c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a

Analysis

max time kernel
47s
max time network
137s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
27-11-2024 22:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

winrar-x64-701 (1).exe
Size

3.8MB
MD5

46c17c999744470b689331f41eab7df1
SHA1

b8a63127df6a87d333061c622220d6d70ed80f7c
SHA256

c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a
SHA512

4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6
SSDEEP

98304:6NRBOBfKgQIm9EOTqw8vjh9Ac9nUNupK4hVvcF+yHrAr:sR/gmeOqv7Ac9F0kB

Score

5^/10

discovery persistence privilege_escalation

Malware Config

Signatures

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 60 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\WinRAR\Rar.exe	winrar-x64-701 (1).exe
File created	C:\Program Files\WinRAR\RarExtInstaller.exe	winrar-x64-701 (1).exe
File created	C:\Program Files\WinRAR\Uninstall.exe	winrar-x64-701 (1).exe
File created	C:\Program Files\WinRAR\UnRAR.exe	winrar-x64-701 (1).exe
File opened for modification	C:\Program Files\WinRAR\Zip.SFX	winrar-x64-701 (1).exe
File opened for modification	C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-48.png	winrar-x64-701 (1).exe
File opened for modification	C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-64.png	winrar-x64-701 (1).exe
File opened for modification	C:\Program Files\WinRAR\Descript.ion	winrar-x64-701 (1).exe
File opened for modification	C:\Program Files\WinRAR\Default32.SFX	winrar-x64-701 (1).exe
File opened for modification	C:\Program Files\WinRAR\Zip32.SFX	winrar-x64-701 (1).exe
File created	C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-64.png	winrar-x64-701 (1).exe
File created	C:\Program Files\WinRAR\RarExt.dll	winrar-x64-701 (1).exe
File opened for modification	C:\Program Files\WinRAR\UnRAR.exe	winrar-x64-701 (1).exe
File created	C:\Program Files\WinRAR\ReadMe.txt	winrar-x64-701 (1).exe
File created	C:\Program Files\WinRAR\RarExt32.dll	winrar-x64-701 (1).exe
File opened for modification	C:\Program Files\WinRAR\Uninstall.exe	winrar-x64-701 (1).exe
File created	C:\Program Files\WinRAR\License.txt	winrar-x64-701 (1).exe
File opened for modification	C:\Program Files\WinRAR\Rar.txt	winrar-x64-701 (1).exe
File opened for modification	C:\Program Files\WinRAR\RarExtInstaller.exe	winrar-x64-701 (1).exe
File created	C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-48.png	winrar-x64-701 (1).exe
File created	C:\Program Files\WinRAR\Descript.ion	winrar-x64-701 (1).exe
File opened for modification	C:\Program Files\WinRAR\ReadMe.txt	winrar-x64-701 (1).exe
File opened for modification	C:\Program Files\WinRAR\WinRAR.exe	winrar-x64-701 (1).exe
File created	C:\Program Files\WinRAR\WinCon.SFX	winrar-x64-701 (1).exe
File opened for modification	C:\Program Files\WinRAR\WinRAR.chm	winrar-x64-701 (1).exe
File created	C:\Program Files\WinRAR\__tmp_rar_sfx_access_check_259450488	winrar-x64-701 (1).exe
File created	C:\Program Files\WinRAR\WinRAR.exe	winrar-x64-701 (1).exe
File created	C:\Program Files\WinRAR\Resources.pri	winrar-x64-701 (1).exe
File opened for modification	C:\Program Files\WinRAR\WinCon.SFX	winrar-x64-701 (1).exe
File created	C:\Program Files\WinRAR\Rar.exe	winrar-x64-701 (1).exe
File created	C:\Program Files\WinRAR\Default32.SFX	winrar-x64-701 (1).exe
File created	C:\Program Files\WinRAR\WinCon32.SFX	winrar-x64-701 (1).exe
File created	C:\Program Files\WinRAR\Zip32.SFX	winrar-x64-701 (1).exe
File created	C:\Program Files\WinRAR\Order.htm	winrar-x64-701 (1).exe
File created	C:\Program Files\WinRAR\Zip.SFX	winrar-x64-701 (1).exe
File opened for modification	C:\Program Files\WinRAR\License.txt	winrar-x64-701 (1).exe
File opened for modification	C:\Program Files\WinRAR\RarExt.dll	winrar-x64-701 (1).exe
File opened for modification	C:\Program Files\WinRAR\Resources.pri	winrar-x64-701 (1).exe
File opened for modification	C:\Program Files\WinRAR\WinCon32.SFX	winrar-x64-701 (1).exe
File opened for modification	C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-32.png	winrar-x64-701 (1).exe
File opened for modification	C:\Program Files\WinRAR	winrar-x64-701 (1).exe
File created	C:\Program Files\WinRAR\WinRAR.chm	winrar-x64-701 (1).exe
File created	C:\Program Files\WinRAR\zipnew.dat	uninstall.exe
File created	C:\Program Files\WinRAR\RarExtPackage.msix	winrar-x64-701 (1).exe
File opened for modification	C:\Program Files\WinRAR\7zxa.dll	winrar-x64-701 (1).exe
File created	C:\Program Files\WinRAR\Default.SFX	winrar-x64-701 (1).exe
File opened for modification	C:\Program Files\WinRAR\Order.htm	winrar-x64-701 (1).exe
File created	C:\Program Files\WinRAR\7zxa.dll	winrar-x64-701 (1).exe
File opened for modification	C:\Program Files\WinRAR\RarExtPackage.msix	winrar-x64-701 (1).exe
File opened for modification	C:\Program Files\WinRAR\Default.SFX	winrar-x64-701 (1).exe
File created	C:\Program Files\WinRAR\Rar.txt	winrar-x64-701 (1).exe
File opened for modification	C:\Program Files\WinRAR\WhatsNew.txt	winrar-x64-701 (1).exe
File created	C:\Program Files\WinRAR\RarFiles.lst	winrar-x64-701 (1).exe
File opened for modification	C:\Program Files\WinRAR\RarExt32.dll	winrar-x64-701 (1).exe
File created	C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-32.png	winrar-x64-701 (1).exe
File created	C:\Program Files\WinRAR\WhatsNew.txt	winrar-x64-701 (1).exe
File created	C:\Program Files\WinRAR\Uninstall.lst	winrar-x64-701 (1).exe
File opened for modification	C:\Program Files\WinRAR\Uninstall.lst	winrar-x64-701 (1).exe
File created	C:\Program Files\WinRAR\rarnew.dat	uninstall.exe
File opened for modification	C:\Program Files\WinRAR\RarFiles.lst	winrar-x64-701 (1).exe

Executes dropped EXE 1 IoCs

pid	Process
2676	uninstall.exe

Loads dropped DLL 7 IoCs

pid	Process
2816	winrar-x64-701 (1).exe
1144	Process not Found
2676	uninstall.exe
2676	uninstall.exe
1144	Process not Found
3064	chrome.exe
3064	chrome.exe

Modifies system executable filetype association 2 TTPs 8 IoCs

persistence

Modify Registry

T1112

Change Default File Association

T1546.001

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"	uninstall.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3533259084-2542256011-65585152-1000\Software\Microsoft\Internet Explorer\Main	winrar-x64-701 (1).exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\InProcServer32	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\WinRAR32	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\shell\open\command\ = "\"C:\\Program Files\\WinRAR\\WinRAR.exe\" \"%1\""	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\DropHandler\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.cab	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.xz	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinRAR	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.zip\ShellNew\FileName = "C:\\Program Files\\WinRAR\\zipnew.dat"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\DropHandler\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.lz\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\shell\open\command	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\shell	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.lha\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.zst	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\DefaultIcon\ = "C:\\Program Files\\WinRAR\\WinRAR.exe,0"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\DropHandler\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\WinRAR	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.rar\ShellNew	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.tgz\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xz\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\ContextMenuHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.tbz2\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.rev\ = "WinRAR.REV"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.zip	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xxe\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32\ThreadingModel = "Apartment"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.tzst	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.tzst\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\ContextMenuHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\ = "WinRAR archive"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.rar\ShellNew\FileName = "C:\\Program Files\\WinRAR\\rarnew.dat"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.tlz\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.uu	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinRAR32	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.tbz\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.001\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.tlz	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.lzh\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.uue	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR32	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.lzh	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\ContextMenuHandlers	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.arj	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32	uninstall.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2284	chrome.exe
2284	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe
Token: SeShutdownPrivilege	2284	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe
2284	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2816	winrar-x64-701 (1).exe
2816	winrar-x64-701 (1).exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2816 wrote to memory of 2676	2816	winrar-x64-701 (1).exe	31
PID 2816 wrote to memory of 2676	2816	winrar-x64-701 (1).exe	31
PID 2816 wrote to memory of 2676	2816	winrar-x64-701 (1).exe	31
PID 2284 wrote to memory of 536	2284	chrome.exe	34
PID 2284 wrote to memory of 536	2284	chrome.exe	34
PID 2284 wrote to memory of 536	2284	chrome.exe	34
PID 2284 wrote to memory of 2876	2284	chrome.exe	36
PID 2284 wrote to memory of 2876	2284	chrome.exe	36
PID 2284 wrote to memory of 2876	2284	chrome.exe	36
PID 2284 wrote to memory of 2876	2284	chrome.exe	36
PID 2284 wrote to memory of 2876	2284	chrome.exe	36
PID 2284 wrote to memory of 2876	2284	chrome.exe	36
PID 2284 wrote to memory of 2876	2284	chrome.exe	36
PID 2284 wrote to memory of 2876	2284	chrome.exe	36
PID 2284 wrote to memory of 2876	2284	chrome.exe	36
PID 2284 wrote to memory of 2876	2284	chrome.exe	36
PID 2284 wrote to memory of 2876	2284	chrome.exe	36
PID 2284 wrote to memory of 2876	2284	chrome.exe	36
PID 2284 wrote to memory of 2876	2284	chrome.exe	36
PID 2284 wrote to memory of 2876	2284	chrome.exe	36
PID 2284 wrote to memory of 2876	2284	chrome.exe	36
PID 2284 wrote to memory of 2876	2284	chrome.exe	36
PID 2284 wrote to memory of 2876	2284	chrome.exe	36
PID 2284 wrote to memory of 2876	2284	chrome.exe	36
PID 2284 wrote to memory of 2876	2284	chrome.exe	36
PID 2284 wrote to memory of 2876	2284	chrome.exe	36
PID 2284 wrote to memory of 2876	2284	chrome.exe	36
PID 2284 wrote to memory of 2876	2284	chrome.exe	36
PID 2284 wrote to memory of 2876	2284	chrome.exe	36
PID 2284 wrote to memory of 2876	2284	chrome.exe	36
PID 2284 wrote to memory of 2876	2284	chrome.exe	36
PID 2284 wrote to memory of 2876	2284	chrome.exe	36
PID 2284 wrote to memory of 2876	2284	chrome.exe	36
PID 2284 wrote to memory of 2876	2284	chrome.exe	36
PID 2284 wrote to memory of 2876	2284	chrome.exe	36
PID 2284 wrote to memory of 2876	2284	chrome.exe	36
PID 2284 wrote to memory of 2876	2284	chrome.exe	36
PID 2284 wrote to memory of 2876	2284	chrome.exe	36
PID 2284 wrote to memory of 2876	2284	chrome.exe	36
PID 2284 wrote to memory of 2876	2284	chrome.exe	36
PID 2284 wrote to memory of 2876	2284	chrome.exe	36
PID 2284 wrote to memory of 2876	2284	chrome.exe	36
PID 2284 wrote to memory of 2876	2284	chrome.exe	36
PID 2284 wrote to memory of 2876	2284	chrome.exe	36
PID 2284 wrote to memory of 2876	2284	chrome.exe	36
PID 2284 wrote to memory of 2416	2284	chrome.exe	37
PID 2284 wrote to memory of 2416	2284	chrome.exe	37
PID 2284 wrote to memory of 2416	2284	chrome.exe	37
PID 2284 wrote to memory of 2400	2284	chrome.exe	38
PID 2284 wrote to memory of 2400	2284	chrome.exe	38
PID 2284 wrote to memory of 2400	2284	chrome.exe	38
PID 2284 wrote to memory of 2400	2284	chrome.exe	38
PID 2284 wrote to memory of 2400	2284	chrome.exe	38
PID 2284 wrote to memory of 2400	2284	chrome.exe	38
PID 2284 wrote to memory of 2400	2284	chrome.exe	38
PID 2284 wrote to memory of 2400	2284	chrome.exe	38
PID 2284 wrote to memory of 2400	2284	chrome.exe	38
PID 2284 wrote to memory of 2400	2284	chrome.exe	38
PID 2284 wrote to memory of 2400	2284	chrome.exe	38
PID 2284 wrote to memory of 2400	2284	chrome.exe	38
PID 2284 wrote to memory of 2400	2284	chrome.exe	38
PID 2284 wrote to memory of 2400	2284	chrome.exe	38
PID 2284 wrote to memory of 2400	2284	chrome.exe	38
PID 2284 wrote to memory of 2400	2284	chrome.exe	38

C:\Users\Admin\AppData\Local\Temp\winrar-x64-701 (1).exe
"C:\Users\Admin\AppData\Local\Temp\winrar-x64-701 (1).exe"
1⤵
- Drops file in Program Files directory
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2816
- C:\Program Files\WinRAR\uninstall.exe
  "C:\Program Files\WinRAR\uninstall.exe" /setup
  2⤵
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies system executable filetype association
  - Modifies registry class
  PID:2676

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6c79758,0x7fef6c79768,0x7fef6c79778
  2⤵
  PID:536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1172 --field-trial-handle=1272,i,10132514210677528619,2531042071114847589,131072 /prefetch:2
  2⤵
  PID:2876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1492 --field-trial-handle=1272,i,10132514210677528619,2531042071114847589,131072 /prefetch:8
  2⤵
  PID:2416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1604 --field-trial-handle=1272,i,10132514210677528619,2531042071114847589,131072 /prefetch:8
  2⤵
  PID:2400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2280 --field-trial-handle=1272,i,10132514210677528619,2531042071114847589,131072 /prefetch:1
  2⤵
  PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2288 --field-trial-handle=1272,i,10132514210677528619,2531042071114847589,131072 /prefetch:1
  2⤵
  PID:1684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1420 --field-trial-handle=1272,i,10132514210677528619,2531042071114847589,131072 /prefetch:2
  2⤵
  PID:3044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3192 --field-trial-handle=1272,i,10132514210677528619,2531042071114847589,131072 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3472 --field-trial-handle=1272,i,10132514210677528619,2531042071114847589,131072 /prefetch:1
  2⤵
  PID:1884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3676 --field-trial-handle=1272,i,10132514210677528619,2531042071114847589,131072 /prefetch:8
  2⤵
  - Loads dropped DLL
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --instant-process --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3696 --field-trial-handle=1272,i,10132514210677528619,2531042071114847589,131072 /prefetch:1
  2⤵
  PID:2660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3720 --field-trial-handle=1272,i,10132514210677528619,2531042071114847589,131072 /prefetch:8
  2⤵
  PID:1572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3832 --field-trial-handle=1272,i,10132514210677528619,2531042071114847589,131072 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --instant-process --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3728 --field-trial-handle=1272,i,10132514210677528619,2531042071114847589,131072 /prefetch:1
  2⤵
  PID:2272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1968 --field-trial-handle=1272,i,10132514210677528619,2531042071114847589,131072 /prefetch:1
  2⤵
  PID:852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3508 --field-trial-handle=1272,i,10132514210677528619,2531042071114847589,131072 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2348 --field-trial-handle=1272,i,10132514210677528619,2531042071114847589,131072 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4020 --field-trial-handle=1272,i,10132514210677528619,2531042071114847589,131072 /prefetch:1
  2⤵
  PID:616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4048 --field-trial-handle=1272,i,10132514210677528619,2531042071114847589,131072 /prefetch:1
  2⤵
  PID:620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4372 --field-trial-handle=1272,i,10132514210677528619,2531042071114847589,131072 /prefetch:8
  2⤵
  PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4436 --field-trial-handle=1272,i,10132514210677528619,2531042071114847589,131072 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=2332 --field-trial-handle=1272,i,10132514210677528619,2531042071114847589,131072 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4104 --field-trial-handle=1272,i,10132514210677528619,2531042071114847589,131072 /prefetch:1
  2⤵
  PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4020 --field-trial-handle=1272,i,10132514210677528619,2531042071114847589,131072 /prefetch:1
  2⤵
  PID:956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4760 --field-trial-handle=1272,i,10132514210677528619,2531042071114847589,131072 /prefetch:8
  2⤵
  PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 --field-trial-handle=1272,i,10132514210677528619,2531042071114847589,131072 /prefetch:8
  2⤵
  PID:3336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5176 --field-trial-handle=1272,i,10132514210677528619,2531042071114847589,131072 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5400 --field-trial-handle=1272,i,10132514210677528619,2531042071114847589,131072 /prefetch:1
  2⤵
  PID:3840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=3748 --field-trial-handle=1272,i,10132514210677528619,2531042071114847589,131072 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 --field-trial-handle=1272,i,10132514210677528619,2531042071114847589,131072 /prefetch:8
  2⤵
  PID:3408
- C:\Program Files\WinRAR\WinRAR.exe
  "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\Admin\Downloads\Nopde Engine 6.4 (1).rar"
  2⤵
  PID:3372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 --field-trial-handle=1272,i,10132514210677528619,2531042071114847589,131072 /prefetch:8
  2⤵
  PID:3572

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1020

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1704

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x57c
1⤵
PID:1692

C:\Program Files\WinRAR\WinRAR.exe
"C:\Program Files\WinRAR\WinRAR.exe" x -iext -ver -imon1 -- "C:\Users\Admin\Downloads\Nopde Engine 6.4.rar" "?\"
1⤵
PID:3964

C:\Users\Admin\Downloads\Nopde Engine 6.4\Nopde Engine 6.4\Cheat Engine.exe
"C:\Users\Admin\Downloads\Nopde Engine 6.4\Nopde Engine 6.4\Cheat Engine.exe"
1⤵
PID:3616
- C:\Users\Admin\Downloads\Nopde Engine 6.4\Nopde Engine 6.4\Nopdeengine-x86_64.exe
  "C:\Users\Admin\Downloads\Nopde Engine 6.4\Nopde Engine 6.4\Nopdeengine-x86_64.exe"
  2⤵
  PID:3856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\WinRAR\Rar.txt

Filesize
105KB

MD5
b954981a253f5e1ee25585037a0c5fee

SHA1
96566e5c591df1c740519371ee6953ac1dc6a13f

SHA256
59e40b34b09be2654b793576035639c459ad6e962f9f9cd000d556fa21b1c7cd

SHA512
6a7772c6b404cd7fee50110b894ff0c470e5813264e605852b8dcc06bfaeb62b8cc79adcb695b3da149e42d5372a0d730cc7e8ed893c0bd0edb015fc088b7531

Download Submit
C:\Program Files\WinRAR\WhatsNew.txt

Filesize
45KB

MD5
1c44c85fdab8e9c663405cd8e4c3dbbd

SHA1
74d44e9cb2bf6f4c152aadb61b2ffc6b6ccd1c88

SHA256
33108dd40b4e07d60e96e1bcfa4ad877eb4906de2cc55844e40360e5d4dafb5d

SHA512
46d3fb4f2d084d51b6fd01845823100abc81913ebd1b0bcfeb52ef18e8222199d282aa45cae452f0716e0e2bf5520f7a6a254363d22b65f7ab6c10f11292ee2d

Download Submit
C:\Program Files\WinRAR\WinRAR.chm

Filesize
316KB

MD5
6ca1bc8bfe8b929f448e1742dacb8e7f

SHA1
eca3e637db230fa179dcd6c6499bd7d616f211e8

SHA256
997184b6f08d36dedc2cd12ee8dc5afb5e6e4bf77f7ab10f7ade9eefdb163344

SHA512
d823f2c960a4d92129b9bda0f4f9195d32e64b929082b5efb9149546b5053021255d1dd03cb443f0a03106314554f76b94173e280a553a81e4ac2ac282877973

Download Submit
C:\Program Files\WinRAR\WinRAR.exe

Filesize
3.1MB

MD5
53cf9bacc49c034e9e947d75ffab9224

SHA1
7db940c68d5d351e4948f26425cd9aee09b49b3f

SHA256
3b214fd9774c6d96332e50a501c5e467671b8b504070bbb17e497083b7e282c3

SHA512
44c9154b1fdbcf27ab7faee6be5b563a18b2baead3e68b3ea788c6c76cf582f52f3f87bd447a4f6e25ec7d4690761332211659d754fb4e0630c22a372e470bda

Download Submit
C:\Program Files\WinRAR\rarext.dll

Filesize
636KB

MD5
1e86c3bfcc0688bdbe629ed007b184b0

SHA1
793fada637d0d462e3511af3ffaec26c33248fac

SHA256
7b08daee81a32f72dbc10c5163b4d10eb48da8bb7920e9253be296774029f4ef

SHA512
4f8ae58bbf55acb13600217ed0eef09fa5f124682cedd2bfc489d83d921f609b66b0294d8450acb1a85d838adb0e8394dadf5282817dba576571e730704f43ac

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C

Filesize
579B

MD5
f55da450a5fb287e1e0f0dcc965756ca

SHA1
7e04de896a3e666d00e687d33ffad93be83d349e

SHA256
31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0

SHA512
19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DABA17F5E36CBE65640DD2FE24F104E7

Filesize
1KB

MD5
c6150925cfea5941ddc7ff2a0a506692

SHA1
9e99a48a9960b14926bb7f3b02e22da2b0ab7280

SHA256
28689b30e4c306aab53b027b29e36ad6dd1dcf4b953994482ca84bdc1ecac996

SHA512
b3bd41385d72148e03f453e76a45fcd2111a22eff3c7f1e78e41f6744735444e058144ed68af88654ee62b0f117949f35739daad6ad765b8cde1cff92ed2d00c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
15d1ff4014e46bd16ec3e25574f79135

SHA1
4480f802ec08b9a72a1c851ff8ea3a744c989f6a

SHA256
62fb9efc32e345c0a313090efa2d3674d3ab1bacddd0d8650f361164719abfe2

SHA512
ae267fd870f62b762373161e99dbf0103163fbbd6158efb9f888081ddcc3b2663dca5917b5411b6728fdcaac13b0b20f4984023232e2002f5796065d6242108d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C

Filesize
252B

MD5
1223e4c05567978e70bb584aad18aa59

SHA1
53962af450be570cffad28360cd8b908fb801fc0

SHA256
240a2ff986e99ee010c655bc1b10fb05aeb079e5cbf38caa74e5615dc311f751

SHA512
4552d4164acbd85469eb4eba31cfe2093db4e9845c5ee1899c1cd2473699abd86a5371ab9253221a50e078dcc9ed94e65afeb73c27da8c1a0f52d23d7437cff3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
44e964398dee2854764f0409bcc2993f

SHA1
ac5ef8d4bb45187736d8775176d5b5d69671535d

SHA256
8b0365cb66bbe2d9596af0cb6f92ed742a604716427477778aa1df09e707892e

SHA512
79d90a4641480daffc6a9594d7e75caadaccc3facf42f4dde0a37e91a9b09703371e7883a6a3fa37d4ef868b34d2a03cdde477ac2f05dac2a27e10c3d7fe3afc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b36bc93be77b81d744e565d43faae3db

SHA1
f6d2b65f44f7fbc3b41caa3d321223f6e11e03f2

SHA256
b5e459221503176a85e46318924468a9fd01be3e43b5f25b53739a4d45dcc189

SHA512
7c8a94d326cdbbcef690465035a423662e54d7f1c7d17d8575521a262036b477c979e9d2ab968f56adff4f3999b39fb158f6122cd4795b436e7995c32e4b26d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8132c6b3c0dab821bce0f643a92e9c4b

SHA1
35a683a1131181b5656ee809e4ee313c33dd3c35

SHA256
21de1b2e20bdf84b7912aa12a07e290bf57dbeafd926f3744bf3f48dd4cfd54b

SHA512
011450452b0da00dd6c125943b2401b10d15d1ede8b44c9b1f016906d50c549690f0efd3999a2c8f9fe3a6b27d7b929af457c0fabf8ae4c6be8db325a37609fd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a492b5307fb69a81c3dad95192e5bb5c

SHA1
2fb94fcca0e68508b10b6bc42e9dd35a803c2972

SHA256
18005ccf964abd845936b273e6763bc22bb809d957daf14132337e9e2424b277

SHA512
06d5827c5cc57e251a3bb0053e25178ea3188a92f67aeb57202665d1a3452591477eb1b73ba2d7de5011442f11dd8b61e054b4a17825977e07ab9f412e9b8b1b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c786a2a12466871ca7bc3ffbe4055544

SHA1
eae9017e5569d2327ed7095856c1fdab7032afed

SHA256
d6d3f927c71a7c62d9824fdde0816021a31ac087f0de321af10d088774c0b41f

SHA512
784ec2463aba0872de6570276ba073d1ff0a3662878bdc0bfee6fe6190e4a78c847ac327b1e11d60b6a61772193663e68003e01328d686e8f8b6eaaa9a411fba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6958ce8c197238637fe6d8bf5e1c9cac

SHA1
2e0e0b1bf359d570f38754eb69322b8d3ac6fb18

SHA256
2151f072e7ad8f25942b155b0e5fa3e19519b4fda4d76ade1cb2436cee50b367

SHA512
abb283fe7e5d867bb4a712120ee66912192304b8af810fec4bab587dbdf22755943e79bf292be5225e75a67d5b8ad25faefed803aa3acf442b39a72770ba499e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
368dc295ba553ce561cb0ef644093a1f

SHA1
eb87166fbf944cd54d8b7c6de8e9d00c817b21f7

SHA256
f5e7bf5502cf3308cf61b263fe7236cbbb5aefb42b7d1761284fc821bd638e65

SHA512
9d785d63e86d7ad49fe87c868ddaac3c428cdaaa51adb099eaa66e080148315cc1a9e85003a49aea5c8d05c6179cc0549a3f5996a4b3d03df13dcfd5eaeebe74

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
91222e35de412745596c5ccb942ca950

SHA1
775bb20deb0760d095e13ea93805a8927fa749b9

SHA256
6e16661c987f46ea3ed0557f7e75600d03e5bc0d9541224ea40736acae75e881

SHA512
a48714ee538bbade3a94e46d9909c7101ecdcadebff082ec9618d4443c160a074d4fe16a21a72f2af4c9fae1934cfc411c726cfedd48dea032599b86f0f031b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0c830931f544f7eda61931f007aaba46

SHA1
bd3855c04ed75ee14356b1158aa3799e8147241e

SHA256
1678d0a41ff0bbe7b911a8fde042dd81bd1364f80a6c062732218f8e2ca34fad

SHA512
5b0c90eb064b3eb7d1e5ed146d737b12a0bd891b15f4018a27d585ad66f34995f54eed8e1787fa6b3fe5e1d1015cae1efb41c109375c03c4f79f1f4ba27c48f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
132b8f6460a95b3e59a302eb4ffef7eb

SHA1
93e3417a8bc462b19ba483990a733a1a24cd5e4e

SHA256
20d9f91f09d65d8e8c7e675846f8670a08f6ca4a27ec871fdd3bcd311cc57ad8

SHA512
194c8ba9fbc8924ba0d18aecf5f68368f8623d9f83d0bafe91df7d6144a0454d86be4dd08a086fb4a9a2546291a8ff3b005bbce12cb518a3c7c09337532b24f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eb65a29054cef9928e74e8aa22fa41a6

SHA1
ed71f19dacefe729e6e339a73a3add0ed4f99936

SHA256
9fef49df13b3d0db3fef8b2f9b9a16c2d3564b558656b7fded97438ecd680874

SHA512
af54df97e0ff9b5e32bfcec0b1df7bed77825d9e42c89f2e097a88594e8eb147216df5e60498887f0cefaf92bf59d7726b70d26e6b419d0f0152bd74bdbdb03c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1d2265caa14de504c5b1a578da33f8cc

SHA1
6a0ab9953af30651d25a7237060ab78c574de546

SHA256
45c19f100e8eb7db47a5bcd6421d443997ce65e3e967ef40e136e86ab57cdfa5

SHA512
ad10038bd9c36ad009a4a4b55f7ca5bf4f56c7fe50d728653b216c85523b02b9f632f43bd65ba62fbdffc71668f161290617d798bc94ef2c5d7072a97ac6ad42

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d5f97182e32339fec91c563d85d943c8

SHA1
211501fe590f7003562f042d229501648391e0ef

SHA256
9cf50a3fc319094b155499d6e5f62b6adaec9ebff9d7612bdf468b35e2d08d43

SHA512
c5f9e702dcf4b32c01da56477fb2ff7fded28aa2b13fc45d261e5f7cc80ac6b04b36440a97b75652e991bab8d9e653459d655a4910a2fc186bf5fa026016c4a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
80b31d7cb5d35f759abfd74c90bc6cef

SHA1
d80bf7cdc8957a0cbad43c115c0708a87d3a36ce

SHA256
7dc9e8adba72ae95c29f967422ed98a07b6bc863d3e3e4262f4659db834d12e9

SHA512
c0c671d8f6c6d6e1a8fefbac8f53d10cb122ea83d8b383d4f29bcbede60a8e2bc761d20ac0a4b54b6b2c6fb090d03c9972947d3d9b4ddca017cd99c40b29ce58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4e30242bb23e61ac786c0818f34f8d08

SHA1
802af136e5231fda50b75fe9a916abb2b1a4e1ca

SHA256
a5d0d0771c9c2f7025e6e5b34c8df3db7fcc7854036717eada23c7cce34a9cdb

SHA512
c4e873be6ed53292cb1b6176f48546bfded1207ce5e45c0b6781879a9e07d59d189505981801a1f93307047641f37c683c1d5c4caf2e189d874549015a159e80

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f4f76692247996e463f6eb2cb92a9731

SHA1
ba2568ecc0b387c03af46bc60c8126ae8d60789d

SHA256
f58c897f342e3a7cb43991f615e02cc0f9df349f9d830ed49467689d4c6b4194

SHA512
bc517526a54bdfe082620c3f6dcf3e80f574fe04c45188a5bacb99100d982690f1e22080b3adf25a69aa60f343ea4c137f75969fee2d91a93c40524a68ee9405

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d1c19a0488875ecf5f38ba8d4eac2ed3

SHA1
894391e4d6bd9f6cc30b35f64a38d18549b5cf39

SHA256
4c6074415b26cc113c632d9e1c5607376275b9a338447358c560011ead08aa3a

SHA512
07d8ee144f5fbf04bf1bd92d4b7caa3a57f807711999751b5805fd69e5150e10fbc2aa68796abb1629a7d20510b65fda9d65ba224674ea6c8b3e06f317f4a235

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DABA17F5E36CBE65640DD2FE24F104E7

Filesize
276B

MD5
d1b90e0ca61161557a2ea85806f6a145

SHA1
c057177dd3a26c4d85cec7644aa5c2bf56e5b8c6

SHA256
b1f29f46c03b5c489869f8ced8a56daad224a70dff2aeac41bbf375af2ab7f0a

SHA512
edbefb95137f8276cf18ac548616d64bd3d6770f68322e0ae294c2512c4288d3bb275a1406cdd6b6a62ee4a7d6a0ec43aca3629a21512450f962493a8ab1c911

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\107d7fa1-dbc3-455d-9850-68c9ae9592d8.tmp

Filesize
6KB

MD5
224a341eb0882c96dfa66b8933ed1bf9

SHA1
12a60c218ceaef2bc00731c857ec7f4239417187

SHA256
569e6c8e2d360aac1425365d5604a8a2c78245bcaef63268b0ef491c7613902b

SHA512
5ce56fba00ebdf9da25b6ca857d42cbebf775e817107c9dd1f05dad51d52636a9e12df17744b7afc925547370f44780f1ff0da06b8ad50d2ea9cf8d5734d6549

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
20KB

MD5
02d0464758450d87a078aea4e46187a1

SHA1
41154a61b8192c00a4f03e5ce97e44ecc5106e74

SHA256
c6aabc7504bbf101eb3b39fb3f831b61148f34605c48b02ba106aedccde52750

SHA512
9af139023983a975acb29147037f4fa8ca820e15b4c5f471e2cb000909970ffbfda2b210c8330cea93271bfde3732455a545730e242f1a0e59871bdec702b39a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
cdc45b1a5df65f28915617aac81d32cf

SHA1
acbb51c75779ef01b722adb18171c5ce4aac3c5e

SHA256
1f73c485e80e9ad8600e2f8ae2b79a2e454d0930b2ad7c45ade5cf9816863098

SHA512
97fec0569ca9c7f93d8d131cd6c5e03d27e04bdc1ec2236d81426431868e6daed26f65bd4ed53877cd330aa4e7864da86a1e8d48a114d0513469a7ab93713b10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
f9a54d13630cb8eba2173473d257f3b8

SHA1
4046ccedd5e40dbfa1a7f2952c97d051d9c17392

SHA256
9161601ba077913027a6c8d88bbdc083f608f8cc215ead54cf1e87718a8107b0

SHA512
b189c59e956bd9904858b3832949753bedff4bbd84456cd23bd1826e2c7462de16b153ed2db1291e6999711be9f6558f7a9fd0cda74a3f2e7d3559e5f570d78d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
26d4ee5ee950978c9dbe997a18180e70

SHA1
3b1be278e9d103ce8dbe0aec7ff7e0c99f123dc6

SHA256
d29c2acc2b579791787c8e88425505880cd73f23e5f030d7042a2764d146ecd5

SHA512
952077210485467d38aec1dc45f7b8a2a5f54c2f031b9a3c5fa376e2e22e41c855733315dcd3ed43cbb6c331ce2a9b9fa729409a7633e2fdfeaed93f0c953978

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e69ba715a5e1f53404badab9f1de61c0

SHA1
a6c40a1a7d7ec3bbc1e0202b820c10b63e5ef432

SHA256
6267a9f5bc37f1cc8dfa6a209c6fc4f421d6a9654705002607fce739983fdfcc

SHA512
1dec0531fc7bd46cf53288ae44a81d99bf999393a36b3529e4161ebac1474a4688d12db9c123be69373d0a742748a027fd32aadcf97b42594a4be921338fd460

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a01e1f46860a06253dada7ff768338da

SHA1
7d2aefd4bfe9d937bc63016839bb0b33f73c0da9

SHA256
e833336ddc73dcec8ceff518664fc97e440539e1597900b5d4530d0e735660bf

SHA512
210b06c713add5a22bead8188b464a43d66293518569e2317d75c1c8e4f2e828d02781c146881407128b6b9ce8d63e3df1d4da2eb72f8132bc5568e3e2a0040e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
168298019a9970cddda2cc37397304c3

SHA1
85f435770acfe7a1ed7aa48f527b1817d17a8384

SHA256
3bb252380687b33b97774943d015278e308279c5a6898eda918911d8c4b8930e

SHA512
a1cdd0a209bfff593fe55d9788a9d3cbaf96d19a0a0827a7e0d23789f82d57972b1ece33c0404846c3a51bfc032dbb7a037a7108462d5c1b669ad79b016d198b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
959acd068b2cc56bb24ae5b8e877ad2a

SHA1
555ab0a0a2b6125fa96911cbda3dc4e9a28d4fd5

SHA256
79db84926b6b4e3fff8ef15bb197592ddd5ac6a1d29d23efeb11081407b43967

SHA512
1b285ab7d514da7b8899291e94995bb32adcfc03b96e5e68ee6d77dd51043faa69e256447b739ad2105bc342018a442f77746059549d8f6f75cb6c2c1593ae77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f3999a034fe52ccc9e851853c09e0b33

SHA1
379ff545c0393c02cb7ac461cbe6ab17590d23aa

SHA256
c65e57645ddfa05625309fcb27a93a3d937d9a925f3ffde5d184f8311663ccec

SHA512
4f1d4ff083cbe2c5320b25883c081c116c29d99c259598f23addeca4e7ff64b85fc809376cda9e484dde6c41826f6761b411e85ec55d5c403378fbe9d2f71d6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c081694bdaeb77bd04c2c6c89f7c2488

SHA1
f055ad182ab86997c751550cb7bbe72742c8d502

SHA256
3e5d3f14d1c43d18d9a1bf08021280116b359d80576bcd3558ba8e0b8920cdad

SHA512
9dd6a2fc7b9926013f42d791fff33163c1b0051b7f19df49415d19d1aae75f451e98447ff5d0b34c6051aaae67a4da0d32a549b3cb4aac88804236b68a6da490

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
11KB

MD5
a680e67f1e190fccf9f3478b9ee1318b

SHA1
42de07119385a393bba9d8186d28e6eb943e174c

SHA256
020ded820299bc6e7de900181dc3208bc8c1ef17364aff0c2601af0ec6f6bdf7

SHA512
d2969e03f0ddf6195bf3225a7f0e702102d3cd3c0da02e432640a2167291625fe2ab9faa2b7ab73b88a528cfa7cf086f7a9c939f9721df54d60c37a72cee74cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT~RFf77fd91.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
347KB

MD5
e9e119608cc0f4967b14560bc8082ae5

SHA1
53e6a8bc89c6c3d1fa3cc26de803ecbb0fc1ac93

SHA256
9d3f0190d4dbf960bf19df403b3ec730cf529c3c9f822242cbc955f47a9253e1

SHA512
e75969c47c6cc95c7356e51822d81e96cdbd5c8358dc7656b67e64154c4894f5e35ce01562b907ceedcf93b6b01620336aba44464b37549f98812ffcd4a99e29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
347KB

MD5
d594a4f8ce599c00d63d4e76c2c0b136

SHA1
13b04c507d2980043a793b533cdfe81aad0a8868

SHA256
1039d97f828b71036c3c4e0a1ee7edd712f9baec8f444b5f2082a95892eabb13

SHA512
d322c7606c3eac521e5fa40fd662bbe44213f276fc80329fefef2c96a1181f01b3374ff2f75aa430d216e7607ce071b3f5931af2f298878aebf9f5bff4231ddf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
347KB

MD5
077283feea09aa3c24200056f94e5697

SHA1
ccfd72c8e73e9146a7dd8b7dd49a29b3ad23209f

SHA256
d54522fe8dce7f8b22e74b2c591be0daee008f9450874167521d51fd8ab45f0f

SHA512
af4193c5bcce11dd6e3552eb0ab73b533d544da1ccc6aa4b8558e7dd7f43c07fcd068745ae3395fce5de56440b23274a62d057dd50494119c6cdfcd94dd4c831

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
78KB

MD5
3e3a59b6fef478df926690ebce00136f

SHA1
cf55c09e6d4841d293ad884a3ca3787b4b8589a5

SHA256
7b021c0def00182d593bae26d7f1b90d59bdebe999c215a5627352b25c829829

SHA512
cce8b889555383c15fa78b8057faa5c61a78fa2d531d21722e4567bc65428bc7ec81bd282d1f514075864d312b8fb2fa6826455652fbf11ad13523699aab44d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
84KB

MD5
af18abebf535f648545a159e2f2cea59

SHA1
af4e06b2457df9889b16d2bd74b01cea687f004f

SHA256
ca885643aa03d3f327549b43e5d2c49c46f1ecd9f6fd6d67d6ea41b0949b7bed

SHA512
986b58b83e428adcf5695d90d126cdbb50f8c48eec17e1b998442c73e4362d6bf79e4076ed531a3c5b1e334576481ff55e3d6928fafd74b6a9160c9dde361159

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
76KB

MD5
4c4ea4d60cfe83850c6bf0c850d31699

SHA1
e8aad35e429c740d24ae81c203745f3fa30a0668

SHA256
4826a13f17dd554bfe728c3f1d497c5ea96557b878631d451af3b6e0e60febfe

SHA512
c7e42ff39683d6c99edbe05db318062e45530365e682f6bff63777e7728394a5f15eb08f11e5b6f7a5ae3399cae8691de502e40bbea4cf689aad1e4d459c3a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab6625.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar6656.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Roaming\WinRAR\version.dat

Filesize
12B

MD5
280e2efca1f21a8f7c153960c3793de4

SHA1
6b1e0c8c4d25d72e558cba7184f9d8987b06bd10

SHA256
a941fb6b7509c089907ce3ba40f13eead6b7253a1e6c181bd7b68e6d3db704af

SHA512
d215afbfd42f063759372c4c6ed583a6825a47be206d1580ffc88ded0806d9456c0d89cbcc97ff3d4752c78d733c11a30c4d28040801f88c7be93e5d43f89ad3

Download Submit
C:\Users\Admin\Downloads\5fb70105-a6a9-4017-bb5d-c76699ca3e6b.tmp

Filesize
8.9MB

MD5
3b695e5c959b8f9fb1ca13e50aaa6418

SHA1
3cb4c82b73d442b883279261a4eceed965a5195d

SHA256
158e2f077526dd31dc21f9e9c0fdd506e964d56cc6d90df79d25f44ab0c0e31a

SHA512
cb95991ae637567779ea5aafa9b8c60497898f3d25c9916587a4ae4ba40bd2509805e7dcf2057400a91812180dc0baeb020a0b64e3354c83d330959cd6e6df74

Download Submit
C:\Users\Admin\Downloads\Nopde Engine 6.4\Nopde Engine 6.4\Cheat Engine.exe

Filesize
322KB

MD5
295982d345dc29e830c810195b5b6c77

SHA1
915a7dd866e51f268fba852e18b587ee70665428

SHA256
d691857c071ae1e976384d08e8d4125bf329e24498a6df627cde53d9b3e6a57e

SHA512
9fc765233f77874c39c47d939f04e5283f749a9044939b689f5bd7551f2ee0885279dfb8175065f1814a3e65571e3bb740ac3f7ce130eaf7ace43f1d63e13cfd

Download Submit
C:\Users\Admin\Downloads\Nopde Engine 6.4\Nopde Engine 6.4\Nopdeengine-x86_64.exe

Filesize
9.6MB

MD5
874ed548eded576205f07911fbf6969e

SHA1
416dc926a3ac83244e5a943c122b90ffa19d40b8

SHA256
bd931ae3d386d65203e8fe7496bbc1619fe7c72e371ce070919d40a9a54be497

SHA512
ee58318b5999f92730e0ce97251c711bda1b8f6d2fda08da0771a183f57b0226c4f1240ff0cbe988de59e248fd49cb30b780fa5410404d0ef50788d06a3cdaf9

Download Submit
\Program Files\WinRAR\Uninstall.exe

Filesize
477KB

MD5
4783f1a5f0bba7a6a40cb74bc8c41217

SHA1
a22b9dc8074296841a5a78ea41f0e2270f7b7ad7

SHA256
f376aaa0d4444d0727db5598e8377f9f1606400adbbb4772d39d1e4937d5f28c

SHA512
463dff17f06eca41ae76e3c0b2efc4ef36529aa2eaed5163eec0a912fe7802c9fb38c37acfe94b82972861aaf1acf02823a5948fbb3292bb4743641acb99841e

Download Submit