 /prefetch:8
  2⤵
  PID:4128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 --field-trial-handle=1920,i,18296124147309465735,5845347123750191232,131072 /prefetch:8
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4764 --field-trial-handle=1920,i,18296124147309465735,5845347123750191232,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=960 --field-trial-handle=1920,i,18296124147309465735,5845347123750191232,131072 /prefetch:1
  2⤵
  PID:692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3468 --field-trial-handle=1920,i,18296124147309465735,5845347123750191232,131072 /prefetch:1
  2⤵
  PID:468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4700 --field-trial-handle=1920,i,18296124147309465735,5845347123750191232,131072 /prefetch:8
  2⤵
  PID:3516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5476 --field-trial-handle=1920,i,18296124147309465735,5845347123750191232,131072 /prefetch:8
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=1548 --field-trial-handle=1920,i,18296124147309465735,5845347123750191232,131072 /prefetch:1
  2⤵
  PID:3928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4244 --field-trial-handle=1920,i,18296124147309465735,5845347123750191232,131072 /prefetch:8
  2⤵
  PID:4248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4168 --field-trial-handle=1920,i,18296124147309465735,5845347123750191232,131072 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5004 --field-trial-handle=1920,i,18296124147309465735,5845347123750191232,131072 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=4340 --field-trial-handle=1920,i,18296124147309465735,5845347123750191232,131072 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4536 --field-trial-handle=1920,i,18296124147309465735,5845347123750191232,131072 /prefetch:1
  2⤵
  PID:1308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5256 --field-trial-handle=1920,i,18296124147309465735,5845347123750191232,131072 /prefetch:8
  2⤵
  PID:3456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5424 --field-trial-handle=1920,i,18296124147309465735,5845347123750191232,131072 /prefetch:8
  2⤵
  PID:4088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 --field-trial-handle=1920,i,18296124147309465735,5845347123750191232,131072 /prefetch:8
  2⤵
  PID:3404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=4404 --field-trial-handle=1920,i,18296124147309465735,5845347123750191232,131072 /prefetch:1
  2⤵
  PID:1300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=4560 --field-trial-handle=1920,i,18296124147309465735,5845347123750191232,131072 /prefetch:1
  2⤵
  PID:1788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4800 --field-trial-handle=1920,i,18296124147309465735,5845347123750191232,131072 /prefetch:8
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5444 --field-trial-handle=1920,i,18296124147309465735,5845347123750191232,131072 /prefetch:8
  2⤵
  PID:3164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 --field-trial-handle=1920,i,18296124147309465735,5845347123750191232,131072 /prefetch:8
  2⤵
  PID:3344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1684 --field-trial-handle=1920,i,18296124147309465735,5845347123750191232,131072 /prefetch:8
  2⤵
  PID:844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5216 --field-trial-handle=1920,i,18296124147309465735,5845347123750191232,131072 /prefetch:8
  2⤵
  PID:1952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4940 --field-trial-handle=1920,i,18296124147309465735,5845347123750191232,131072 /prefetch:8
  2⤵
  PID:1052
- C:\Users\Admin\Downloads\winrar-x64-701.exe
  "C:\Users\Admin\Downloads\winrar-x64-701.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1276

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3456

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1728

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_x64-.x32.-installer.zip\password.jpg" /ForceBootstrapPaint3D
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3856

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc
1⤵
- Drops file in System32 directory
PID:4036

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:3164

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_x64-.x32.-installer.zip\password.jpg" /ForceBootstrapPaint3D
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4716

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:3284

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1600

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
40KB

MD5
aa12ea792026e66caab5841d4d0b9bab

SHA1
47beeba1239050999e8c98ded40f02ce82a78d3f

SHA256
65fe153a832452e97f5d484440a7047e314d3a83cb61ad2508fed48a820e1de1

SHA512
0b2b1bb8851c60c9d4ab1d039b990a4de5799c97c50b45f64e36a21849c14e785f69196f674ac225b1419d7f501338054074cab6203d041361a4fa1ed8802b27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
33KB

MD5
1aca735014a6bb648f468ee476680d5b

SHA1
6d28e3ae6e42784769199948211e3aa0806fa62c

SHA256
e563f60814c73c0f4261067bd14c15f2c7f72ed2906670ed4076ebe0d6e9244a

SHA512
808aa9af5a3164f31466af4bac25c8a8c3f19910579cf176033359500c8e26f0a96cdc68ccf8808b65937dc87c121238c1c1b0be296d4306d5d197a1e4c38e86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000035

Filesize
89KB

MD5
1be36aae09d89f3ce2788745f621d1df

SHA1
6b7f40678938a8ea41ca8c06bb93e694faf9fead

SHA256
9620d7b8b0aec5d8cea5116c124570c3d4abca8a8eb6edc068724300a74ecdd0

SHA512
1c89a7aa9e0bfaedc46c0137815f9cf527d034430ee0f7bed6af82c270d8ce06be220648455ac32ee0457b63e32653d6ab2a1400786646375ce51e112b4760ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
3878fbeaf0de266c3caeea2f021dc627

SHA1
4c55caa974120fb7829c6d19baf18d7bd1409d98

SHA256
1584a218b1942308afe252af8bca3525cf224e7338bf6ece353d6a8016287f97

SHA512
f22bc78e8e46c1fef9f9a566718676739ca056b327cd02f088b8d96e1b22b5a256adcba4e7c86f6ed729a62646489d32d5ca4a1c4c3a7051d1db5e8f084a5e23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
0c89a5e978b926878260cd8a576add63

SHA1
8e073d86f5015fd4b286b7b27e6632039b7b8169

SHA256
7757678777c46e8dd024010a4845c7413865d5deb872e0e27c5bbb0c22cfee7c

SHA512
b785bdb2f24fe55e3f6d6400c11c595d76995ac662f9bb87f27fc896591ec7fbf6cf5da56a82f78552d4304704d44c455635a17489b2732bec31c37ceb78a215

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
38fd7c65999d2bd743d67da09dc53f5d

SHA1
e381bd88db56cda90a91759ad2c3eeb3ab1efe17

SHA256
04060acf1e6018a5f65cf44b70ee3622325e4eca573707a69b9d8fa44d619b58

SHA512
e6f041c21471e6cc95ba21333dfa1bd265b23d4b4e8bc82e8fbde9d72fc5ff07f5a2f76efd8d97bf94918362b0d195cf22f9022c7d55e248ebb9379c74bcccb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
b997ba23a2e503bd2a60f79a92fafa2f

SHA1
85b2b1b8f5a4e4ce0a32408eb1085fe0b3f575e6

SHA256
2dc115ac61476c382746574e3870acb1a1fe4dfe999c1a47669d7eb58e0491d2

SHA512
07e08ad9beb255904641c3ce417b35771ca0ffd0b3e6f2ab948d09cad98a6be8c68e35b468d49377ab9631a40206e9b16efc2c1e7193f6aa1335e431c53c69aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
816B

MD5
39c0e56b9f0c7e08f7d5fe712584c6e4

SHA1
f2b2e6499869f7d66872ec6ffe6dd46fe6c9522e

SHA256
7ad2c9fa00697bd13ea9fc771da64fec41ddb67d393292abb200dc4de0040482

SHA512
aeab09cf39afaf28ed9d0dbb90daaf5edc402dba8f1ff84affce65a76a711c5c9180f4c866699400debb8e0dd7e638b1228f333a0190adde6beaadc769e017fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
b3153c963e7d8c2d3ca103e66b6904f9

SHA1
350726727cd5e8ea184212c555363b43f75fcdfa

SHA256
b75f2c5b61954ccd639c566264060602e6742583c79eda082d7ab14ae1a158b7

SHA512
0f9d407e3d4ab80212a076f7b86e2beaf90f5c0ec1a0bda4005f5b48b4a6b55dcb1fc7265a644b592d1382facc87a384202f3bb1f55687d179b45e7cfbf39d54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
d9702dd394edc62e7fc2f92388264bfe

SHA1
81da77555828282b18eef3945a143e716e634dc9

SHA256
437328c75d2ce7ca2051d741c0cabf280f566fce67da0d0b23d44162b23c8f01

SHA512
38b15280a7d6214eefd35df3d01c3aa261ddaeecc3859fd2775670208208dbdc876cfb66ce849b692dc9bae9e0fe56ff22bb0785f2fcdeb766eb44bcbfbede94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
34851b95768956a1c0b3d8dcc2ff0ff9

SHA1
80b786ef0f380fab7db610a87033bdf624775c46

SHA256
9b1273f8cc4c25af0e56a364bea29c32980748ad9b4f4cd34d8d89c426d2177a

SHA512
f5299cb5cc7bf020a72a4f4473f62f6a5b457939bd55c6aa2cd0dff7de9c7c9c245061bf90f70e8e8508e6910d9093ae6152d5a45bcd5e170a4a589344e205d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
6f7b8291db76ef2a937a64871008c908

SHA1
a1990718dc2b84ee99266b84cd156a8d920bd0ec

SHA256
e9d8cd92b445649134c93d0035bcb9e26199c1727183927007ce4b8b6d7af4ec

SHA512
9b66890019be04593322e1f95e0561ee5c4e3a07b0ab4a0f1acfb2dafaf61ebb892f62bb04c7e30aeeb40387aecae0a8e33e04d8d08763552c14b11f6bd19826

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
eaaefe6b9c6838b53dbe312c85133023

SHA1
cbe33982f25ca0de8b4a50434c364a41001f338f

SHA256
b1194735b8cbc695a58745ba0230694e4080d2efe762c028eadc78e4a2547be3

SHA512
5ac3c84082d0907a7f3bc5984e071c37bc316154491ab45745d48012ad94f6d9ca9f385ebf2e0ea2fe434af1223b588ccfd56d246b681dcdb09e52c8601ddc48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
83c3fa469cab681e47c9475b413bc45e

SHA1
17e00e2b65cfc274661db634337572770da62268

SHA256
97c332ecfda07edc3034b663f51fa5147fe6fda26a7f3b1db678f4da12c856ff

SHA512
f787b2a2fac93f3647ce37a434129c364a323bfb9f72492551a5d15beabd05509ad81d9a650316dc566889129111fa4e1c0f2a17778c68ce4adbde1a1887d892

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
8b3f269db2678eec5074bed11056f74f

SHA1
ff5f06f850a90f88c9c56c1727f5768a705943a5

SHA256
b092e0a065577550895b29e5a82d0863f3a30ca0841c10ebc7f1615fbc4ac518

SHA512
d6508340fe213555beddad0ef301e32fecca71a3c5040b8bd68fd41f38fc11ec0d9096c51ff045aca4dcd0e5dcc7c83c6cbd1493d8f585f027b9d19d67401b63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
968ebe2c4bb72a5636ebbaa04317279a

SHA1
3d4a69331f324204017f8041b69c22bb0e42582e

SHA256
b67e18d81705f2a8fa5f6da7cf6a65d55efd743eed29710ee1cf735c620e4fcf

SHA512
c2cfbe1b6ebfcf90411e53caedd622b21247ff4feba20a782c2dfb9ea6c9ef2e164d6deebe57955484fffbbe37232bc0f2388410f8a07d0e2d098868710e7551

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1016B

MD5
b52fbc40cf3b2dafad528b4c80d9879f

SHA1
7174e13eaf3957e970237e938122e89be9aea15b

SHA256
3adca179ad94d67feb7c733b3d6a856b991b5f0d3f550858c79e809c39c1405b

SHA512
3045f9b18ae5aba37405871e40dc8ccba5be54e48d5c489c9ba6681b7d26217c66cf52714f47147fa7e2a34632bb527faf05019c9716692c34daf77c023f8510

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cf0e29ab85be6b3a3a3daf2eedad94a7

SHA1
516d19307f733c93a8c2b76c86cf156a943d1dae

SHA256
eb32427ab5c7a39502c5950caaaf3e3282962f644d4504d3179cea87e95c1d40

SHA512
975db5d4a2af4db608b1a6ddab8d5e91728d03dd6d8223a5daf59d64371417857f0964df42206aa3fd84e77bd1cd051ef4970208342d5944de603a604a2d8112

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e27dd4055cba0cbcbe855b8936991d95

SHA1
a17a20b8538303d6b8501bc76e6b653d4889abc4

SHA256
535a4efe8e14682a3316c2d9067dee6242c8774108d8e9bcb7491de27343a6a2

SHA512
924b3d3fbb12eee6ff36c5cdecf7d0a0645b51b4ee93811478024ef0e4f90092be41e115fb0b5d14448c044f03bf639213f891bd9520539ab59001a57f9d0473

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6088574078988de2d78d0a1e857ec835

SHA1
1f4f97d22a05175992dbf3f4de4df10f158a992f

SHA256
5343e43adce15f21b41746164aa4fe5b43d58d8e6965cf59e11a7171cc07ce67

SHA512
c8a96f6a0b69cd66e832657f13efb63549da91d5498a985f9a1045412d118c31b3fe9ffd860b7c6e85f6a984e2eec7efb7064f4d861f603516a63ce3854c6fed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2a01d245b18b9cd4896c23fbebfa5307

SHA1
0a483859f2603e29bdfe8ef7f5162d6d3db6c3a1

SHA256
7541d966a484830eb0f8ffc759582d21a00051bbc9c8515c5f44c51ea45df900

SHA512
3cfd1df3371c33f376d4aa517017335a24f92f505fcc585af761e77788b156c80a918077d05395737871fb59d56470dbc99c1772be790717c6800d6bd76595de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
75429d9882d7f59991a9b2dfbb690c94

SHA1
c41f14c2fbf23e7e1d5ad19e2a356e03168dff57

SHA256
eaa5d5fd2deb69febfbef32d260553d19a79a6533904fe59ba1e954e1a2ccb9b

SHA512
b2c66984dd33b6808179df024d31b711ae44c3371e92ddb9c2e705a00cf3ef0cb5dc028680706a3abe0d1d6ab2b5e651795cf7260f2c79a84989eeb7bbc7d508

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1016B

MD5
0efeed3310054fde2018be2015304a86

SHA1
609c26145bb1bdf7b81f6a1a632ed1857e7f9344

SHA256
7f8ec35c9983acdb23381b1c77cbec0e153958629c40edba7806d8ed7ec6c338

SHA512
ddee8bf3bde060aee7d79cca359b4d77f027a583311a4d13d7ea096492c6b5d6d1a4872cac9bafc4670bde6a4169ebb0368a1bf51b9b36aa5df8d45a5bbbad9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
3c6c1a7f99b7427214fc1f5f9f5e30e7

SHA1
583eb06bcfe6d8fc64c15b4d0327f5f0db39f796

SHA256
21667e148737a0314cae1f4f02637cc097448cc6511c38038bfdad6833adda80

SHA512
4b031c543a00872b7f12ff63d7df8964ea133e05c8a55a610fcacd3fe034c249d53fc188ae0231a941240262df49174c414ead5888360113deeeed86230cb73a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
17a0ee8c83b8cc1e8f93f2a87f70186d

SHA1
5f8d15b08e285b96b3b8fec54a02df10cdb48635

SHA256
886f0b50e492812dc9abff6ce044ed5a88380f36e4abe880f884897208fbfc0a

SHA512
2d14fc37148d2976b692ae8a02a962216e964c38232aa5f12f891d8eb0f2d99e6d4fa8aedf56758151a98d91adae434b4d934e1bf02a27ba13d1971894c5f77f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7541b74bb2ba081f82bed7b938103f01

SHA1
19b9a2f15af4266d502e21a7065e9dade765a329

SHA256
a506a7b184f15c5508cb700b429b49a35602d41b96477247f250568a1bcab71d

SHA512
26556a7358a99303a3050f55c616431bed25d5d4a07396d9109f15a60effd3e099cc3a727e5c7f83d772412275e3f4befd02d138a34a6132300449d577c5eb24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
28544bdef3e304acf0eebc1efbad1837

SHA1
dbf7b9a9032fa2a30ac4b6cb98071ca28eed0116

SHA256
257fd1f5573c349ec531de3b313891fedc6885928d4901746eaa7da33274e744

SHA512
2cf4c7b616ba6f7d4ae4323973d921273899ba6a47711243660b0d95a0aa46274fe6d606ebd7f78e67433da92b438fb01b0d2d6ac57a09dd5263fa5a208c2a06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
376623058bfba6f580177e235bc1cb4d

SHA1
3c9d52a6ccc0363881f04d5b84c299e10b2be843

SHA256
66f9f4f55905b0011f78c00bd5981133db72de84f03fc847fa3ba5ae9d7eb9e7

SHA512
6647eebd6db66d6b4a4169c9400968e899601430c504cf9659058b657aff71449e794ea906a365011d91372f29662f8854d86357b524233210c1c54a3c6f5a3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
63632f4f117ce4725055d7be87971cdc

SHA1
8172ea5ebaff9156c80622ba612408ccdb01a2e5

SHA256
0157016c66aaf9009738c26eba4f78ab36432a591758b7779b0da7a0acaaffe3

SHA512
e95c618fd461eb8fdcbebf650291839e4dc1d79690ea9f68ccb37dccc9043937371cc834ee5a230be78e781bc337debfca42745d3a84de8a07ce4bfab82d63bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c4a9794c19f2f05cebfad09b4ddaf7ad

SHA1
dba0345bac6957ed5b5eddcde5ad71e13d37ca86

SHA256
5e4ac46c0497d6d85b3902df1a5e57d8688326bd7c498c3ec487f0a7e076fe2d

SHA512
386f57d3e67e25ef825eef2d91312ef90c7fa336da2bee28186662824f0d2cb328750393e3c39ff77c83e77501832c0f21c0d1a09bca5a08935a148cb771b4dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
eaa2234c3cc9e9844318226968df3848

SHA1
887056c99d463fccc9320504b84dd1aaed04c368

SHA256
ccb082a5cc3e241cfb59e9eeb8a3f62880596374a0ba0380cf44c7ffc3bb8326

SHA512
32b398509d145018c6594f11449050ff6e1982636d7d340dbf826424f720287f67b46cf1dbeec1f50af6ddcaa726e5c14250ccde81a7b1c377c7930c17f5de86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
3b5358ecce09eb5ec988639250320b36

SHA1
4838d97fb7fb51e496fe0a404c466f1fe961ae3f

SHA256
c08abc75a5189ee982b6f62194fe9edabbbb7a349dcf3bfbcf81afc71a524920

SHA512
a4574fd9dcd0d0dc0fde75a4ccbb6288090501adb415b4c94317a3f566c9ef9cdd9efd54580f8ced7af3c4e670af2d9a29af49e765cb682b3b2a2da1cd2aab35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1d96d5903c49378f803b166f818dc546

SHA1
e79187b9e764842519e6e9c58456eff3dc9f8d34

SHA256
a564d1d0c5d8dab4f539388d8cbdf10b40aa123dec7bed52fede9badff153318

SHA512
9aa728de36c55de8b21e957f95a32db82cda7e90ccace9038539f91dfedc167af8e4ef2718561a9f0d90c5b3949c9124c8fde4ee57490074dea0de7fafb166f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
b7969f84fceb84ed8f041515ef244b09

SHA1
0965ebeadac49aa912ac58f46299cacacdfe3414

SHA256
92d97eb23fbc9000c8d3673bc5e738f5d6e35eadf908668a81a5c57958eb9e36

SHA512
e5b2434418ad681386224f508008257282ace6bffe49ef37c546e70276f5a08ec90863b9bdf8461e488119619d46549b9f5a3c2303f1f1b133a868a671241744

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
54b1d8b336ab0b3565b3491e3aa2e4f5

SHA1
8db5d91822743d7e26a240b1101023f262ada597

SHA256
a944a07e93c21331d3f9726f0834fb63bcb7260d911b910966fd032a87f811c2

SHA512
072c61d0c5f737878e088463ca54f67193aad676c30abb869800c34f966f77a6a9242ddc90a9ca867219f8567eab58b85053496e98085c4e64e2615e60c5eaa3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
5649625958d02cdc8eb63fecae3b834f

SHA1
ce18c7017d2567e3f4330575b70f5a70b82cde31

SHA256
fa3eedab0a500f02f66565cc319fad7f9f478d8dfcf021361c7fdc714521e1fe

SHA512
4ec7b41cd5454101420e4467deea12d2c89c5f5aa0c1b569cea8d5aadd551c6abee3c6cd70335d0d9dc845ee868b6d1924066e2af6a20dc2fa4c094090863b6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
431c54404014615e8673313835c97475

SHA1
3797a749c12a495047de8fb6311e740c7757d109

SHA256
d364651386861ad051727ed8b9035df575c7456303154d6ade0ce67f4c35f369

SHA512
3d5a93bd58f27bc04b2645c5f90dbef42df16cfae9dacd845a24055236a21ec2aaa05a5a667a42c11f3b070bb173b45c5d36a5f0efdc9310c5f76c7903041ac4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
eeff4513a60d307143841b5f698d37b7

SHA1
5812c806ac4171716497b036adfcbd5f378f772e

SHA256
0bb7fa23d47fc7fce8907a7c8520d78450a033b537cd5a270e4b1ddd020185c9

SHA512
c889b541a1ec9fb1ceafc64e99685b1b156e21b1eb12e353cd18c42cb8320283d28fffa51ce5e2b473bc5ad28f25ee86c5b47b503c5d32ca3566c1b673d4ff1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
277KB

MD5
32ed37ed7211ddbe2815be7d9df77583

SHA1
2b84f67a96aa99a879a7cf5926dba0f8733fd658

SHA256
c2970ebaf1fb455f382c4e16d83ea96c9687df7af86303ea947d6cb1c0fc46e0

SHA512
7fa9f42f593f32e3c50ec7736576c8274ef1b24bcf6206e4a12f5482e6b180540aa822b5e65f33cc75941df872c9e36001c7891b76277f256a036291165d1fd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
dfd52f0dc5a5077d5fb0b31908781c32

SHA1
0df398d05df102285edabc4e704d650cfb73414e

SHA256
baa7ed3c4ca6ecc87e6534c9b6e1437d2973f8af58504274c9206500f47b788c

SHA512
c6c0752d5693f61e08021c21537fb3f27a752f875f5f5d165e65a3b808364b1766cebe3faeba45ba3de9b62fc6b7ffc2f99e3760d96b3a13d6fa651ed430e8c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
65dc24a591d9ad3417940f973bb3ee48

SHA1
fe751f6cad2f15d02da0e606b64984a73dab1a0a

SHA256
0aa1b67ea0eb7ad2d97e19ec082271c902b2c4b58d33f268861543f90e03cc8d

SHA512
2ee82340872f9b9c8f70794d94e632c679e21c5a3a38fe4134372eeee66df9b54a5a4e01babf9a01c7c60724270efac7772dae3e2a075aa8ef8680fccda8db14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
104KB

MD5
943fd67a86ce8cb0e83092b4ba206b06

SHA1
3c2edf3cd6e1d7567c8715f4a93dd39de2ee0ffc

SHA256
e4bdb36560222e4be9161ab1f53cd4ec92f9dec19811a750ba99983c3ce14d41

SHA512
81c983c67501f04ddeb574b4dbd7f9227be4f4b31d3c27a2c31542650d98141402c7c8953c9cf3cad1e842884505ba4b55a145ab62d0945881e3f3b6169d73b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
110KB

MD5
4d923fc01a46ea42a38e826c62ec7582

SHA1
163c29f7926b27448d8940b0194ceb6ccc2a2f4b

SHA256
972fa53ff1a0ff81945ceb0a9f2a234d62817fd46461c2f96c8b7fddf6192b9c

SHA512
e1278f042dbeffe4e09ce7687dc0b47fed3385efd142636d07683594f4f4b7282b78c692332a0f7e650428cde80e172b6fec61e700963e5a920143b6ef25be4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
99KB

MD5
1683fc74cb113448aaff31d1ed5e0f25

SHA1
9efae472f400230fa95854dd671b0ab58e9309d4

SHA256
d60fdf213ff2dff6ac74c0a0c372607fa4b300e670ab93ae26374677cd4d23f5

SHA512
ea4c3bd587ae6accc9d824235668b35322356e549db18d9c4de1b432c540c7b1e6c1302b34630b946b554ef3af26a43cd34c2cfe6511411d6ec6a23153159fd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
93KB

MD5
1850214ba45d6bf8736a2b9c3b412523

SHA1
665b604872360fac49843131541ad8f4dee837cb

SHA256
82fc1c72c0f84a251b40720f9b6be7eeb0821c88fa3bf10e65eb38eac42917b3

SHA512
5ebfa93bf054e76d3615b4400d41147214f50bfa2ba69e90249e801162c292afea6f67323c73be29e288b325c11d7f74aee7e6877a293bba4f58781cdc28f83e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57e37a.TMP

Filesize
89KB

MD5
8210a3d3b102b334789e61c4af57ecf4

SHA1
c98d8ab1a6eb14adf3a175f8a471082d6363739f

SHA256
43276a73099f9bd47267f346d9468fee5a691a8ea8a5f29a0456e526a7582a0e

SHA512
1f6ae0e95a7b23e886b436cb17590a96e3060c292477aa9b275ad60773d69e4d03397faf32e1132ce2bd3ce52a5ed71ddf77e7ef295a40ac8862bec5552d85eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\c2a79346-e1d6-4b92-90f0-455c667d60d7.tmp

Filesize
257KB

MD5
359185f51bab36abe7f72692db32d8f3

SHA1
74c19b221708e36132763b4437e655e22eb67836

SHA256
f23ca5a7540d09d180567fcf8d62a2bb5eb87968262dc6e56cd1c2e04775497c

SHA512
398537f0cf3c11f67ca90b6bcc0c28727406ac13d82e6558a5af360c12a15e6822a2f7433580b7f42673a00bbee3adf3828ac95d0129a0967e3af98e5650cbb0

Download Submit
C:\Users\Admin\Downloads\winrar-x64-701.exe

Filesize
3.8MB

MD5
46c17c999744470b689331f41eab7df1

SHA1
b8a63127df6a87d333061c622220d6d70ed80f7c

SHA256
c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a

SHA512
4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6

Download Submit
C:\Users\Admin\Downloads\x64-.x32.-installer.zip.crdownload

Filesize
25.4MB

MD5
efbd616ba83ee131eaed1f2f7d5744aa

SHA1
24c568ad21b29f2a70a5388f6e461ef0a5298d59

SHA256
a908499db6dbd54ad4dbe46c9811e8896dc603882e0e656d1cb891d40e988949

SHA512
55c1d9fc6bd2777672a8a8b27da9671e4b98c43ff326940c12e03f39d27c82895d82c481e99bc518e824c2790813ab824ede9e871220610fd91e3b8da1647fed

Download Submit
memory/1600-651-0x000001B47EB00000-0x000001B47EB01000-memory.dmp

Filesize
4KB

Download
memory/1600-653-0x000001B47EB00000-0x000001B47EB01000-memory.dmp

Filesize
4KB

Download
memory/1600-652-0x000001B47EB00000-0x000001B47EB01000-memory.dmp

Filesize
4KB

Download
memory/1600-654-0x000001B47EB00000-0x000001B47EB01000-memory.dmp

Filesize
4KB

Download
memory/1600-655-0x000001B47EB00000-0x000001B47EB01000-memory.dmp

Filesize
4KB

Download
memory/1600-645-0x000001B47EB00000-0x000001B47EB01000-memory.dmp

Filesize
4KB

Download
memory/1600-646-0x000001B47EB00000-0x000001B47EB01000-memory.dmp

Filesize
4KB

Download
memory/1600-657-0x000001B47EB00000-0x000001B47EB01000-memory.dmp

Filesize
4KB

Download
memory/1600-647-0x000001B47EB00000-0x000001B47EB01000-memory.dmp

Filesize
4KB

Download
memory/1600-656-0x000001B47EB00000-0x000001B47EB01000-memory.dmp

Filesize
4KB

Download
memory/4036-240-0x000001A2F4660000-0x000001A2F4661000-memory.dmp

Filesize
4KB

Download
memory/4036-238-0x000001A2F45E0000-0x000001A2F45E1000-memory.dmp

Filesize
4KB

Download
memory/4036-246-0x000001A2F4700000-0x000001A2F4701000-memory.dmp

Filesize
4KB

Download
memory/4036-232-0x000001A2EB9A0000-0x000001A2EB9B0000-memory.dmp

Filesize
64KB

Download
memory/4036-245-0x000001A2F4700000-0x000001A2F4701000-memory.dmp

Filesize
4KB

Download
memory/4036-244-0x000001A2F4700000-0x000001A2F4701000-memory.dmp

Filesize
4KB

Download
memory/4036-243-0x000001A2F4700000-0x000001A2F4701000-memory.dmp

Filesize
4KB

Download
memory/4036-242-0x000001A2F4660000-0x000001A2F4661000-memory.dmp

Filesize
4KB

Download
memory/4036-227-0x000001A2EB950000-0x000001A2EB960000-memory.dmp

Filesize
64KB

Download