35c13a428541e8a421f32df030f572e259d7efa836ceb402d1b46a7ed393373c

Analysis

max time kernel
126s
max time network
296s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-10-2024 12:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Xworm-V5.6/FastColoredTextBox.dll
Size

333KB
MD5

b746707265772b362c0ba18d8d630061
SHA1

4b185e5f68c00bef441adb737d0955646d4e569a
SHA256

3701b19ccdac79b880b197756a972027e2ac609ebed36753bd989367ea4ef519
SHA512

fd67f6c55940509e8060da53693cb5fbac574eb1e79d5bd8f9bbd43edbd05f68d5f73994798a0eed676d3e583e1c6cde608b54c03604b3818520fa18ad19aec8
SSDEEP

6144:4FErOIif3RzSHh+20lXs1TzCeBcQeDbNlz7:eEeR52bmeh0n

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

2768 chrome.exe
2768 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe
Token: SeShutdownPrivilege	2768	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

Processes:

chrome.exe

pid	process
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

chrome.exe

pid	process
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe
2768	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2768 wrote to memory of 2772	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2772	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2772	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2924	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2924	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2924	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2924	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2924	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2924	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2924	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2924	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2924	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2924	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2924	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2924	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2924	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2924	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2924	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2924	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2924	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2924	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2924	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2924	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2924	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2924	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2924	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2924	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2924	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2924	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2924	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2924	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2924	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2924	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2924	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2924	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2924	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2924	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2924	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2924	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2924	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2924	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2924	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2100	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2100	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 2100	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 332	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 332	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 332	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 332	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 332	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 332	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 332	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 332	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 332	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 332	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 332	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 332	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 332	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 332	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 332	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 332	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 332	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 332	2768	chrome.exe	chrome.exe
PID 2768 wrote to memory of 332	2768	chrome.exe	chrome.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Xworm-V5.6\FastColoredTextBox.dll,#1
1⤵
PID:2384

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6959758,0x7fef6959768,0x7fef6959778
2⤵
PID:2772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1148 --field-trial-handle=1372,i,4254834267564774693,10452837784381788817,131072 /prefetch:2
2⤵
PID:2924

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1480 --field-trial-handle=1372,i,4254834267564774693,10452837784381788817,131072 /prefetch:8
2⤵
PID:2100

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1592 --field-trial-handle=1372,i,4254834267564774693,10452837784381788817,131072 /prefetch:8
2⤵
PID:332

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2268 --field-trial-handle=1372,i,4254834267564774693,10452837784381788817,131072 /prefetch:1
2⤵
PID:2332

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2276 --field-trial-handle=1372,i,4254834267564774693,10452837784381788817,131072 /prefetch:1
2⤵
PID:2304

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1544 --field-trial-handle=1372,i,4254834267564774693,10452837784381788817,131072 /prefetch:2
2⤵
PID:684

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2588 --field-trial-handle=1372,i,4254834267564774693,10452837784381788817,131072 /prefetch:1
2⤵
PID:2976

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2964 --field-trial-handle=1372,i,4254834267564774693,10452837784381788817,131072 /prefetch:8
2⤵
PID:796

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3240 --field-trial-handle=1372,i,4254834267564774693,10452837784381788817,131072 /prefetch:8
2⤵
PID:2224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3652 --field-trial-handle=1372,i,4254834267564774693,10452837784381788817,131072 /prefetch:8
2⤵
PID:1584

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3752 --field-trial-handle=1372,i,4254834267564774693,10452837784381788817,131072 /prefetch:8
2⤵
PID:1428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3248 --field-trial-handle=1372,i,4254834267564774693,10452837784381788817,131072 /prefetch:8
2⤵
PID:2384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3864 --field-trial-handle=1372,i,4254834267564774693,10452837784381788817,131072 /prefetch:1
2⤵
PID:2688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3800 --field-trial-handle=1372,i,4254834267564774693,10452837784381788817,131072 /prefetch:1
2⤵
PID:768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1824 --field-trial-handle=1372,i,4254834267564774693,10452837784381788817,131072 /prefetch:1
2⤵
PID:2972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2468 --field-trial-handle=1372,i,4254834267564774693,10452837784381788817,131072 /prefetch:1
2⤵
PID:1628

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2988 --field-trial-handle=1372,i,4254834267564774693,10452837784381788817,131072 /prefetch:8
2⤵
PID:1152

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=732 --field-trial-handle=1372,i,4254834267564774693,10452837784381788817,131072 /prefetch:8
2⤵
PID:2124

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1192 --field-trial-handle=1372,i,4254834267564774693,10452837784381788817,131072 /prefetch:8
2⤵
PID:2076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4008 --field-trial-handle=1372,i,4254834267564774693,10452837784381788817,131072 /prefetch:8
2⤵
PID:1396

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=660 --field-trial-handle=1372,i,4254834267564774693,10452837784381788817,131072 /prefetch:8
2⤵
PID:2936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2028 --field-trial-handle=1372,i,4254834267564774693,10452837784381788817,131072 /prefetch:8
2⤵
PID:1852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4140 --field-trial-handle=1372,i,4254834267564774693,10452837784381788817,131072 /prefetch:8
2⤵
PID:2108

C:\Users\Admin\Downloads\winrar-x64-701.exe
"C:\Users\Admin\Downloads\winrar-x64-701.exe"
2⤵
PID:912

C:\Program Files\WinRAR\uninstall.exe
"C:\Program Files\WinRAR\uninstall.exe" /setup
3⤵
PID:1956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=3116 --field-trial-handle=1372,i,4254834267564774693,10452837784381788817,131072 /prefetch:1
2⤵
PID:1888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3776 --field-trial-handle=1372,i,4254834267564774693,10452837784381788817,131072 /prefetch:8
2⤵
PID:3036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4136 --field-trial-handle=1372,i,4254834267564774693,10452837784381788817,131072 /prefetch:1
2⤵
PID:1504

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4028 --field-trial-handle=1372,i,4254834267564774693,10452837784381788817,131072 /prefetch:8
2⤵
PID:3060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3996 --field-trial-handle=1372,i,4254834267564774693,10452837784381788817,131072 /prefetch:8
2⤵
PID:2892

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=4412 --field-trial-handle=1372,i,4254834267564774693,10452837784381788817,131072 /prefetch:1
2⤵
PID:2384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4432 --field-trial-handle=1372,i,4254834267564774693,10452837784381788817,131072 /prefetch:8
2⤵
PID:712

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4592 --field-trial-handle=1372,i,4254834267564774693,10452837784381788817,131072 /prefetch:8
2⤵
PID:576

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=4236 --field-trial-handle=1372,i,4254834267564774693,10452837784381788817,131072 /prefetch:1
2⤵
PID:1772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4056 --field-trial-handle=1372,i,4254834267564774693,10452837784381788817,131072 /prefetch:8
2⤵
PID:920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=2680 --field-trial-handle=1372,i,4254834267564774693,10452837784381788817,131072 /prefetch:1
2⤵
PID:2228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 --field-trial-handle=1372,i,4254834267564774693,10452837784381788817,131072 /prefetch:8
2⤵
PID:1676

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\WinRAR\Rar.txt

Filesize
105KB

MD5
b954981a253f5e1ee25585037a0c5fee

SHA1
96566e5c591df1c740519371ee6953ac1dc6a13f

SHA256
59e40b34b09be2654b793576035639c459ad6e962f9f9cd000d556fa21b1c7cd

SHA512
6a7772c6b404cd7fee50110b894ff0c470e5813264e605852b8dcc06bfaeb62b8cc79adcb695b3da149e42d5372a0d730cc7e8ed893c0bd0edb015fc088b7531

Download Submit
C:\Program Files\WinRAR\Uninstall.exe

Filesize
477KB

MD5
4783f1a5f0bba7a6a40cb74bc8c41217

SHA1
a22b9dc8074296841a5a78ea41f0e2270f7b7ad7

SHA256
f376aaa0d4444d0727db5598e8377f9f1606400adbbb4772d39d1e4937d5f28c

SHA512
463dff17f06eca41ae76e3c0b2efc4ef36529aa2eaed5163eec0a912fe7802c9fb38c37acfe94b82972861aaf1acf02823a5948fbb3292bb4743641acb99841e

Download Submit
C:\Program Files\WinRAR\WhatsNew.txt

Filesize
45KB

MD5
1c44c85fdab8e9c663405cd8e4c3dbbd

SHA1
74d44e9cb2bf6f4c152aadb61b2ffc6b6ccd1c88

SHA256
33108dd40b4e07d60e96e1bcfa4ad877eb4906de2cc55844e40360e5d4dafb5d

SHA512
46d3fb4f2d084d51b6fd01845823100abc81913ebd1b0bcfeb52ef18e8222199d282aa45cae452f0716e0e2bf5520f7a6a254363d22b65f7ab6c10f11292ee2d

Download Submit
C:\Program Files\WinRAR\WinRAR.chm

Filesize
316KB

MD5
6ca1bc8bfe8b929f448e1742dacb8e7f

SHA1
eca3e637db230fa179dcd6c6499bd7d616f211e8

SHA256
997184b6f08d36dedc2cd12ee8dc5afb5e6e4bf77f7ab10f7ade9eefdb163344

SHA512
d823f2c960a4d92129b9bda0f4f9195d32e64b929082b5efb9149546b5053021255d1dd03cb443f0a03106314554f76b94173e280a553a81e4ac2ac282877973

Download Submit
C:\Program Files\WinRAR\WinRAR.exe

Filesize
3.1MB

MD5
53cf9bacc49c034e9e947d75ffab9224

SHA1
7db940c68d5d351e4948f26425cd9aee09b49b3f

SHA256
3b214fd9774c6d96332e50a501c5e467671b8b504070bbb17e497083b7e282c3

SHA512
44c9154b1fdbcf27ab7faee6be5b563a18b2baead3e68b3ea788c6c76cf582f52f3f87bd447a4f6e25ec7d4690761332211659d754fb4e0630c22a372e470bda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
69KB

MD5
a4ee0bb2b60437c50324a4c949c9df34

SHA1
cb56f97901584d963b11319b0a91e7346b7be228

SHA256
d7ef33cb53ade4b69b0af64438c9af094314ff94b8701ec2a5a0868e36fc619c

SHA512
75d6eeb2254b989975dcf005ed43e461ece0c7a75313c2d831c42cbd30ee98c6c9a88cb39ed4affa6b56e0d9b16269a077dc30f3dca0ebc08a7a27d3f0fbc911

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
402KB

MD5
44bd6f136a84af8aa9d273ed1c650dce

SHA1
d5f584f049328b5c5bb7a627dbd2c6a555f63ed7

SHA256
1e0c4d4bbbf59ab0eb779635abb6cf93b4d9b026e43d3aa00b8343a01caeae69

SHA512
e161d9374928d2ab4c89408fa5502d2f4c8abbe950fbc419fda667aa576b0e66b9259018f60517a4b18f22b8e0401a7227cb319ff31100ec7d60404758cbe67e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
1fa9d2e1e79ed017558868c6fcf92fa0

SHA1
1a918d8baa2225fb6cb13611b2eb6bf136c9f877

SHA256
385cc3245bbf153d95b645789374cbbf65717106f8365e6cbef898cfc79fda35

SHA512
9e98f2c425adeff84ebeb1784322b9c6ced758c5ff55a4569cf371efa9902c9fea67b6c4d6013fa23dc5ed2dee0c00fb359fd97b824f4220c026217223679cc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
5318e8d1f13efa50d2828ea56a599faa

SHA1
f42de88ad212298655f7a4bc44dadb3d64330c45

SHA256
9d685c26ec4f57525c77f2913186fc07833727faa9c6571fff024a0ad81ae4dc

SHA512
b9f14005638269861f97bc62db04ee22530961b6a5e21ad6a565026b6695cf261b103161e74ca4e5ec0196a9e571d36d02c3599fca27c4bf48dbe4a3f00c3aa7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\000002.dbtmp

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
1dbf1d27cb576f5ef7d6aadeab0cbeeb

SHA1
2dc93579ba137f5059ecc260cd9a7b1cb5ae2bd0

SHA256
63f106e3bb72011fd5657099bcfc21e9d86509bc807f8b8e28e72e363c6c71f5

SHA512
dfabb4024b18928b7b3c6a3490735ad471f026d4a4fc509f805f1b83ab8698c26f2d866baaa1f4f2471b5214720307362e99e38212f591e686742f7a1768ce16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
5aa87bc01b7740d40e1d1e48c8f60f5f

SHA1
59bccacfe27c9e4693c3f12587fcd1d9d72ddf4c

SHA256
c876a90522511c7df55a5d0e3a837713491b58ffe760d1785815d83ed16d169d

SHA512
084f18ae293181c855c739fc2f0f0fcce9d76a9575a52886c2b28af46701faa9273b4904779828ead935b6384b0ea9db5d77227d0a41cb60a474c833d73f04f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
36816755aee494d40aa67e53b12d0c2b

SHA1
de82436543cd56d70d44e09ff662b27ce8164124

SHA256
3bdbcbd7e52b6335a4417b500c7458a8234b8ca191385c0a01d7395a3d442efd

SHA512
cba7ba756467f7775dcfb6395760961d1cf790e9f26787006f0d5e5bbd1000445751434ac1c26a9e441f32c2a1367023adf4e38d34b72ce28710879f9a59d4ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
527B

MD5
73da1860685dc5a84d4abc3a082bae7e

SHA1
f0b8b3c36895794d2ca1bbe9d5ff82f15d16cf70

SHA256
1840f11ef1fb828d0140499a355b9f2fd6c03511bc4a50a7cd1f9ba034694295

SHA512
5af26ade650c2af623e2c10678c1b0320effacd5f3e75cfb074d86116129150d76d8ce19468d01998ce619396e1ad32ca003dabc72fc4bd23ad409a1101c825f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
686B

MD5
d6d09b57cea2118053f494518c4d662b

SHA1
6f57fc1a990344feaa26d41d09270f2bd1465a94

SHA256
e8430737eec93f335439e2a7bf53fcfbd9fe18c80ba96971c52545050967d1c5

SHA512
d0741331c5ba12e26aea23a1d0d118a5aa67742dfea9c4f48b01fa3954a380aa27332692758569a36f26f7a2bc58e6ec4a54369dfaeb23323fe32638635f4f9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
686B

MD5
c5e8fb304403bc3872f3ddbf2ec29b42

SHA1
3e1cea3e4dd0bb13396748cef559dd96dc99d477

SHA256
e6fce7411421d0823261096aecbe908dd7e6e7b119b629cd4563f22458a1b2aa

SHA512
83f45cfb021937f58852fb4514e90d6d3791c36aed8e2cfcf5610c942f743a800a8e76a0fad37d2ebc8a876dfc96503a7f656ff90400d2bcef022d908020ca66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1015B

MD5
fe569138b6581034cea2e7b034058325

SHA1
ea70f2f976a67e786c1ea6d51a50c75ddd8f120f

SHA256
d34a4e58345b11d10f78b4a38c2c8804c5e2a265a4fef1a624cc0126b7689c7e

SHA512
dd183d24da39e32dca6d699373549c57dd958d79eafe8126a50e723965ab3e6d153265f7c1558863783e66820497327f12f2b027382820d6705a439a20377cec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
c6a6583dd687f4e666d3e57c841dcadc

SHA1
eb4059aeda26cd9038b0690ac1ab29dc6b819250

SHA256
50a99db378f2140bf64e83a33a8a1a89013d1a8a5ff895a74c5f0fbb601b8fba

SHA512
f7fcad6b727fe11459bf9b53f32acd7da181ddb0f0abd2ac0f43b3eeba84d8271a5644b65d3b63168e07f3fa39034dc287fbdba069b0aa6920f7d8d0fabaa01d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
688B

MD5
c3fecb46e92df7c369b438da41061301

SHA1
ffeaa978793585a323bdbeb0d017b1dcd6ed5b06

SHA256
d78499534d812826135d7f1f771cee8a968a3936167fab5c616b28429278439b

SHA512
64d030d77b52e978f0913ba8464e3d73cb0f87cf08e4ac13ced6e4d8fd7cca5b66c40d45a3813c114f3d1a349eaeb423b0acef0769c19c79c604cc38bc8d6832

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8218a6dc1f61cc22b3dfd306101c150d

SHA1
285ed858712646b00e31014d58abf9b2aaea8076

SHA256
6f20429feb11e76f728624201b044a19cf71642b0a60bbc6f440640418082651

SHA512
be56aa7c434eee323c224fbb84163cbc89b33be1eab9c5488b39e29cbaa5714b2a1cea5526ae73b59e12d5abd2438e79cca185206814732d326d3dea0db90ae8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3bcd95da9705bb8b1706b59e3bd2bcdc

SHA1
322e10b5e50f5cc672e0873a658f925a805234af

SHA256
43c3dfb04216702c29dded13be1a59f94683ac75062a01fa302c5d38c32875f0

SHA512
5d35f4c4b46eb7a767f79cef615e09e83371996ccac1015ef83e78d2050e190776dbb32071bf12843b839ff1f6df5983225cac3a8d562aec87004d8b3b45ce08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
18099cdf5b00ae9126b1df6b8f1d838f

SHA1
6068ed3e086af664920324186d2dc1bdb863bab4

SHA256
2be8923321ae9be28565d15e2e0e4490d082e1c1492db26a79562820631b0b17

SHA512
c8fc21a84c3f3dc21be08aecfa6d25a8bb2c124b5a005b3e5e208ae3ab872c09e32d226928895847a5b779b61e04d99ddec16032acbf62f379ad6f488c8c6602

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
aa60531c9683f4fec15fd2637caa06e7

SHA1
d63774d7b9a7101796ed9b14e11429e6a0e41fe0

SHA256
8843db58ff668e38cabe38afaba4220c250b5c312bacde934f8372098bb273a0

SHA512
b7a26e1754b5a4cd17ef789a4b59de998ccca942f7425ff5d4875d18cba416a835e006dbcca2006ac7802d578e8e49c7c8a6565de40e2ae0a45bb5a99a329338

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
93e3ea1a03fa1082f9b751e415cb6141

SHA1
921770c381640137f5fd49a87191dce22f869587

SHA256
0742787eedb4a9a54cd838008f5ce52e1ecd6b080f6a3cc01d43a26fabe440d3

SHA512
fba2580d918a9514a0bcbd4f962e7f63b6afee0dbc8e7994abb1116b7cff93a3ad78a1b65d7260947cfd06864746a6567b7cecd7fb4fa8b1cbdf37385c7efa12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
82441f163c7ef410ecc9fe0a47d65c6b

SHA1
6f395f8f350a4cdd16c8f17f239f210444aa8127

SHA256
fe6290e1660a8b63e584f41c628ecb4444d699c055e4db05ff5153c4e765af74

SHA512
69627ba02674423cb04500ec9c47dad5ab8f163c4d890730320a5d22bb452a595972187491c8234ade7167789eafec72612b5ab7b2d165130f68be58c784b515

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
3bd6cea493581462d477150c44263764

SHA1
08b37e54365592a5d0a453dcd0cf1fda3ef29447

SHA256
798e61ff622d0ca90e0c027cea109bc6cb4ba7d32b1cd6670fef1376e633a56c

SHA512
c77657737c267afcad5b017a79ec2b8fa34bbfe70a0cbe54bcdc6ce3d6f686cedc32f063dd889da04b238d0fa5c2ce79421ae9e2ce3ac451b70037a9d7e3ad10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ed34467451194fcf08fceac5f59f8c2e

SHA1
3d367953b3cec7bfd7b6c43190cc1d91dae523e0

SHA256
459ed582317b01225c02245f7f566a7557df69df92e531aa76f19ffcc25f1a69

SHA512
c7c1c5910a6dde96b1c5450cd5ecc7ade619da396cccb5bb3167240fd5fa71542945026a405a4d97f66aac7e93c9ad5e4b704e97951027bddb56b07aae38cebf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
342KB

MD5
9780f62dccc611ee9219cfc0d3a8516c

SHA1
1f5cc59c7ba91acfc7a11ec3e50cea2ddb8e1cf7

SHA256
192fc00fa2cb5302338351857b9d743fccfe5ad0df90dd376b28dc958d96d4d6

SHA512
8d8664869495e73d5b21ca82afd877627136b8fe416826266f1497d0cbc8813812fe32eaf89c2007425f271dc49e616a1af892017eb6c4c555c73bdb798249ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
342KB

MD5
73a6eaee7c4608f94849d63a3fff55bf

SHA1
f5d4131afb1368e26d45968f0fbfa899f52a3964

SHA256
ceac74af520db64f0e5709bc690273447510287d4f11e9c8e98442810478c119

SHA512
5b0d09265658b6d4611449ca632b14b5a30db32241ff16db7c7fb30f43fa4b96408419f82f00559c37f8ea53df8824d92dd4ff139a84b20ab2376e66ed7b0b7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
87KB

MD5
4dcfba79cbd3ba1d4aed2da0e59994ba

SHA1
0f351bb8e651f23c569edb98165f61c5e6f1d2b0

SHA256
eac21e37db8901bd65e5b232ff05e26f31a704a1eeac40d71f175dc0ba2c5c6c

SHA512
0f26b867d53e533674d3dbefe2ff84f3e392812ac70666b746037d4ac2aabfff40d64e962d93d1ac98260c52b8b74b2241a553bd72d783641cdfec9be6db3f1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
91KB

MD5
e688a65463af99cdc664741cd25a8d64

SHA1
1b9e501b326fa0e8b6c49bcc4f1de8071477dc81

SHA256
818ef1d9cb995e0cce6900dfeef586a4548efe703d75a1cadaff4dbd9d644758

SHA512
85f7f1821154c96d674703753e48d1a4c80141064c5e73b3233e0d707c2c22b1fdfcaee127aeff8190a4aa2b1a2521413038f378ed783c6be5d1f03945bc79e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab400F.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4040.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
\??\pipe\crashpad_2768_RTXKLPDCUUYULQQB

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\Users\Admin\Downloads\winrar-x64-701.exe

Filesize
3.8MB

MD5
46c17c999744470b689331f41eab7df1

SHA1
b8a63127df6a87d333061c622220d6d70ed80f7c

SHA256
c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a

SHA512
4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6

Download Submit