hxxp://www[.]pdfdrive[.]com

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220414-es
submitted
26-04-2022 17:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://www.pdfdrive.com

Score

8^/10

discovery link pdf spyware stealer

Malware Config

Signatures

Executes dropped EXE 4 IoCs

Processes:

software_reporter_tool.exesoftware_reporter_tool.exesoftware_reporter_tool.exesoftware_reporter_tool.exe

pid process

2272 software_reporter_tool.exe
116 software_reporter_tool.exe
1240 software_reporter_tool.exe
1820 software_reporter_tool.exe

pid	process
2272	software_reporter_tool.exe
116	software_reporter_tool.exe
1240	software_reporter_tool.exe
1820	software_reporter_tool.exe

Loads dropped DLL 7 IoCs

Processes:

software_reporter_tool.exe

pid	process
1240	software_reporter_tool.exe
1240	software_reporter_tool.exe
1240	software_reporter_tool.exe
1240	software_reporter_tool.exe
1240	software_reporter_tool.exe
1240	software_reporter_tool.exe
1240	software_reporter_tool.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

HTTP links in PDF interactive object 1 IoCs

Detects HTTP links in interactive objects within PDF files.

pdf link

Processes:

resource	yara_rule
C:\Users\Admin\Downloads\Give and Take_ WHY HELPING OTHERS DRIVES OUR SUCCESS ( PDFDrive ).pdf	pdf_with_link_action

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AcroRd32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

AcroRd32.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000_Classes\Local Settings chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3751123196-3323558407-1869646069-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 44 IoCs

Processes:

chrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exechrome.exeAcroRd32.exesoftware_reporter_tool.exechrome.exe

pid	process
4576	chrome.exe
4576	chrome.exe
4848	chrome.exe
4848	chrome.exe
2108	chrome.exe
2108	chrome.exe
1440	chrome.exe
1440	chrome.exe
3880	chrome.exe
3880	chrome.exe
3688	chrome.exe
3688	chrome.exe
2472	chrome.exe
2472	chrome.exe
2328	chrome.exe
2328	chrome.exe
1820	chrome.exe
1820	chrome.exe
2908	AcroRd32.exe
2908	AcroRd32.exe
2908	AcroRd32.exe
2908	AcroRd32.exe
2908	AcroRd32.exe
2908	AcroRd32.exe
2908	AcroRd32.exe
2908	AcroRd32.exe
2908	AcroRd32.exe
2908	AcroRd32.exe
2908	AcroRd32.exe
2908	AcroRd32.exe
2908	AcroRd32.exe
2908	AcroRd32.exe
2908	AcroRd32.exe
2908	AcroRd32.exe
2908	AcroRd32.exe
2908	AcroRd32.exe
2908	AcroRd32.exe
2908	AcroRd32.exe
2272	software_reporter_tool.exe
2272	software_reporter_tool.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

chrome.exe

pid	process
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

Processes:

software_reporter_tool.exesoftware_reporter_tool.exesoftware_reporter_tool.exesoftware_reporter_tool.exe

description	pid	process
Token: 33	116	software_reporter_tool.exe
Token: SeIncBasePriorityPrivilege	116	software_reporter_tool.exe
Token: 33	2272	software_reporter_tool.exe
Token: SeIncBasePriorityPrivilege	2272	software_reporter_tool.exe
Token: 33	1240	software_reporter_tool.exe
Token: SeIncBasePriorityPrivilege	1240	software_reporter_tool.exe
Token: 33	1820	software_reporter_tool.exe
Token: SeIncBasePriorityPrivilege	1820	software_reporter_tool.exe

Suspicious use of FindShellTrayWindow 40 IoCs

Processes:

chrome.exeAcroRd32.exe

pid	process
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
2908	AcroRd32.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

AcroRd32.exeAdobeARM.exe

pid process

2908 AcroRd32.exe
2908 AcroRd32.exe
2908 AcroRd32.exe
2908 AcroRd32.exe
2908 AcroRd32.exe
4568 AdobeARM.exe

pid	process
2908	AcroRd32.exe
2908	AcroRd32.exe
2908	AcroRd32.exe
2908	AcroRd32.exe
2908	AcroRd32.exe
4568	AdobeARM.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4848 wrote to memory of 3276	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 3276	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4584	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4584	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4584	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4584	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4584	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4584	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4584	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4584	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4584	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4584	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4584	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4584	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4584	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4584	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4584	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4584	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4584	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4584	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4584	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4584	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4584	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4584	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4584	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4584	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4584	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4584	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4584	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4584	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4584	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4584	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4584	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4584	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4584	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4584	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4584	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4584	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4584	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4584	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4584	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4584	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4576	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 4576	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 5032	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 5032	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 5032	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 5032	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 5032	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 5032	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 5032	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 5032	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 5032	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 5032	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 5032	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 5032	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 5032	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 5032	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 5032	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 5032	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 5032	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 5032	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 5032	4848	chrome.exe	chrome.exe
PID 4848 wrote to memory of 5032	4848	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" http://www.pdfdrive.com
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4848

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffecff14f50,0x7ffecff14f60,0x7ffecff14f70
2⤵
PID:3276

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1624,4299226705627044414,18157682820193364659,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1636 /prefetch:2
2⤵
PID:4584

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1624,4299226705627044414,18157682820193364659,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2016 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4576

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1624,4299226705627044414,18157682820193364659,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2288 /prefetch:8
2⤵
PID:5032

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1624,4299226705627044414,18157682820193364659,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3032 /prefetch:1
2⤵
PID:3132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1624,4299226705627044414,18157682820193364659,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3092 /prefetch:1
2⤵
PID:2560

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1624,4299226705627044414,18157682820193364659,131072 --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2312 /prefetch:1
2⤵
PID:4424

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1624,4299226705627044414,18157682820193364659,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4552 /prefetch:8
2⤵
PID:2480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1624,4299226705627044414,18157682820193364659,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
2⤵
PID:2472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1624,4299226705627044414,18157682820193364659,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1624,4299226705627044414,18157682820193364659,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
2⤵
PID:4528

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1624,4299226705627044414,18157682820193364659,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
2⤵
PID:4840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1624,4299226705627044414,18157682820193364659,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4992 /prefetch:8
2⤵
PID:1480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1624,4299226705627044414,18157682820193364659,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6000 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1624,4299226705627044414,18157682820193364659,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4656 /prefetch:8
2⤵
PID:2168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1624,4299226705627044414,18157682820193364659,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5524 /prefetch:8
2⤵
PID:4364

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1624,4299226705627044414,18157682820193364659,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5944 /prefetch:8
2⤵
PID:3972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1624,4299226705627044414,18157682820193364659,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
2⤵
PID:1504

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1624,4299226705627044414,18157682820193364659,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
2⤵
PID:3884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1624,4299226705627044414,18157682820193364659,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
2⤵
PID:2016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1624,4299226705627044414,18157682820193364659,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
2⤵
PID:2108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1624,4299226705627044414,18157682820193364659,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1624,4299226705627044414,18157682820193364659,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5668 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1624,4299226705627044414,18157682820193364659,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3164 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1624,4299226705627044414,18157682820193364659,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2812 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2328

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1624,4299226705627044414,18157682820193364659,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=808 /prefetch:8
2⤵
PID:3912

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1624,4299226705627044414,18157682820193364659,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5772 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1820

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1624,4299226705627044414,18157682820193364659,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5516 /prefetch:8
2⤵
PID:4244

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1624,4299226705627044414,18157682820193364659,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5540 /prefetch:8
2⤵
PID:2600

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\100.281.200\software_reporter_tool.exe
"C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\100.281.200\software_reporter_tool.exe" --engine=2 --scan-locations=1,2,3,4,5,6,7,8,10 --disabled-locations=9,11 --session-id=KnQI8dbjPaNi4S+0iTC9EVjEkxtkFHKwRpD9P1Id --registry-suffix=ESET --enable-crash-reporting --srt-field-trial-group-name=NewCleanerUIExperiment
2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2272

\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\100.281.200\software_reporter_tool.exe
"c:\users\admin\appdata\local\google\chrome\user data\swreporter\100.281.200\software_reporter_tool.exe" --crash-handler "--database=c:\users\admin\appdata\local\Google\Software Reporter Tool" --url=https://clients2.google.com/cr/report --annotation=plat=Win32 --annotation=prod=ChromeFoil --annotation=ver=100.281.200 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0x7ff6b30315f8,0x7ff6b3031608,0x7ff6b3031618
3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:116

\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\100.281.200\software_reporter_tool.exe
"c:\users\admin\appdata\local\google\chrome\user data\swreporter\100.281.200\software_reporter_tool.exe" --enable-crash-reporting --use-crash-handler-with-id="\\.\pipe\crashpad_2272_DRXBHZNIWCKKYLZA" --sandboxed-process-id=2 --init-done-notifier=752 --sandbox-mojo-pipe-token=15095614277741964308 --mojo-platform-channel-handle=728 --engine=2
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:1240

\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\100.281.200\software_reporter_tool.exe
"c:\users\admin\appdata\local\google\chrome\user data\swreporter\100.281.200\software_reporter_tool.exe" --enable-crash-reporting --use-crash-handler-with-id="\\.\pipe\crashpad_2272_DRXBHZNIWCKKYLZA" --sandboxed-process-id=3 --init-done-notifier=1000 --sandbox-mojo-pipe-token=13826143801747131974 --mojo-platform-channel-handle=996
3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1820

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1624,4299226705627044414,18157682820193364659,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2592 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2584

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4616

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1300

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\Give and Take_ WHY HELPING OTHERS DRIVES OUR SUCCESS ( PDFDrive ).pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:2908

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
PID:2052

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=4D04157DEEEA56902D405FF9439AC9E2 --mojo-platform-channel-handle=1744 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:176

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=97AFC799EDCCE2D7B1E8DEBCC4DA478C --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=97AFC799EDCCE2D7B1E8DEBCC4DA478C --renderer-client-id=2 --mojo-platform-channel-handle=1760 --allow-no-sandbox-job /prefetch:1
3⤵
PID:4296

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=73B0124E341E83A1CC8796E0548A1062 --mojo-platform-channel-handle=2188 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:4384

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=6028082B18555CC0DE95E4640768234B --mojo-platform-channel-handle=2412 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:1500

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=96BEFAD0D0B87C419ECC6F8F665E0F51 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=96BEFAD0D0B87C419ECC6F8F665E0F51 --renderer-client-id=6 --mojo-platform-channel-handle=2436 --allow-no-sandbox-job /prefetch:1
3⤵
PID:1676

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=084EAD74E2460BAAEAD4501470070C85 --mojo-platform-channel-handle=2476 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:4264

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" /PRODUCT:Reader /VERSION:19.0 /MODE:3
2⤵
- Suspicious use of SetWindowsHookEx
PID:4568

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe"
3⤵
PID:4736

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1536

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\100.281.200\edls_64.dll
Filesize
446KB

MD5
e9a7c44d7bda10b5b7a132d46fcdaf35

SHA1
5217179f094c45ba660777cfa25c7eb00b5c8202

SHA256
35351366369a7774f9f30f38dc8aa3cd5e087acd8eae79e80c24526cd40e95a1

SHA512
e76308eee65bf0bf31e58d754e07b63092a4109ef3d44df7b746da99d44be6112bc5f970123c4e82523b6d301392e09c2cfc490e304550b42d152cdb0757e774

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\100.281.200\em000_64.dll
Filesize
36KB

MD5
d0cf72186dbaea05c5a5bf6594225fc3

SHA1
0e69efd78dc1124122dd8b752be92cb1cbc067a1

SHA256
225d4f7e3ab4687f05f817435b883f6c3271b6c4d4018d94fe4398a350d74907

SHA512
8122a9a9205cfa67ff87cb4755089e5ed1acf8f807467216c98f09f94704f98497f7aa57ad29e255efa4d7206c577c4cf7fed140afb046499fc2e57e03f55285

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\100.281.200\em001_64.dll
Filesize
378KB

MD5
7adcb76ec34d774d1435b477e8625c47

SHA1
ec4ba0ad028c45489608c6822f3cabb683a07064

SHA256
a55be2be943078157b7d1cfb52febd4a95e4c7a37995bb75b19b079cc1ee5b9d

SHA512
c1af669ee971b4f4a3bb057fe423a63376cfc19026650036b29d77fed73458d235889a662ac5e12c871c3e77f6fbdb1fa29c0dfa488a4a40fa045d79eb61e7c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\100.281.200\em002_64.dll
Filesize
2.2MB

MD5
baefcaf63eedc71655095b9930134167

SHA1
2781d2793759fc3b4b618aecb7af94e48a5c6438

SHA256
77513f8ed0aea3d1825a6bb64d1c5105fb8e166d871203c22f4d340b7daf62cf

SHA512
7d78eb2d0ce284be54abc8b94971810a673c1e01085d9221ef6f6ffca7f57e9c89e249ca7735af160ac6aafee840320ceec613131d62677cfd8e822bd38ecc19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\100.281.200\em003_64.dll
Filesize
1.3MB

MD5
e328c6bf671f0c2fe4e3cd1e59f150c1

SHA1
42afc4b526ce2edd7801fb0613b946a2830adfd0

SHA256
06aa84ba34c32089ddf376481c74865648ccc6e0e91284a0fa151637bc763995

SHA512
2f3c73ce55e2b4ea1d5982095c29f1de6ea58328a6f4faa74986656c0740469f1d460062f568238ff0fe888919511c85e9fca866d828e9fa8ae1dd14611385f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\100.281.200\em004_64.dll
Filesize
6.1MB

MD5
6e1f355a54cf57047647beb9f5aca079

SHA1
529f42911634143507f28d4ea0b6757d6f17af65

SHA256
10a6c06788b110c0bfd26603d1dc4e3aec48ba917d4d80dac9fb34f83808eee6

SHA512
5ca0bbd9d2337c2e0019969725e904c1ab829dde36d4b35235cc6175d86996dabd2542914d7be0378ed298b758c9e542e059107db8ab7e3de424ac48b8d3aa74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\100.281.200\em005_64.dll
Filesize
576KB

MD5
169a2ef320119891cf3189aa3fd23b0e

SHA1
de51c936101ef79bbc0f1d3c800cf832d221eef8

SHA256
1072d49da0a70640fb9716cb894f4834ff621ca96d4aea1f478754edf4d0f780

SHA512
7fe27d360bbf6d410ea9d33d6003ab455cd8b9e5521c00db9bb6c44a7472ccf2083d51034bab5ffc5aef85db36fc758c76b02fa31f0d0024c9d532548a2bf9ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\100.281.200\software_reporter_tool.exe
Filesize
13.9MB

MD5
f276095efed83273a83574e6a925f654

SHA1
49b16d26795a0c2d84e40ddd6a19e67ad3822913

SHA256
55336db1c634c23f7c022780fa92395452d2151560f71403ff70f8028a7e5e1d

SHA512
4114cf2cb2bec7605e392de05133dc4fc89ade114c891c470a2065ae39c5239db7cebc58dd47fe753f73cfacc6a3f474c36a1579e8d55287ff1429c481e7acc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\100.281.200\software_reporter_tool.exe
Filesize
13.9MB

MD5
f276095efed83273a83574e6a925f654

SHA1
49b16d26795a0c2d84e40ddd6a19e67ad3822913

SHA256
55336db1c634c23f7c022780fa92395452d2151560f71403ff70f8028a7e5e1d

SHA512
4114cf2cb2bec7605e392de05133dc4fc89ade114c891c470a2065ae39c5239db7cebc58dd47fe753f73cfacc6a3f474c36a1579e8d55287ff1429c481e7acc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\100.281.200\software_reporter_tool.exe
Filesize
13.9MB

MD5
f276095efed83273a83574e6a925f654

SHA1
49b16d26795a0c2d84e40ddd6a19e67ad3822913

SHA256
55336db1c634c23f7c022780fa92395452d2151560f71403ff70f8028a7e5e1d

SHA512
4114cf2cb2bec7605e392de05133dc4fc89ade114c891c470a2065ae39c5239db7cebc58dd47fe753f73cfacc6a3f474c36a1579e8d55287ff1429c481e7acc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\100.281.200\software_reporter_tool.exe
Filesize
13.9MB

MD5
f276095efed83273a83574e6a925f654

SHA1
49b16d26795a0c2d84e40ddd6a19e67ad3822913

SHA256
55336db1c634c23f7c022780fa92395452d2151560f71403ff70f8028a7e5e1d

SHA512
4114cf2cb2bec7605e392de05133dc4fc89ade114c891c470a2065ae39c5239db7cebc58dd47fe753f73cfacc6a3f474c36a1579e8d55287ff1429c481e7acc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\SwReporter\100.281.200\software_reporter_tool.exe
Filesize
13.9MB

MD5
f276095efed83273a83574e6a925f654

SHA1
49b16d26795a0c2d84e40ddd6a19e67ad3822913

SHA256
55336db1c634c23f7c022780fa92395452d2151560f71403ff70f8028a7e5e1d

SHA512
4114cf2cb2bec7605e392de05133dc4fc89ade114c891c470a2065ae39c5239db7cebc58dd47fe753f73cfacc6a3f474c36a1579e8d55287ff1429c481e7acc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Software Reporter Tool\software_reporter_tool-sandbox.log
Filesize
2KB

MD5
aa207e8193a3549efd238396d58d8fb7

SHA1
924b8286bf5809cd38c5fc0de6aa37c0edfdc815

SHA256
02d64853302ebbb5c973281a66c81443c2045e7067091e9870e806b3f9613431

SHA512
554f954a60f4b2ce1fa0df63f7050544c203c4788a3a8dc7596af6ac9f16667ea924b20aab4e610c554ddcf146fab35d041bb846070d5c9206900f424c306773

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Caches
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\Downloads\Give and Take_ WHY HELPING OTHERS DRIVES OUR SUCCESS ( PDFDrive ).pdf
Filesize
1.6MB

MD5
c55ee8a467a370dd11fcf9dcec21f426

SHA1
5f4db354bea5f9663613d79bad3ecfff25451a0a

SHA256
c166394f6c312309a36d0259fb7cdec537b33b2b866187767829e0e2cd58e3a7

SHA512
1f381f33437922c2abd374babab790c1a77b36f01f35e9c9fd7d2b2dadac8eb07a7b66f33c17881d764883098818a108b2661f7ca83ab99eb9ba36ddec228cdc

Download Submit
\??\c:\users\admin\appdata\local\Google\Software Reporter Tool\settings.dat
Filesize
40B

MD5
152c666e90860b7de515e1f7d6558d46

SHA1
e1d5c1607ad0b034993987b5f35a57079edddd30

SHA256
0b1b48e8bfa8f2bde698d10ef676fb97c6c8755e9a27ed0911ab25cbb1abbddf

SHA512
0d81ff7902a9d49cb16fb6bcaf8d5fbc8b0e1dd75194bfc9013795f173d2da41257c3be3e10c09c26779e3206fc5d69c85d2e457b5936b4938f0a839ee131f59

Download Submit
\??\c:\users\admin\appdata\local\Google\Software Reporter Tool\settings.dat
Filesize
40B

MD5
152c666e90860b7de515e1f7d6558d46

SHA1
e1d5c1607ad0b034993987b5f35a57079edddd30

SHA256
0b1b48e8bfa8f2bde698d10ef676fb97c6c8755e9a27ed0911ab25cbb1abbddf

SHA512
0d81ff7902a9d49cb16fb6bcaf8d5fbc8b0e1dd75194bfc9013795f173d2da41257c3be3e10c09c26779e3206fc5d69c85d2e457b5936b4938f0a839ee131f59

Download Submit
\??\c:\users\admin\appdata\local\Google\Software Reporter Tool\settings.dat
Filesize
40B

MD5
152c666e90860b7de515e1f7d6558d46

SHA1
e1d5c1607ad0b034993987b5f35a57079edddd30

SHA256
0b1b48e8bfa8f2bde698d10ef676fb97c6c8755e9a27ed0911ab25cbb1abbddf

SHA512
0d81ff7902a9d49cb16fb6bcaf8d5fbc8b0e1dd75194bfc9013795f173d2da41257c3be3e10c09c26779e3206fc5d69c85d2e457b5936b4938f0a839ee131f59

Download Submit
\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\100.281.200\edls_64.dll
Filesize
446KB

MD5
e9a7c44d7bda10b5b7a132d46fcdaf35

SHA1
5217179f094c45ba660777cfa25c7eb00b5c8202

SHA256
35351366369a7774f9f30f38dc8aa3cd5e087acd8eae79e80c24526cd40e95a1

SHA512
e76308eee65bf0bf31e58d754e07b63092a4109ef3d44df7b746da99d44be6112bc5f970123c4e82523b6d301392e09c2cfc490e304550b42d152cdb0757e774

Download Submit
\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\100.281.200\em000_64.dll
Filesize
36KB

MD5
d0cf72186dbaea05c5a5bf6594225fc3

SHA1
0e69efd78dc1124122dd8b752be92cb1cbc067a1

SHA256
225d4f7e3ab4687f05f817435b883f6c3271b6c4d4018d94fe4398a350d74907

SHA512
8122a9a9205cfa67ff87cb4755089e5ed1acf8f807467216c98f09f94704f98497f7aa57ad29e255efa4d7206c577c4cf7fed140afb046499fc2e57e03f55285

Download Submit
\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\100.281.200\em001_64.dll
Filesize
378KB

MD5
7adcb76ec34d774d1435b477e8625c47

SHA1
ec4ba0ad028c45489608c6822f3cabb683a07064

SHA256
a55be2be943078157b7d1cfb52febd4a95e4c7a37995bb75b19b079cc1ee5b9d

SHA512
c1af669ee971b4f4a3bb057fe423a63376cfc19026650036b29d77fed73458d235889a662ac5e12c871c3e77f6fbdb1fa29c0dfa488a4a40fa045d79eb61e7c4

Download Submit
\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\100.281.200\em002_64.dll
Filesize
2.2MB

MD5
baefcaf63eedc71655095b9930134167

SHA1
2781d2793759fc3b4b618aecb7af94e48a5c6438

SHA256
77513f8ed0aea3d1825a6bb64d1c5105fb8e166d871203c22f4d340b7daf62cf

SHA512
7d78eb2d0ce284be54abc8b94971810a673c1e01085d9221ef6f6ffca7f57e9c89e249ca7735af160ac6aafee840320ceec613131d62677cfd8e822bd38ecc19

Download Submit
\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\100.281.200\em003_64.dll
Filesize
1.3MB

MD5
e328c6bf671f0c2fe4e3cd1e59f150c1

SHA1
42afc4b526ce2edd7801fb0613b946a2830adfd0

SHA256
06aa84ba34c32089ddf376481c74865648ccc6e0e91284a0fa151637bc763995

SHA512
2f3c73ce55e2b4ea1d5982095c29f1de6ea58328a6f4faa74986656c0740469f1d460062f568238ff0fe888919511c85e9fca866d828e9fa8ae1dd14611385f3

Download Submit
\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\100.281.200\em004_64.dll
Filesize
6.1MB

MD5
6e1f355a54cf57047647beb9f5aca079

SHA1
529f42911634143507f28d4ea0b6757d6f17af65

SHA256
10a6c06788b110c0bfd26603d1dc4e3aec48ba917d4d80dac9fb34f83808eee6

SHA512
5ca0bbd9d2337c2e0019969725e904c1ab829dde36d4b35235cc6175d86996dabd2542914d7be0378ed298b758c9e542e059107db8ab7e3de424ac48b8d3aa74

Download Submit
\??\c:\users\admin\appdata\local\google\chrome\user data\swreporter\100.281.200\em005_64.dll
Filesize
576KB

MD5
169a2ef320119891cf3189aa3fd23b0e

SHA1
de51c936101ef79bbc0f1d3c800cf832d221eef8

SHA256
1072d49da0a70640fb9716cb894f4834ff621ca96d4aea1f478754edf4d0f780

SHA512
7fe27d360bbf6d410ea9d33d6003ab455cd8b9e5521c00db9bb6c44a7472ccf2083d51034bab5ffc5aef85db36fc758c76b02fa31f0d0024c9d532548a2bf9ca

Download Submit
\??\pipe\crashpad_2272_DRXBHZNIWCKKYLZA
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\crashpad_4848_MASALIJWBPXESYAA
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/116-160-0x0000000000000000-mapping.dmp

Download
memory/176-135-0x0000000000000000-mapping.dmp

Download
memory/1240-164-0x0000000000000000-mapping.dmp

Download
memory/1240-188-0x0000017E26450000-0x0000017E26490000-memory.dmp

Filesize
256KB

Download
memory/1500-146-0x0000000000000000-mapping.dmp

Download
memory/1676-149-0x0000000000000000-mapping.dmp

Download
memory/1820-181-0x0000000000000000-mapping.dmp

Download
memory/2052-133-0x0000000000000000-mapping.dmp

Download
memory/2272-158-0x0000000000000000-mapping.dmp

Download
memory/4264-154-0x0000000000000000-mapping.dmp

Download
memory/4296-138-0x0000000000000000-mapping.dmp

Download
memory/4384-143-0x0000000000000000-mapping.dmp

Download
memory/4568-156-0x0000000000000000-mapping.dmp

Download
memory/4736-157-0x0000000000000000-mapping.dmp

Download