c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a

Analysis

max time kernel
139s
max time network
374s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
26-01-2025 07:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

winrar-x64-701[1].exe
Size

3.8MB
MD5

46c17c999744470b689331f41eab7df1
SHA1

b8a63127df6a87d333061c622220d6d70ed80f7c
SHA256

c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a
SHA512

4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6
SSDEEP

98304:6NRBOBfKgQIm9EOTqw8vjh9Ac9nUNupK4hVvcF+yHrAr:sR/gmeOqv7Ac9F0kB

Score

6^/10

discovery persistence privilege_escalation

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 24 IoCs

Web Service

T1102

flow	ioc
138	raw.githubusercontent.com
105	raw.githubusercontent.com
111	raw.githubusercontent.com
115	raw.githubusercontent.com
126	raw.githubusercontent.com
128	raw.githubusercontent.com
135	raw.githubusercontent.com
127	raw.githubusercontent.com
139	raw.githubusercontent.com
137	raw.githubusercontent.com
106	raw.githubusercontent.com
113	raw.githubusercontent.com
117	raw.githubusercontent.com
119	raw.githubusercontent.com
131	raw.githubusercontent.com
133	raw.githubusercontent.com
125	raw.githubusercontent.com
134	raw.githubusercontent.com
109	raw.githubusercontent.com
116	raw.githubusercontent.com
118	raw.githubusercontent.com
121	raw.githubusercontent.com
122	raw.githubusercontent.com
123	raw.githubusercontent.com

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 60 IoCs

description	ioc	Process
File created	C:\Program Files\WinRAR\RarExtInstaller.exe	winrar-x64-701[1].exe
File created	C:\Program Files\WinRAR\Resources.pri	winrar-x64-701[1].exe
File opened for modification	C:\Program Files\WinRAR\Default.SFX	winrar-x64-701[1].exe
File opened for modification	C:\Program Files\WinRAR\Default32.SFX	winrar-x64-701[1].exe
File created	C:\Program Files\WinRAR\WinRAR.chm	winrar-x64-701[1].exe
File opened for modification	C:\Program Files\WinRAR\UnRAR.exe	winrar-x64-701[1].exe
File opened for modification	C:\Program Files\WinRAR\Resources.pri	winrar-x64-701[1].exe
File created	C:\Program Files\WinRAR\Default.SFX	winrar-x64-701[1].exe
File opened for modification	C:\Program Files\WinRAR\Descript.ion	winrar-x64-701[1].exe
File created	C:\Program Files\WinRAR\RarFiles.lst	winrar-x64-701[1].exe
File opened for modification	C:\Program Files\WinRAR\RarFiles.lst	winrar-x64-701[1].exe
File opened for modification	C:\Program Files\WinRAR\Rar.exe	winrar-x64-701[1].exe
File created	C:\Program Files\WinRAR\UnRAR.exe	winrar-x64-701[1].exe
File created	C:\Program Files\WinRAR\WinCon.SFX	winrar-x64-701[1].exe
File created	C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-32.png	winrar-x64-701[1].exe
File created	C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-48.png	winrar-x64-701[1].exe
File opened for modification	C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-48.png	winrar-x64-701[1].exe
File opened for modification	C:\Program Files\WinRAR\WinRAR.exe	winrar-x64-701[1].exe
File created	C:\Program Files\WinRAR\Default32.SFX	winrar-x64-701[1].exe
File opened for modification	C:\Program Files\WinRAR\Uninstall.exe	winrar-x64-701[1].exe
File opened for modification	C:\Program Files\WinRAR\7zxa.dll	winrar-x64-701[1].exe
File created	C:\Program Files\WinRAR\RarExt.dll	winrar-x64-701[1].exe
File opened for modification	C:\Program Files\WinRAR\RarExtPackage.msix	winrar-x64-701[1].exe
File created	C:\Program Files\WinRAR\__tmp_rar_sfx_access_check_259438585	winrar-x64-701[1].exe
File opened for modification	C:\Program Files\WinRAR\Uninstall.lst	winrar-x64-701[1].exe
File created	C:\Program Files\WinRAR\RarExtPackage.msix	winrar-x64-701[1].exe
File opened for modification	C:\Program Files\WinRAR\WinCon32.SFX	winrar-x64-701[1].exe
File created	C:\Program Files\WinRAR\rarnew.dat	uninstall.exe
File created	C:\Program Files\WinRAR\Rar.txt	winrar-x64-701[1].exe
File created	C:\Program Files\WinRAR\Order.htm	winrar-x64-701[1].exe
File opened for modification	C:\Program Files\WinRAR\RarExtInstaller.exe	winrar-x64-701[1].exe
File created	C:\Program Files\WinRAR\zipnew.dat	uninstall.exe
File created	C:\Program Files\WinRAR\Rar.exe	winrar-x64-701[1].exe
File opened for modification	C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-32.png	winrar-x64-701[1].exe
File opened for modification	C:\Program Files\WinRAR\WinRAR.chm	winrar-x64-701[1].exe
File created	C:\Program Files\WinRAR\7zxa.dll	winrar-x64-701[1].exe
File created	C:\Program Files\WinRAR\ReadMe.txt	winrar-x64-701[1].exe
File created	C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-64.png	winrar-x64-701[1].exe
File created	C:\Program Files\WinRAR\License.txt	winrar-x64-701[1].exe
File opened for modification	C:\Program Files\WinRAR\WhatsNew.txt	winrar-x64-701[1].exe
File opened for modification	C:\Program Files\WinRAR\WinCon.SFX	winrar-x64-701[1].exe
File created	C:\Program Files\WinRAR\WinCon32.SFX	winrar-x64-701[1].exe
File created	C:\Program Files\WinRAR\Zip.SFX	winrar-x64-701[1].exe
File created	C:\Program Files\WinRAR\Descript.ion	winrar-x64-701[1].exe
File opened for modification	C:\Program Files\WinRAR\License.txt	winrar-x64-701[1].exe
File created	C:\Program Files\WinRAR\RarExt32.dll	winrar-x64-701[1].exe
File opened for modification	C:\Program Files\WinRAR\Zip.SFX	winrar-x64-701[1].exe
File opened for modification	C:\Program Files\WinRAR\Zip32.SFX	winrar-x64-701[1].exe
File opened for modification	C:\Program Files\WinRAR\ReadMe.txt	winrar-x64-701[1].exe
File created	C:\Program Files\WinRAR\WinRAR.exe	winrar-x64-701[1].exe
File opened for modification	C:\Program Files\WinRAR\RarExt.dll	winrar-x64-701[1].exe
File created	C:\Program Files\WinRAR\Zip32.SFX	winrar-x64-701[1].exe
File opened for modification	C:\Program Files\WinRAR\RarExtLogo.altform-unplated_targetsize-64.png	winrar-x64-701[1].exe
File opened for modification	C:\Program Files\WinRAR	winrar-x64-701[1].exe
File opened for modification	C:\Program Files\WinRAR\Rar.txt	winrar-x64-701[1].exe
File created	C:\Program Files\WinRAR\WhatsNew.txt	winrar-x64-701[1].exe
File opened for modification	C:\Program Files\WinRAR\Order.htm	winrar-x64-701[1].exe
File opened for modification	C:\Program Files\WinRAR\RarExt32.dll	winrar-x64-701[1].exe
File created	C:\Program Files\WinRAR\Uninstall.lst	winrar-x64-701[1].exe
File created	C:\Program Files\WinRAR\Uninstall.exe	winrar-x64-701[1].exe

Executes dropped EXE 1 IoCs

pid	Process
2044	uninstall.exe

Loads dropped DLL 8 IoCs

pid	Process
2504	winrar-x64-701[1].exe
1424	Process not Found
2044	uninstall.exe
2044	uninstall.exe
1424	Process not Found
1424	Process not Found
2292	chrome.exe
2292	chrome.exe

Modifies system executable filetype association 2 TTPs 8 IoCs

persistence

Modify Registry

T1112

Change Default File Association

T1546.001

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\	uninstall.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Internet Explorer\Main	winrar-x64-701[1].exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.tlz\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.tzst	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\DefaultIcon	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.uu	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.txz	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinRAR	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\shell	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.cab\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.tar	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.tgz	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.tzst\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\shell\open\command\ = "\"C:\\Program Files\\WinRAR\\WinRAR.exe\" \"%1\""	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.rar\ShellNew\FileName = "C:\\Program Files\\WinRAR\\rarnew.dat"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.gz	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shell	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\WinRAR32	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.tbz\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xz\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.001	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\DefaultIcon	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\ = "RAR recovery volume"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\WinRAR32\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\ContextMenuHandlers	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\ContextMenuHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}\InProcServer32\ThreadingModel = "Apartment"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\DefaultIcon\ = "C:\\Program Files\\WinRAR\\WinRAR.exe,0"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\ContextMenuHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.z\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\ = "WinRAR ZIP archive"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\InProcServer32\ThreadingModel = "Apartment"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\ContextMenuHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex\ContextMenuHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.taz\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\ = "WinRAR archive"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shell\open	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.lzh\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.zipx\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.rev\ = "WinRAR.REV"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinRAR\ = "{B41DB860-64E4-11D2-9906-E49FADC173CA}"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.xxe\ = "WinRAR"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.REV\DefaultIcon\ = "C:\\Program Files\\WinRAR\\WinRAR.exe,1"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR.ZIP\shellex	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\WinRAR32	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.zip\ShellNew	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.bz\ = "WinRAR"	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shell\open	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\DropHandler\ = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\PropertySheetHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\	uninstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shellex\ContextMenuHandlers\{B41DB860-64E4-11D2-9906-E49FADC173CA}\	uninstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.zip	uninstall.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1340	chrome.exe
1340	chrome.exe
2888	chrome.exe
2888	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe
Token: SeShutdownPrivilege	1340	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
2888	chrome.exe
2888	chrome.exe
2888	chrome.exe
2888	chrome.exe
2888	chrome.exe
2888	chrome.exe
2888	chrome.exe
2888	chrome.exe
2888	chrome.exe
2888	chrome.exe
2888	chrome.exe
2888	chrome.exe
2888	chrome.exe
2888	chrome.exe
2888	chrome.exe
2888	chrome.exe
2888	chrome.exe
2888	chrome.exe
2888	chrome.exe
2888	chrome.exe
2888	chrome.exe
2888	chrome.exe
2888	chrome.exe
2888	chrome.exe
2888	chrome.exe
2888	chrome.exe
2888	chrome.exe
2888	chrome.exe
2888	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
1340	chrome.exe
2888	chrome.exe
2888	chrome.exe
2888	chrome.exe
2888	chrome.exe
2888	chrome.exe
2888	chrome.exe
2888	chrome.exe
2888	chrome.exe
2888	chrome.exe
2888	chrome.exe
2888	chrome.exe
2888	chrome.exe
2888	chrome.exe
2888	chrome.exe
2888	chrome.exe
2888	chrome.exe
2888	chrome.exe
2888	chrome.exe
2888	chrome.exe
2888	chrome.exe
2888	chrome.exe
2888	chrome.exe
2888	chrome.exe
2888	chrome.exe
2888	chrome.exe
2888	chrome.exe
2888	chrome.exe
2888	chrome.exe
2888	chrome.exe
2888	chrome.exe
2888	chrome.exe
2888	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2504	winrar-x64-701[1].exe
2504	winrar-x64-701[1].exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2504 wrote to memory of 2044	2504	winrar-x64-701[1].exe	30
PID 2504 wrote to memory of 2044	2504	winrar-x64-701[1].exe	30
PID 2504 wrote to memory of 2044	2504	winrar-x64-701[1].exe	30
PID 1340 wrote to memory of 1376	1340	chrome.exe	33
PID 1340 wrote to memory of 1376	1340	chrome.exe	33
PID 1340 wrote to memory of 1376	1340	chrome.exe	33
PID 1340 wrote to memory of 2952	1340	chrome.exe	35
PID 1340 wrote to memory of 2952	1340	chrome.exe	35
PID 1340 wrote to memory of 2952	1340	chrome.exe	35
PID 1340 wrote to memory of 2952	1340	chrome.exe	35
PID 1340 wrote to memory of 2952	1340	chrome.exe	35
PID 1340 wrote to memory of 2952	1340	chrome.exe	35
PID 1340 wrote to memory of 2952	1340	chrome.exe	35
PID 1340 wrote to memory of 2952	1340	chrome.exe	35
PID 1340 wrote to memory of 2952	1340	chrome.exe	35
PID 1340 wrote to memory of 2952	1340	chrome.exe	35
PID 1340 wrote to memory of 2952	1340	chrome.exe	35
PID 1340 wrote to memory of 2952	1340	chrome.exe	35
PID 1340 wrote to memory of 2952	1340	chrome.exe	35
PID 1340 wrote to memory of 2952	1340	chrome.exe	35
PID 1340 wrote to memory of 2952	1340	chrome.exe	35
PID 1340 wrote to memory of 2952	1340	chrome.exe	35
PID 1340 wrote to memory of 2952	1340	chrome.exe	35
PID 1340 wrote to memory of 2952	1340	chrome.exe	35
PID 1340 wrote to memory of 2952	1340	chrome.exe	35
PID 1340 wrote to memory of 2952	1340	chrome.exe	35
PID 1340 wrote to memory of 2952	1340	chrome.exe	35
PID 1340 wrote to memory of 2952	1340	chrome.exe	35
PID 1340 wrote to memory of 2952	1340	chrome.exe	35
PID 1340 wrote to memory of 2952	1340	chrome.exe	35
PID 1340 wrote to memory of 2952	1340	chrome.exe	35
PID 1340 wrote to memory of 2952	1340	chrome.exe	35
PID 1340 wrote to memory of 2952	1340	chrome.exe	35
PID 1340 wrote to memory of 2952	1340	chrome.exe	35
PID 1340 wrote to memory of 2952	1340	chrome.exe	35
PID 1340 wrote to memory of 2952	1340	chrome.exe	35
PID 1340 wrote to memory of 2952	1340	chrome.exe	35
PID 1340 wrote to memory of 2952	1340	chrome.exe	35
PID 1340 wrote to memory of 2952	1340	chrome.exe	35
PID 1340 wrote to memory of 2952	1340	chrome.exe	35
PID 1340 wrote to memory of 2952	1340	chrome.exe	35
PID 1340 wrote to memory of 2952	1340	chrome.exe	35
PID 1340 wrote to memory of 2952	1340	chrome.exe	35
PID 1340 wrote to memory of 2952	1340	chrome.exe	35
PID 1340 wrote to memory of 2952	1340	chrome.exe	35
PID 1340 wrote to memory of 1960	1340	chrome.exe	36
PID 1340 wrote to memory of 1960	1340	chrome.exe	36
PID 1340 wrote to memory of 1960	1340	chrome.exe	36
PID 1340 wrote to memory of 2260	1340	chrome.exe	37
PID 1340 wrote to memory of 2260	1340	chrome.exe	37
PID 1340 wrote to memory of 2260	1340	chrome.exe	37
PID 1340 wrote to memory of 2260	1340	chrome.exe	37
PID 1340 wrote to memory of 2260	1340	chrome.exe	37
PID 1340 wrote to memory of 2260	1340	chrome.exe	37
PID 1340 wrote to memory of 2260	1340	chrome.exe	37
PID 1340 wrote to memory of 2260	1340	chrome.exe	37
PID 1340 wrote to memory of 2260	1340	chrome.exe	37
PID 1340 wrote to memory of 2260	1340	chrome.exe	37
PID 1340 wrote to memory of 2260	1340	chrome.exe	37
PID 1340 wrote to memory of 2260	1340	chrome.exe	37
PID 1340 wrote to memory of 2260	1340	chrome.exe	37
PID 1340 wrote to memory of 2260	1340	chrome.exe	37
PID 1340 wrote to memory of 2260	1340	chrome.exe	37
PID 1340 wrote to memory of 2260	1340	chrome.exe	37

C:\Users\Admin\AppData\Local\Temp\winrar-x64-701[1].exe
"C:\Users\Admin\AppData\Local\Temp\winrar-x64-701[1].exe"
1⤵
- Drops file in Program Files directory
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2504
- C:\Program Files\WinRAR\uninstall.exe
  "C:\Program Files\WinRAR\uninstall.exe" /setup
  2⤵
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies system executable filetype association
  - Modifies registry class
  PID:2044

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5699758,0x7fef5699768,0x7fef5699778
  2⤵
  PID:1376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1180,i,10378689124150452391,17189443011553146485,131072 /prefetch:2
  2⤵
  PID:2952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1492 --field-trial-handle=1180,i,10378689124150452391,17189443011553146485,131072 /prefetch:8
  2⤵
  PID:1960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1548 --field-trial-handle=1180,i,10378689124150452391,17189443011553146485,131072 /prefetch:8
  2⤵
  PID:2260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2168 --field-trial-handle=1180,i,10378689124150452391,17189443011553146485,131072 /prefetch:1
  2⤵
  PID:1824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2176 --field-trial-handle=1180,i,10378689124150452391,17189443011553146485,131072 /prefetch:1
  2⤵
  PID:2824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2780 --field-trial-handle=1180,i,10378689124150452391,17189443011553146485,131072 /prefetch:2
  2⤵
  PID:1092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2804 --field-trial-handle=1180,i,10378689124150452391,17189443011553146485,131072 /prefetch:1
  2⤵
  PID:1604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3644 --field-trial-handle=1180,i,10378689124150452391,17189443011553146485,131072 /prefetch:8
  2⤵
  - Loads dropped DLL
  PID:2292

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1096

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5699758,0x7fef5699768,0x7fef5699778
  2⤵
  PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1164 --field-trial-handle=1288,i,12610999270850232406,12113189913750345208,131072 /prefetch:2
  2⤵
  PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1400 --field-trial-handle=1288,i,12610999270850232406,12113189913750345208,131072 /prefetch:8
  2⤵
  PID:1980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1572 --field-trial-handle=1288,i,12610999270850232406,12113189913750345208,131072 /prefetch:8
  2⤵
  PID:2172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2244 --field-trial-handle=1288,i,12610999270850232406,12113189913750345208,131072 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2252 --field-trial-handle=1288,i,12610999270850232406,12113189913750345208,131072 /prefetch:1
  2⤵
  PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1668 --field-trial-handle=1288,i,12610999270850232406,12113189913750345208,131072 /prefetch:2
  2⤵
  PID:2124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1528 --field-trial-handle=1288,i,12610999270850232406,12113189913750345208,131072 /prefetch:1
  2⤵
  PID:320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3784 --field-trial-handle=1288,i,12610999270850232406,12113189913750345208,131072 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3016 --field-trial-handle=1288,i,12610999270850232406,12113189913750345208,131072 /prefetch:1
  2⤵
  PID:2524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3600 --field-trial-handle=1288,i,12610999270850232406,12113189913750345208,131072 /prefetch:8
  2⤵
  PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1692 --field-trial-handle=1288,i,12610999270850232406,12113189913750345208,131072 /prefetch:1
  2⤵
  PID:1536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3724 --field-trial-handle=1288,i,12610999270850232406,12113189913750345208,131072 /prefetch:8
  2⤵
  PID:1968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2724 --field-trial-handle=1288,i,12610999270850232406,12113189913750345208,131072 /prefetch:1
  2⤵
  PID:2864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2740 --field-trial-handle=1288,i,12610999270850232406,12113189913750345208,131072 /prefetch:8
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1780 --field-trial-handle=1288,i,12610999270850232406,12113189913750345208,131072 /prefetch:8
  2⤵
  PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2720 --field-trial-handle=1288,i,12610999270850232406,12113189913750345208,131072 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1288,i,12610999270850232406,12113189913750345208,131072 /prefetch:8
  2⤵
  PID:1724
- C:\Program Files\WinRAR\WinRAR.exe
  "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\Admin\Downloads\02ca4397da55b3175aaa1ad2c99981e792f66151 (1).zip"
  2⤵
  PID:3012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3020 --field-trial-handle=1288,i,12610999270850232406,12113189913750345208,131072 /prefetch:8
  2⤵
  PID:688

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2876

C:\Program Files\WinRAR\WinRAR.exe
"C:\Program Files\WinRAR\WinRAR.exe" x -iext -ver -imon1 -- "C:\Users\Admin\Downloads\02ca4397da55b3175aaa1ad2c99981e792f66151 (1).zip" C:\Users\Admin\Downloads\
1⤵
PID:2596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\WinRAR\Rar.txt

Filesize
105KB

MD5
b954981a253f5e1ee25585037a0c5fee

SHA1
96566e5c591df1c740519371ee6953ac1dc6a13f

SHA256
59e40b34b09be2654b793576035639c459ad6e962f9f9cd000d556fa21b1c7cd

SHA512
6a7772c6b404cd7fee50110b894ff0c470e5813264e605852b8dcc06bfaeb62b8cc79adcb695b3da149e42d5372a0d730cc7e8ed893c0bd0edb015fc088b7531

Download Submit
C:\Program Files\WinRAR\WhatsNew.txt

Filesize
45KB

MD5
1c44c85fdab8e9c663405cd8e4c3dbbd

SHA1
74d44e9cb2bf6f4c152aadb61b2ffc6b6ccd1c88

SHA256
33108dd40b4e07d60e96e1bcfa4ad877eb4906de2cc55844e40360e5d4dafb5d

SHA512
46d3fb4f2d084d51b6fd01845823100abc81913ebd1b0bcfeb52ef18e8222199d282aa45cae452f0716e0e2bf5520f7a6a254363d22b65f7ab6c10f11292ee2d

Download Submit
C:\Program Files\WinRAR\WinRAR.chm

Filesize
316KB

MD5
6ca1bc8bfe8b929f448e1742dacb8e7f

SHA1
eca3e637db230fa179dcd6c6499bd7d616f211e8

SHA256
997184b6f08d36dedc2cd12ee8dc5afb5e6e4bf77f7ab10f7ade9eefdb163344

SHA512
d823f2c960a4d92129b9bda0f4f9195d32e64b929082b5efb9149546b5053021255d1dd03cb443f0a03106314554f76b94173e280a553a81e4ac2ac282877973

Download Submit
C:\Program Files\WinRAR\WinRAR.exe

Filesize
3.1MB

MD5
53cf9bacc49c034e9e947d75ffab9224

SHA1
7db940c68d5d351e4948f26425cd9aee09b49b3f

SHA256
3b214fd9774c6d96332e50a501c5e467671b8b504070bbb17e497083b7e282c3

SHA512
44c9154b1fdbcf27ab7faee6be5b563a18b2baead3e68b3ea788c6c76cf582f52f3f87bd447a4f6e25ec7d4690761332211659d754fb4e0630c22a372e470bda

Download Submit
C:\Program Files\WinRAR\rarext.dll

Filesize
636KB

MD5
1e86c3bfcc0688bdbe629ed007b184b0

SHA1
793fada637d0d462e3511af3ffaec26c33248fac

SHA256
7b08daee81a32f72dbc10c5163b4d10eb48da8bb7920e9253be296774029f4ef

SHA512
4f8ae58bbf55acb13600217ed0eef09fa5f124682cedd2bfc489d83d921f609b66b0294d8450acb1a85d838adb0e8394dadf5282817dba576571e730704f43ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\4c8d6dab-d43e-4900-bb84-47150e5b198d.tmp

Filesize
339KB

MD5
c6c31ecb1734c0de31fd1e2fa4a428cb

SHA1
5ee73acb693e093d161678cc9070b3ecaede296d

SHA256
21c4319d4be54f532ca944418b7e170964743a205ba811414875b56cc906bf86

SHA512
e0fce96e05c1ad9010e4d8486ef7d76fe11ef20f92a58d6d0f886ac16423b621c9e7aceb6136f434cb02c9a3f073726064bd88a7792d5923e97388dcbdc7c737

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
4af14b992d16a9097ddb4009c70b96b9

SHA1
2606b4a060c324c2048ea8d54374d4f2402886eb

SHA256
6ed45c34d54bb5f6e8b2a14aeb78406c243ca3d5eecd7a00089957e8c98dc7ce

SHA512
3d7642f60e8a54040b80872747cd6f37017c77ad3ec3f4370fe5641f8a0b76ffbf59f6592f9851d35ee192789b525e2e20d9cabb4c52f00cc08ea3bd94fa8987

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\196de3b5-0b84-4832-88fc-c44ebdbb4d72.tmp

Filesize
7KB

MD5
780b37e961015abf0c9c690a1c0702ab

SHA1
fecf0fb838814eb86d770b7c1cec063345b8d715

SHA256
6c5da0dc605f50b043e80597231d04441dbd3e0941ec5ea9bcc9e70ec88812d3

SHA512
5f3f93a6f2f4282ebe142dabc12ffb7f1f8675a3c42dfb9ee9b89318e026d0f528e850675bab353dbb99589541a4ab52ee73aca949f086257b2eae3150e6989c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
1e0090465ceac113212b3c745d0db85d

SHA1
f8d11fb0935c7c06e5019c8283299eb89a2862ed

SHA256
8e2714ec3bd10c87a10c856b14f5ed5cd20e88ad511ebcdcf783a070d777d385

SHA512
68694c0a03fda05c5cb6cb7500a69dbcac32e8e67dc766c59a7e655fc9a43cdc872fff21bb97f9a84b040e42e6db1df994a6302c9bc878539d6d208a14119d0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
66e7b63c662b5af72837b4001ebc457f

SHA1
ae769e051e69e63e5010927fa0cf9d83c3002268

SHA256
c7301856007aa48348acd7306f3dcd7c68cf8cf5a7b1ed7c76e63952274ade4b

SHA512
a75c85d4f38162946253ec4b9b9f0cfaf50d820d13244b95377f197cc3ccb788b3d94975447de6fadb0cc8e985834dc6ec5ff1a6ab43ae248b2750facd06c856

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
a208abd4357167a6aaa755532fb2be6c

SHA1
35e8e4b9ee7f94a62a9c1e7b4234c06e6936d7f9

SHA256
5f1bdd78fbce75b4055be1c447f9d868029bd4082d3ad1b0bd650cbb265b23cc

SHA512
06403b10112d39bcee5c0ced2140ff62ca61486450d41b35efdf147e2c54c4d453b132cee7aa0518c3e37548502c4dede17fe9d0fb0422f82d35c85a5f6876cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
215KB

MD5
7b49e7ed72d5c3ab75ea4aa12182314a

SHA1
1338fc8f099438e5465615ace45c245450f98c84

SHA256
747c584047f6a46912d5c5354b6186e04ea24cf61246a89c57077faf96679db6

SHA512
6edf4594e2b850f3ede5a68738e6482dd6e9a5312bffa61b053312aa383df787641f6747ac91fa71bb80c51ed52a0c23cc911f063cd6e322d9a1210aea64e985

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
7c8e89a133728e816a52bee570c31104

SHA1
fba09d7aa57a093f29577ed8ad36df397e94838b

SHA256
3a919869b2b7f4a4e1612509173257a6fd20b7a05712b146c853beddea8fe077

SHA512
7d19b593ac204abada00ae01f25e27e3c630ea5dc906ff45b43deb681108efa7e63651f745f7aa333703872584ffa9eb84523ee8d2c2c6bb7d77eb029f19048e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
51743f0be53b5a3d736e302139865bb0

SHA1
4cf0c1e9ac54adcc4af5e32cd78c3c929acc7a51

SHA256
c6befa75f67929a933bb630f8d453a11dbd4a4b846a4b3f12a61a00ccb1617a6

SHA512
4e7107cde93855eb018fe438eb1086bea2edc06ff4d093419901da1352f07437e33027c2e745b84bb06d0b61e5891af981deaffed1f7e4efddf84d9056ff78d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000009.dbtmp

Filesize
16B

MD5
979c29c2917bed63ccf520ece1d18cda

SHA1
65cd81cdce0be04c74222b54d0881d3fdfe4736c

SHA256
b3524365a633ee6d1fa9953638d2867946c515218c497a5ec2dbef7dc44a7c53

SHA512
e38f694fd6ab9f678ae156528230d7a8bfb7b59a13b227f59f9c38ab5617db11ebb6be1276323a905d09c4066a3fe820cf58077ab48bf201f3c467a98516ee7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
136B

MD5
e4e1a18da229478d486dd681f47ab6b7

SHA1
925350bc01e1f32f958c5f7ac4da3f3f9c0c2708

SHA256
57b2852e79952aefb6e331cce7d106768c7e1e6169a71cda2a27f22283900bea

SHA512
df2036e93ecfbeb193ae79f967498d618703919ec46f50fce4d6953e70ea686742817ca3cb3a863957ea2dc4d84865222d60f7fb7ea4c430d934f0a4a7f09468

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000008.dbtmp

Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
148KB

MD5
8c3ca1186ac7f7dc12a8cc8c1dd052b8

SHA1
0f17f19088149dc59b25d6a347ee2733c99cb397

SHA256
4623256bfdf223110fa9e376e71f9aa6bd6ee6ac1debcd150a0b27b445702c7e

SHA512
d7fcb6807eeeb723f5fb3a4bb7b18081f8182cfbc98e381fbdba479dc983b50694686b1a25e7c196e5b3d7b72a57e91e2acbf5947b699feed5c8174ec6c2c076

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
136B

MD5
473b13d44023308fa0ba99d713774978

SHA1
0fe7b4e9c2538a49c9ef4feceb515847d6516169

SHA256
d67e7810a477a4d1861612d606fda72d0d9616a1c602bcfd402cfd65da8aa8dc

SHA512
1eaf45f184a3a9438e9c6cf527a5e454623b016a8594efe7fe0debf44f87b90c74eff772a8a6e3ad9e8ecdca8bc03f6b9774461508995631d43b5690137ecb2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
828B

MD5
4b65e3b5ca51d77fdbfba6459eed2c86

SHA1
282fd89caa8aac49b41c056b609f09e50c21568e

SHA256
075601bca3b829ecf26ca39b27be2264eee352aa76224b0f2a969959291f2bd9

SHA512
ad326ee560f4485d45735dc6d712d649b085296828c7b19570705e3ef62ac9e5489ececc11db3862a19176c2c34b92d10cbec82c8ff5d7f144322a4842515234

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
33b304176441bd45c8d72a74851ed0d7

SHA1
55209d041b9dc44f99ffbb0b0252fd3ed3c6d2e0

SHA256
5a4a50aee99f5ad97fe3a98db33c5509004b1ce8b0bbc1211e634f36c0a82a88

SHA512
e0e33c63310933b431c57c57eaad9d24a83faf0555d9c3c42a6d56e0b9205c52a0487cb1f5d9c40ad7816722b769aedd94f599c0d36fda01ed4550c971ec9be3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
632B

MD5
5cfc6e91e1e466d872d14df03a293b45

SHA1
255b36ef4b734c2f9264ca3f7ebdcea002ecdbfa

SHA256
ceb67099045038fda3918530ed8362f307848319948d992ad8f5fe485d0a86fd

SHA512
57df16128881a2018ca3652b0e8a552d459d87150b36b4f30a4d562bd786bb0007c45b5453d2146c85f538a436cec3a49710bf1346973084404fffa7ba304115

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
6acf51857c551c2477957a377472f5b8

SHA1
b99c33e50983072fc073f8bd530abbb57ddb7e60

SHA256
e9551fb71715b87aef1878d1ad4f60d1b4cfa2520e2ff3964a1d766c0ce02e6d

SHA512
4e77f2d856515c36cca180e2b30b2f21fb61da9173d6794a4e63b991a06f07f6bd188e3097a49aff2c64680063ef0685a8d69a49f9b4577eab41a353b987c146

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
853B

MD5
72960c8d20a76f047a33cb7195c25169

SHA1
0ebf416b114367f54340faeb49b4d5ef8de1c8c5

SHA256
b3d84fa60330304d6cdc1b5ea0d97da62292dfddd5581ebbe00fb8841c0233a1

SHA512
7df297dfcd80b0ae1e1f65fb64e4db5ea4dcba7d15df9300cb288aa8e3ccc8e367e0644260a2da66799f490dbbb500622d706d4ff9fd526075d2dcd3d51b9de6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
be35c6cb391d9b23ecbf451ea3545eb9

SHA1
82f1b5428b2610bea9b72e8a1d6c20fde456933e

SHA256
b567ea1867084fff1a119998792cc281b106e3ed2eb2f61b9e1eaa32422ca99b

SHA512
d1754f1cd2d34a7923bf9a1e5c04003cc18982efc086e078d9457cf4fcf3607b5bc821ae23dff81a3de639a83af1a41f446637d3944d432a53fc90132f45e267

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
77042f891ab1197dad311c12c0740c2a

SHA1
dfb0b65933a50a84d09a499bca446299fcff6aba

SHA256
aeca03066a8803d4ae77a0b99762c05775190f2098153eeba32ae669a5b6dc61

SHA512
cd908625e63046c9c38c8bcf76571fe061961d45281f0d2240bb07d7c1d220e913aa8329be9f10887dec0c430c49c12d9a8dd9043d1dc86c7b77e9b7f544ba61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
853B

MD5
9f557f561c2bb79c0c0ff29aedcf9bee

SHA1
6ad47e70008aff9799d5dde34de0e99428c40196

SHA256
d8eb95afe7dfe9f5147430cd7977e5fb4a16f1e5fed130b7169266ea7bec78e5

SHA512
2cce819356f035532cbf4dd391f12e6d9e09e579b075b549eccdc7198e220d1b1d7ed3ee475bd1c30e8af1442c3cb0e1433f5d02a75a6ec2701d5246f2721d0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
853B

MD5
6617ed61d53c683885222e61d118a510

SHA1
c2649e05f8ef4c0d207eefed1f7bb9672b082196

SHA256
b47e955893f5dcae581119c78877a1ed49e73952e0249e8c122f16b3d3dfd161

SHA512
4e37107e2708c9aeec140c55ac47bece1618010966c28ae8544bfa480e2161699f484c4e336ed01cc8b784ff0aaa55d2445449a20051a6c944901eb7316fd330

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
853B

MD5
3650c7ed1a5fe4e43c9ac3f85db4f0fe

SHA1
066b3dabe0187a1348ad7191cab78bd314b47983

SHA256
dbdddc326efef481200479fdda906698d4e3149f0ab1a7ab5a341cf138c27bef

SHA512
07126dfad6526a0dba7b9755bcdefc7ec2c47068902096932ede5ca44a5fb08d22ee0577ddf9e3a25c2dc00c2a33b24f3fa02dbe0ac2a836c2ff4fa9fb5a455a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
853B

MD5
55aa9d5aff48d87bdbec932f57058427

SHA1
d27ea192e6781be93754a739f17df607f489af16

SHA256
3d96a89da48845e82f76b5e1cb0f7638b55579808b272c6033ae7e0341e1a306

SHA512
91880ba979c05c7d78aac9ed9b6db768ef35f312dabd55eb606839452e6140c89f8b26ce4d9d8b68024fc7f22d6a7cdf173109116cecabc3b7b3815dccab94a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
ceb3c1e477cb7e028257746fc4001e0e

SHA1
fcf231471b495a9ace74b9a3045996b113c46c5b

SHA256
e6278fb066b06b38697f8446802e10b76ebcacc1e71ae7d10376f5776fec3570

SHA512
60e08f9778e7db700df26a63eea6943055f54036fd877e9bd16878fd5852704ab3e6e7cbe06e1d427a5f44875504d0b2ec0691fcde9695efca76db37effb0777

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
645148c16de9c6c9bdebe7e89db94936

SHA1
8f8652963d91d79a8d31d92c1b5e1f684329a760

SHA256
41800e53093dece3c413dec92774ba68df5669a970d57b9146c3130648c79a88

SHA512
c57f5fd2697497b6f15ae6f5ed410fc1e363c1f484fc86d6f9a67c17d71c9da89567da7707e14114f7d9f63e1e7caddd424a9b9612feff3cfd52a125e83c61d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7e9db23ce1b0828fd1b6a76aa3d078d8

SHA1
31789430ad8effcf2c5ee878c5d7517b7cf12b2a

SHA256
2dc3c2e882daf2edbef145514b04d38e9b8dbbb96626acec43be392ba9ce415b

SHA512
76a31e558b17d5294fc77299c2bdccbd9599a3c6e49fcc1e1d42ef456bb0ef51b2170114ad44860c261e6340b6a24f22aebbc1a0cfced168bd85b8be2ad66f2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
133df7a23ee0555fd46a374a67ece582

SHA1
017aeaf84a7b84d218dfd833718bb2700933bc30

SHA256
6b6555d3a1e68e263a9b4456823650b439c70ae3b13a49b0b9a15eacc766eb85

SHA512
d2f44c3d3592e0e4efbf25e78d95670f38c433db3cd9afaa2398fceb0ada13b3ac2740eabf35e32c87aa5b319082c729633f02be34079594ddef6a64739490c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
2c272912b0532d09ecf4e2e62d683faa

SHA1
b0576328686b132f9250da398b2038399d92ed60

SHA256
f8fae820ecab9b0a79a5e0cad597e21101da71803b3b77342179e69021289cb8

SHA512
bc3072c1c50e158ce248916d6478f4d12c6fd3e504d8d29617183d5bd255b683fb3b8a0f90de98069679be716309cf3101b006c2c5d10f6a7a7bec2312b8cd53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
84074792d5f623245aafca776bc4b13b

SHA1
d76d4418a2ee1e70171e7f3ba92d1f424ee2f058

SHA256
7de2e3ab2fabcbe28de7cbb66c9d20428c06466af38c60b05d73b06491e6fc8e

SHA512
2c1abe85c131719d8ca2330b306d99d5cf53f933d85ab405cc737889200fb5cc3862f6b140bd06f4c394e35935b578462d2ad8d36b55f8705fc430ec0327e95a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d9ffb914e55ef0586702a100a20ddb3b

SHA1
a8daf69a91a6a5b314b7928517b771d020cd77e6

SHA256
920d53038fd92d083a44823af1914d6dcf95db9748adede6a63e9dfb1055a1a8

SHA512
d95ef27281648883f8af137e438abb7481305d80b71941d843df04c67d4228612ca8b8c02e5f287b9b7de612ee9ba793aa43ae3583fa476702a8a3623e53129c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
16162b2850f9a46beeec18ebf0fdc24d

SHA1
165fb6e0b5d478ae16ba1f0f660a94968f8861fb

SHA256
ba13d764f7fac4a35404cbffbbf95c6bd4b41c89c276f6419033c3d55c62dc34

SHA512
d59b87dc8c65d42c10d19ddb6b43c14bf34f75d3a3af1a18ba797728cc6b3f9e87903a36b20b753bb63d8ecec1f944dbdea40c39c54932db9ae6604b0d07c4bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
3fbafb05292826162240b3b17a9d2c8c

SHA1
013ef058d53836397d96908d5aa27817965bfa70

SHA256
e1e05eadd6faaaea17c8501dcc2cc9fbea5f1af01d8ff91c2c0604deb790bd0c

SHA512
f71f7d1e0bdc54a7b3c317bab17f384a4c72c00be0cfd64c1b596306aa7be2cf33c01a8dd567c450b51be6b1ab862035e78be9fbae8c655e9e1ba0f8d357d7ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
608f2afbb39f42e27bf22c06dfa0a774

SHA1
ddd3b4a27e5dd8fbeaa73bac90b1f2e7da9a95ae

SHA256
bcbfe78cbc33477ea5fc25dfbccb20c3fff1fa1c9113698ae984340fb9675d39

SHA512
816b77decbd90f47b5ce411728145522f4c0a8a302125d2eb13961c66a203f91f0633b686bb6bcac7d2480be91da7b06b2029d5edc76d21b54ba286d583a1ba8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
303f07b87ad4105345764ea29c92f2dd

SHA1
c20e543cde591ef7c4aa09530d4b706bba1a64ec

SHA256
62ada05db0d4045c5a7b9a477e13e6bcbe3ce1cb7a598c7ed53cd00e189661e8

SHA512
a8d3f68e9264a249d3b90b11c02436977b9e837b19a725e006868f758de7b01d64f24a62bd754846811f794e2177e73226c64cccd5f567d585bfaf67405eba28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5a9e54b8ab22b3df213f25d9c3fefc24

SHA1
500551f2704fb1ff4718fb365d410f2ab2b9a6b6

SHA256
f183da4c7f22451687e757f88a38f622c13c46fe1887453383dfdb3bce33543b

SHA512
3dad69ee0edfc7880ac5d41c75db90a5b3f7504a6bb74fec4faeb4f3cc981337708b68db03571ef8555a9418e38f31fc15f78e78a855e4a0357f0b136f926e6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
247B

MD5
37466992a679636cf3bad2f64f91a486

SHA1
774b7d20fbea74f2750ec5487b6b75e4dd8a43c8

SHA256
84777a8ca85242f743b9e6f591cf20a95e287fd18b2a88c08470d56c081bfda5

SHA512
c365e239179cc7c3e97e5fec649ae558f0d0bb838d2edb5f86831f600cefa4ef667d86f7b82cfae7bf6d5c4ec4b4365232007f6f68cfe404bde1ceca68dc0d1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000007

Filesize
90B

MD5
b6d5d86412551e2d21c97af6f00d20c3

SHA1
543302ae0c758954e222399987bb5e364be89029

SHA256
e0b2fdc217d9c571a35f41c21ed2596309f3f00a7297a8d1ded05f54f0e68191

SHA512
5b56ae73a61add9e26f77d95c9b823f82a7fcdc75eed64b388fb4967f5c6c42cb0796b0b99dc25c89f38952786176c10d173dec7862a8a5ce5f820280f72d665

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
136B

MD5
00c96267449bbdac8d5961e5f2f38d58

SHA1
e706928f64557bfdc04071c1776b02cb34ce3fdc

SHA256
1bcceab7b64e128f68585c085a4966f436b61ac6ff556245eaa8d54a9efc0e8d

SHA512
e2f2177d796df4dbe2ba06d2ba73135ef8191d1081a6f516db657235385cc2056ca8b927665f99e8be82420fe521f294d989b12b49e46e0cb530f3910bf0164f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\MANIFEST-000007

Filesize
107B

MD5
22b937965712bdbc90f3c4e5cd2a8950

SHA1
25a5df32156e12134996410c5f7d9e59b1d6c155

SHA256
cad3bbec41899ea5205612fc1494fa7ba88847fb75437a2def22211a4003e2eb

SHA512
931427ad4609ab4ca12b2ee852d4965680f58602b00c182a2d340acf3163d888be6cfad87ca089f2b47929ddfa66be03ab13a6d24922397334d6997d4c8ede3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000008.ldb

Filesize
1KB

MD5
e6305367badace56469a80ee5699626a

SHA1
43c630767f2e7b53541f007d12fc152bb0dd6b42

SHA256
c6bb8753b375eb83740a84710049bc0bdf3c9a16aa79089976b97c8e844378fc

SHA512
368a6ffbbe92d1ae144e140f3e9202116905656d295e95fec8032861b4dd7618df29c9c520981078a9cee35e73f22a204f39e531abcb6bec5cbabb46c420d0a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000009.log

Filesize
2KB

MD5
90665348e754e2e24efebdb080703c9b

SHA1
0a212ea41a1453dee445bf3f9773711e0cbfe3ab

SHA256
cadbab74d5731b950589e2c1430f3c0bce3adaea5896690ff3457012a9de30c5

SHA512
9c724f4d0872d546eb9a4852297f669f0523bbce098343ee9dcc6bcb4507508d884d3343b06ac3ac53ba82c4d753899a63a7aa5a7b8f28d615f30cf71e5cb605

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
250B

MD5
082d0141028d8d4cd088f020eb6b2774

SHA1
22725cc76085afa533788384a26d0aee0f32fe83

SHA256
51cfc391312351e3e819efbac9cf9b72d6e38ebf433fba40ab4c698eb247ede9

SHA512
74a967699f8aa66f20b6a550ddaf99163389bb745eff5cd0aa32a6757432325a24b4211eb1911cde376d515fd9d5b99b111506ec10d1a51fb939332afa39a449

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000007

Filesize
250B

MD5
03d881fc5a4ab4013bd1b30988abb179

SHA1
9ad861569715575d7b676e5683b14dd3cffec304

SHA256
5da7b30f55f920166ad821f532fb95bd11546bf63a228fc41357aa122fcaf5e8

SHA512
29ab8ac2c642a83086266f88ffde8d71c96cd0d98812fac526e0a0adc58d8bc7f99760ad19a71cc38c3ef5edb9ab9d642ef6b665bf4ce336260b0171411e26f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000008.ldb

Filesize
492B

MD5
515b1cd1a9d690dcaf98a22ed6fee850

SHA1
65f8d6b6f98466cc25614dfb2c81957695e768d4

SHA256
73bab03686984a9ed268a4e0b38414dda4f97dc7ad62b653b96c09379c6e6539

SHA512
88647dd7b66e9f7df490b7395d3038a6abdea33ed371e9567628199f859f3590302a5e7cf268182744592a8d87d3ccf561332298797f7578fb447952d4749222

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000009.log

Filesize
236B

MD5
778905ea5eaee4347a4e8d27303d80d5

SHA1
3bbc6b6fb5e257f5df97de4e43944e9b5e12e6c4

SHA256
5302232b40eb4d99af635f6faa8ca632e7043186ce55d47e35fcf5235b16f6e7

SHA512
b511f9f48098cb8fab2e13d6f536a75cf04b722a705955eb1fb6a7a944e77a083fab09f78a23336290ae7089f6b302cee0dea18ea12d36abbe3f028c9ed6ae91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
249B

MD5
bc61733f0992845a45783bcb7cb1994d

SHA1
add12b497d55456920f08e4cc4e9bd35221e9318

SHA256
0ce95b0d01611f93a5ca8e6433131e8c84fabecbee5407ec64864d38d5795e85

SHA512
1c622e40cff5218f0cbc5e92d2bada7a544e5b8b3c4fcd00dbc663b06ec52ef5552f676dfd49ddd6a0a09b45442b30c7b3da008a64d3cb7bef8889b6a9c608e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\MANIFEST-000007

Filesize
98B

MD5
db531205dd6dc7a0883cfa556762c502

SHA1
e3eed26f38dcb21633a18c4b67454971a99b4586

SHA256
43019bac76462e0f4bf5eefbbf099696ee8899b7c21e3a6e467ca7f36ccb5a4b

SHA512
e3da4fd1676bdcd3c18d71d1bd62c468e5fd4471ba1dd448b3e49b50e48f98b5aa61e4edaac0558b5c0b5238d7406f1880c5d32dfbdc6b463e0682e75c0bffbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000008.ldb

Filesize
315B

MD5
66c45253b06fe32ce7f1157f5f534fc4

SHA1
669356183eb3a935b26392ea7ff7b5bf9f2fb5ee

SHA256
50e8b19d7e4d6af71813f00a0316f320190e2f42b1f1a0c249aeaf15d24fb899

SHA512
f772c20ecd51fa10a1d97bd2d0d3c7463b8336f76f4fb1c9acf0bfbe88cb851c75d9829bdca0c4645906354283980446e7b4531bc2505dd80473b0a7b02f0ed1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000009.log

Filesize
34B

MD5
12275f46db968e27e4edb23a4517904d

SHA1
1bd41f5f55dc8532c45c5ed91bd0823deabe3d3a

SHA256
0b9769e63620205002586d7dbefa19d6c3573ffa65bc86eb49113ec271feea4a

SHA512
084364c331be5c6b8c537a6c56b732ccdbb45f0d74a1e0ed89ac195e9ae43e15f15c953e3ed188990f0abb7e0e6456fa4b6b34562a02c180f7c061a7728c8b66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000010.dbtmp

Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
249B

MD5
42ac1da210540532ebae20b8fbd41a8f

SHA1
02a465f8ed820d0221f1e6044088ad9d44221ef7

SHA256
267fe1d5fcaebe87ac236a8ae384a471a38e3bf07beff0261860da02277ea6b0

SHA512
dfe4bd40d37bf91bf5eb107577c9523cd9d59a71f5d865eef0cb0b3417ce245da5e2fb2dd8a28bdf8bf4b33dec19f029812bfd0211f4e0d071036c278710b54c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\MANIFEST-000007

Filesize
118B

MD5
6971df4ddb4cde70d3db57aecb1e3261

SHA1
612569a6da3b7afb2d126ce81721c60f7c421cfa

SHA256
d8726d17e5a2ab71845d64348dd1a632500f2e96cf232ddbd1908aa8eb2fa227

SHA512
7f33283315f83fe11dcdb1df303a0e5154c16a0f372c90733861b44ece6504f2f0f9c88e46f411cc1b17eace6d250320b14aa1238b26b43dece69f357e6a91f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
339KB

MD5
6b784e5b3747f013afb674c949d5294a

SHA1
b882e72c5d839f7b5366843c1f76f4f5a4ec7231

SHA256
e622a0215d5082e1119369b7440e8bb2ba7e729b2d93aca54a037726d66289c8

SHA512
30ab3c8aab88007d051b61216dcdea03106a92bf83cdf06278512778fcd527f7634bd6e7c050baace823c7b28848029d6d0a7812b14272912fcd631bee2b3dc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
75KB

MD5
6e11df29973c3f24e04c98eee5942a42

SHA1
1dcaba8756c8074530ed0a8fa7cc10c09dbcb43b

SHA256
34decf8b58d0f2dda1f872a37c366cb65b2aa4583793852bc2650ce2d7223877

SHA512
0215f045bd9c5628ccfd42bc5a6b4013d4b2da73da712d2615338bd750016760d82c6ed9bf2b77ad30c1e7a98282586744b29b6af52a4dc400e170e4ee115f58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
0f8174f73f37092e7bddf61fdb724fc8

SHA1
0e852b2ea080584522a087a20f617b3620854b59

SHA256
6e875fa75cbd669316d5a537fb5ced0c769ddc8b0e36b73abc0af4c5dda27547

SHA512
1b3ba11484aaac2f4c0e0147cb5b0cfadb28c60e7aa4f2790a99a5c629bd853f0275f1f697be74717b3f57246f166a34defb8efbced08dd8c765c571edb7aa06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab71F7.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7219.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\Downloads\02ca4397da55b3175aaa1ad2c99981e792f66151 (1).zip.crdownload

Filesize
1.4MB

MD5
473eca3ac6347266138667622d78ea18

SHA1
82c5eec858e837d89094ce0025040c9db254fbc1

SHA256
fb6e7c535103161ad907f9ce892ca0f33bd07e4e49c21834c3880212dbd5e053

SHA512
bdc09be57edcca7bf232047af683f14b82da1a1c30f8ff5fdd08102c67cdbb728dd7d006de6c1448fdcdc11d4bb917bb78551d2a913fd012aeed0f389233dddf

Download Submit
\Program Files\WinRAR\Uninstall.exe

Filesize
477KB

MD5
4783f1a5f0bba7a6a40cb74bc8c41217

SHA1
a22b9dc8074296841a5a78ea41f0e2270f7b7ad7

SHA256
f376aaa0d4444d0727db5598e8377f9f1606400adbbb4772d39d1e4937d5f28c

SHA512
463dff17f06eca41ae76e3c0b2efc4ef36529aa2eaed5163eec0a912fe7802c9fb38c37acfe94b82972861aaf1acf02823a5948fbb3292bb4743641acb99841e

Download Submit