hxxp://afsv[.]org/adobe-photoshop-lightroom-classic-cc-2018-system-requirements-free-download/

Analysis

max time kernel
270s
max time network
265s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
08/03/2023, 09:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://afsv.org/adobe-photoshop-lightroom-classic-cc-2018-system-requirements-free-download/

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 1 IoCs

flow	pid	Process
184	1888	msiexec.exe

Loads dropped DLL 2 IoCs

pid	Process
3308	MsiExec.exe
3308	MsiExec.exe

Enumerates connected drives 3 TTPs 48 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\Installer\e582dc2.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e582dc2.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI35E0.tmp	msiexec.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133227446551607185"	chrome.exe

Modifies registry class 58 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "2"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\NodeSlot = "3"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e8005398e082303024b98265d99428e115f0000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe1000000003ef503c9f45d901e9bb927da845d90110600f42a851d90114000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4796	chrome.exe
4796	chrome.exe
4312	msiexec.exe
4312	msiexec.exe
1964	chrome.exe
1964	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe
Token: SeShutdownPrivilege	4796	chrome.exe
Token: SeCreatePagefilePrivilege	4796	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
1888	msiexec.exe
1888	msiexec.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe
4796	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5004	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4796 wrote to memory of 1516	4796	chrome.exe	85
PID 4796 wrote to memory of 1516	4796	chrome.exe	85
PID 4796 wrote to memory of 4412	4796	chrome.exe	86
PID 4796 wrote to memory of 4412	4796	chrome.exe	86
PID 4796 wrote to memory of 4412	4796	chrome.exe	86
PID 4796 wrote to memory of 4412	4796	chrome.exe	86
PID 4796 wrote to memory of 4412	4796	chrome.exe	86
PID 4796 wrote to memory of 4412	4796	chrome.exe	86
PID 4796 wrote to memory of 4412	4796	chrome.exe	86
PID 4796 wrote to memory of 4412	4796	chrome.exe	86
PID 4796 wrote to memory of 4412	4796	chrome.exe	86
PID 4796 wrote to memory of 4412	4796	chrome.exe	86
PID 4796 wrote to memory of 4412	4796	chrome.exe	86
PID 4796 wrote to memory of 4412	4796	chrome.exe	86
PID 4796 wrote to memory of 4412	4796	chrome.exe	86
PID 4796 wrote to memory of 4412	4796	chrome.exe	86
PID 4796 wrote to memory of 4412	4796	chrome.exe	86
PID 4796 wrote to memory of 4412	4796	chrome.exe	86
PID 4796 wrote to memory of 4412	4796	chrome.exe	86
PID 4796 wrote to memory of 4412	4796	chrome.exe	86
PID 4796 wrote to memory of 4412	4796	chrome.exe	86
PID 4796 wrote to memory of 4412	4796	chrome.exe	86
PID 4796 wrote to memory of 4412	4796	chrome.exe	86
PID 4796 wrote to memory of 4412	4796	chrome.exe	86
PID 4796 wrote to memory of 4412	4796	chrome.exe	86
PID 4796 wrote to memory of 4412	4796	chrome.exe	86
PID 4796 wrote to memory of 4412	4796	chrome.exe	86
PID 4796 wrote to memory of 4412	4796	chrome.exe	86
PID 4796 wrote to memory of 4412	4796	chrome.exe	86
PID 4796 wrote to memory of 4412	4796	chrome.exe	86
PID 4796 wrote to memory of 4412	4796	chrome.exe	86
PID 4796 wrote to memory of 4412	4796	chrome.exe	86
PID 4796 wrote to memory of 4412	4796	chrome.exe	86
PID 4796 wrote to memory of 4412	4796	chrome.exe	86
PID 4796 wrote to memory of 4412	4796	chrome.exe	86
PID 4796 wrote to memory of 4412	4796	chrome.exe	86
PID 4796 wrote to memory of 4412	4796	chrome.exe	86
PID 4796 wrote to memory of 4412	4796	chrome.exe	86
PID 4796 wrote to memory of 4412	4796	chrome.exe	86
PID 4796 wrote to memory of 4412	4796	chrome.exe	86
PID 4796 wrote to memory of 244	4796	chrome.exe	87
PID 4796 wrote to memory of 244	4796	chrome.exe	87
PID 4796 wrote to memory of 1828	4796	chrome.exe	88
PID 4796 wrote to memory of 1828	4796	chrome.exe	88
PID 4796 wrote to memory of 1828	4796	chrome.exe	88
PID 4796 wrote to memory of 1828	4796	chrome.exe	88
PID 4796 wrote to memory of 1828	4796	chrome.exe	88
PID 4796 wrote to memory of 1828	4796	chrome.exe	88
PID 4796 wrote to memory of 1828	4796	chrome.exe	88
PID 4796 wrote to memory of 1828	4796	chrome.exe	88
PID 4796 wrote to memory of 1828	4796	chrome.exe	88
PID 4796 wrote to memory of 1828	4796	chrome.exe	88
PID 4796 wrote to memory of 1828	4796	chrome.exe	88
PID 4796 wrote to memory of 1828	4796	chrome.exe	88
PID 4796 wrote to memory of 1828	4796	chrome.exe	88
PID 4796 wrote to memory of 1828	4796	chrome.exe	88
PID 4796 wrote to memory of 1828	4796	chrome.exe	88
PID 4796 wrote to memory of 1828	4796	chrome.exe	88
PID 4796 wrote to memory of 1828	4796	chrome.exe	88
PID 4796 wrote to memory of 1828	4796	chrome.exe	88
PID 4796 wrote to memory of 1828	4796	chrome.exe	88
PID 4796 wrote to memory of 1828	4796	chrome.exe	88
PID 4796 wrote to memory of 1828	4796	chrome.exe	88
PID 4796 wrote to memory of 1828	4796	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://afsv.org/adobe-photoshop-lightroom-classic-cc-2018-system-requirements-free-download/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc704c9758,0x7ffc704c9768,0x7ffc704c9778
  2⤵
  PID:1516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1792 --field-trial-handle=1812,i,13708937436203053141,16488483949317003731,131072 /prefetch:2
  2⤵
  PID:4412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1812,i,13708937436203053141,16488483949317003731,131072 /prefetch:8
  2⤵
  PID:244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2244 --field-trial-handle=1812,i,13708937436203053141,16488483949317003731,131072 /prefetch:8
  2⤵
  PID:1828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3108 --field-trial-handle=1812,i,13708937436203053141,16488483949317003731,131072 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3128 --field-trial-handle=1812,i,13708937436203053141,16488483949317003731,131072 /prefetch:1
  2⤵
  PID:884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 --field-trial-handle=1812,i,13708937436203053141,16488483949317003731,131072 /prefetch:8
  2⤵
  PID:1444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4684 --field-trial-handle=1812,i,13708937436203053141,16488483949317003731,131072 /prefetch:8
  2⤵
  PID:644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4752 --field-trial-handle=1812,i,13708937436203053141,16488483949317003731,131072 /prefetch:8
  2⤵
  PID:3812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5288 --field-trial-handle=1812,i,13708937436203053141,16488483949317003731,131072 /prefetch:1
  2⤵
  PID:2692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4568 --field-trial-handle=1812,i,13708937436203053141,16488483949317003731,131072 /prefetch:1
  2⤵
  PID:4232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3316 --field-trial-handle=1812,i,13708937436203053141,16488483949317003731,131072 /prefetch:1
  2⤵
  PID:948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 --field-trial-handle=1812,i,13708937436203053141,16488483949317003731,131072 /prefetch:8
  2⤵
  PID:3328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1664 --field-trial-handle=1812,i,13708937436203053141,16488483949317003731,131072 /prefetch:8
  2⤵
  PID:1960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5848 --field-trial-handle=1812,i,13708937436203053141,16488483949317003731,131072 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5956 --field-trial-handle=1812,i,13708937436203053141,16488483949317003731,131072 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6076 --field-trial-handle=1812,i,13708937436203053141,16488483949317003731,131072 /prefetch:8
  2⤵
  PID:5108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6288 --field-trial-handle=1812,i,13708937436203053141,16488483949317003731,131072 /prefetch:8
  2⤵
  PID:2248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6268 --field-trial-handle=1812,i,13708937436203053141,16488483949317003731,131072 /prefetch:8
  2⤵
  PID:1884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6464 --field-trial-handle=1812,i,13708937436203053141,16488483949317003731,131072 /prefetch:8
  2⤵
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6688 --field-trial-handle=1812,i,13708937436203053141,16488483949317003731,131072 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3232 --field-trial-handle=1812,i,13708937436203053141,16488483949317003731,131072 /prefetch:8
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6504 --field-trial-handle=1812,i,13708937436203053141,16488483949317003731,131072 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:5004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5688 --field-trial-handle=1812,i,13708937436203053141,16488483949317003731,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1964

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4052

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:644

C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\Temp1_Adobe photoshop lightroom classic cc 2018 system requirements.zip\downloader.msi"
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Suspicious use of FindShellTrayWindow
PID:1888

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
PID:4312
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding B573FBD171C0ECAC0101CBB0EB579877
  2⤵
  - Loads dropped DLL
  PID:3308

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5080DC7A65DB6A5960ECD874088F3328_BC00434159DAE8351451CCE9C748F5D7

Filesize
2KB

MD5
01c8e817b69304beb24aa2a14c8c50d5

SHA1
78cbf8d760c2e65db149b6590e0bb470708edf79

SHA256
18a8bad77de0f77c320d8904f2b17192c88dd5ce3c97cfea423c01e944e2f1e1

SHA512
b2e8aafeffe1e6897130f1f75f32b9a4ae896b3113b6992bb2deec1117523a0587d175316d887eb63a21bab0c3780a75f5d57b12604acba76d408321069332ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D2B5168CDD0EBF4C0C8EA1C3A1FAE07F_F44F4C497E93B2E2FFBA7356C03D6465

Filesize
509B

MD5
eefa7d57f4f3e58e1e78dadc83380ffc

SHA1
125a3bbf0f48f89ed17c342cc3c092925c834392

SHA256
0482d863056999883a50bce2a264b7b57c6d3b178fda8c6f545189d7348d47d4

SHA512
5c9905ac9d1509e62230b3b50040fa63267f41be9f56f9e2de118d391d7ef1bcf3866b92486d09dfcc6dc0c1d5d31f82c531a62909e12dd0b3398acae025bbfa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_BC00434159DAE8351451CCE9C748F5D7

Filesize
490B

MD5
992adee284884f3edfac550c21ef67a7

SHA1
7c7fea8a8a2a768103b5422ace31d20d6bf98ee4

SHA256
43d00ea090e1de93e6c10f9894e968561e3de152e9a5c04599fdee0b1dae7d54

SHA512
c1ce4009a2f3ae6c8ebb9c9e343b8a24908b962bbf930d47208380d6bf73cc9cecd1517eabcc73e2f090edb58dd250f2e7724a5e37eff98e1879a7efd1a7f704

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D2B5168CDD0EBF4C0C8EA1C3A1FAE07F_F44F4C497E93B2E2FFBA7356C03D6465

Filesize
498B

MD5
628886f926179a09006af693336c163a

SHA1
077210e3074baf09de330bf2f2a1b7ff14973110

SHA256
81a6d225b6c05b29b891746ed54223bd2c4040f3d6305b53485fc9fc149068ff

SHA512
c2b079396fce7f12e27c631aaa36f12486f6115be935e8ba00a62372eb448333cf71aec2cee6776a0db82926cfe2f635a5c827492c2c8d5a41d264092ac3fff8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
160KB

MD5
fa6149f8c3296135f4df001ad8bfde7b

SHA1
30552f7994fbcb3012362651f7c1ead1b672b0cf

SHA256
846db6fc429a1a1b297bad301abfab64ff1b4ed698041e486015ce33318640c5

SHA512
12db8b41ded054de70089c33157e1e629ad6016013ab0ac571351ac5870d6bb4de403db70974c745a3173c2169b71749113e9cdca0acae5f24c1d5e29c8215cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
4258de3a0f0bb40c1404e298047d57ab

SHA1
d460897f1be44ca4f225c3399b7f63386ae0c45a

SHA256
f1da7e911870516b571789406290536015e30b208c3f4238d4d6ed06cce3c3d8

SHA512
cf87344a7d83b0c232672535bfa49e96f0b3fb4997b4731d9c019278d78576e464af9e35d06e4e84d53762c454a689ce2e7718d7a3d8e694c24222fea2415fa4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e2363b18a1dd8d50d77785037383b1de

SHA1
a5e5e076dedb4a9d86e2a47a8bb73b633bc9494e

SHA256
a20a0a5acc3d7710e555f6a532e11d8e598e9b355753966205384535a1a7550e

SHA512
90e9a1e748973334cd4e9c4e9503c69fd34fc8b6429348c7aeade1392df0f144b5d2b5a3b903e5422afb333024c222db68ebc93f5a65aff90d9d337f618cd3f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
0ab720029fbb3f70c2065eebf1b46ce3

SHA1
2ab0dbedb2a59a5b8e7e4c0beb74211a9ba20a8b

SHA256
6a4f380e14a96c0f8c5196d82746983970a975b09d3fc4e2993e50a9d32d8117

SHA512
1a6f4a306283ff952f7e268e4bfeecb3e962de5d85c12a6586e38892accdf28351e5ac0aaa69cac5508f8c4bfe7e08225ad77d5df581d68068c93f429a8e870d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
9f4b540efa419822672e094712f40cd0

SHA1
a279599204a06f9e5938b4f18ea08f827288d680

SHA256
f095ad1cb19e9486db72c436863f2d3efa47ffb69fbbac2f2211c47049cff126

SHA512
787cc12b0a9eddbbad02c554f732a2825be0e7ee3488e51a8017881a7a09bbe1746df8f727cb81f33d0a77aca25662658c3ad067695a827084e2685eb6771737

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d56e94f605c1ca93eddaa5c128ac1089

SHA1
eae443e4887e34eea126d585eced6cdc02e35e85

SHA256
40785ffcd902e1b0c6f6672b702a1dffe5d4a177beb8d318898742737d604bee

SHA512
12c58122aa25e1a7cab3d23318694f878d27b5e9939bbbeb630e9b732ddb192e3aad9609ff8c7f50e8d762d9fbf75fcbf4f343df9495a0676a23fbe1023e9fb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1d9954b53f26a024f73d5e8e1e15267a

SHA1
cd693cf4032213f627667ea17403bb8861e1612e

SHA256
25ea917cf630a8009a9e381047f49923c6f9be7cf9a2ce2a7162fd9842a1e6d1

SHA512
60017fa7880ec339506010d6589eae4da44af5ca80bb9969c15904d953653aec055d1a908a60e2baf05060304ff7f6c5789b53f2e4deaad71610f8670b1895c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f6fd658e210d33e20ea6e566899e2bac

SHA1
e6c04a7ab354415e1a08e69922da7ebff427a97f

SHA256
1e9481c196eab632fdc45177e2a6cb055a58d6c9d9212ecf180393da8b65489f

SHA512
8cc193e3847bf0c07b5c4e76dc5324152178c6ec57eaaa8ca7507d05aac55437c28f7ffb2638f039ad8c81090f40dc99c7e57e0d19dc5fcab6c4198310625313

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8dc683a4ab9a99355d756cbc0067587c

SHA1
7202bd6344f7bb797588f569431cf95bdb0b2d9a

SHA256
2885cb93f25d4e22cb4d1b4ef3cdeb542b492cbe111d7214db22aedfbc714d1a

SHA512
7f80352b5ca0a6e87fd3e68a5e82e59b6073d6adc08e6da24f1798a1287e35ca1881239aabd5fbb89d720bda9af38dcad6611e835c6284eb2bbbc332cfd7f83b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7add72c1918d3e2fa42bfe30369cacec

SHA1
852770bb8fd80ed95c31e8e2819860653c116cc5

SHA256
e4f5b55fe76f073ba766ab9ad1cf8c24ca425baa5fbe3da6a5229f9381ee49e6

SHA512
83d66c0fe4723d71aa21339cf811421a708a27bd32d641021fb4e281a69c8f0aed87812c3705062108700632cca4619d55487e2f0d7e345298ef8ddd2f506c44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c0dd58c75da72d9657dcc30bfdc3cb2c

SHA1
33447641b423db251d9a21495a395a8be1bc3edd

SHA256
3efa8ffc311aa1fd7ce018419db75d9fe92abb9ce3d86239ebed7671453f7dde

SHA512
09ecc611f524ace547d0cdf39536e8c472ffbbd6eaef78ee664a43d58169014c12a98138de7a04414a49bd8099ba040ac84c35a3adbcc7949b7d17ee368a021a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
90c10f82e20dc0fb47c7acc7d1ed0b4f

SHA1
188d17941d8e519ede6dc2f30676404777afb9b2

SHA256
de7d4db29f4283cc4e9bb3539d17ffec44e21143e19ddccc1afbc6e87050ad3e

SHA512
a8357ac9089b874b4d75a73c584badc741aabae26ec0749d081fa1cc494e33b0f10720454fd294cea621229d9c742e984635c3c3c7ffb4ec68403fc913899bc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
962be628d9b2f2e83d1e6cb00bdea382

SHA1
8ab9325b1e9093124afc78761e2327f8abf98038

SHA256
5e745c60cdad7d61658f415a8e31696812a5accb4218b248dcdc65155f98894b

SHA512
0151d788d55ff5f954d293864b0201b56275931f92b76ff84641ca7c287077b43d4c41becf71137d84d2bdd56a5dbeaee9d4488ffaeb087142e8f7def75cafa1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
fe611b96db833017d6a6d1469c149202

SHA1
cbb8df2acdf5059bbb3b2e925c304df7af1e7fa8

SHA256
5bf25c7a212a2912e762ee9b42e66c5dc083c0aebfcdf35b3c999148d69b68d5

SHA512
7d97d2ca593bf3d095ab03300f97c3bf50e1279e8aee046d4b4f4883bb2d1501006420e8011ee392cf0fb3ff00c24468c794442bbf2b4513a4519e76144d8608

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
32c4b813025509404c82b7d4b8355958

SHA1
1b8dcf068cac0dc019897457a00177f4d8002466

SHA256
fcce70d010765f9d5c7b41efcfaeec243e25782511f8745af1ac1b34f34925c5

SHA512
40ecdbe9e2f61a249fa2db96c6badde2d5144f7be8076a51f3a42c717a90e0a094cf9b610ea73f7a463e4eb86caa745fd825147b02e9dd3a4c299dff819da29d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
dacfa792086c5d10f73cbdbc7d92f555

SHA1
2e6b521bdcf7e18d7e7e97bd4985a09ac45b529a

SHA256
1414442e728e4ec01353e47e275618ba53df62ca8b5bfe326e75db6d8bd7bd3c

SHA512
ff1265713dee27fcb2e51a261acd28688fb72e36f3d8a9c749bb09e8c6c7e34c311250b47e94043ef87dc377b25924d09e819c390ff51b7358b69be16a063fc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57a4bc.TMP

Filesize
48B

MD5
a899eece94188f116e5135e8c524d76b

SHA1
ffd424daec5dd26085104c4c9530c463c51809c0

SHA256
7603af1e5365a344195485e82cffdfd7c4c25d77b352c54a336aec678ad9c6d4

SHA512
42479aae8029b21c8d9b972baea893a33f31a468e97a3e89725c9fa1d3bf807393209db92deb1924b27ca350966da3bafe11e1b1b2b3bdfed177539d397debd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
143KB

MD5
8d6b019d48cbab0580020ec93f9408b1

SHA1
2a5504af70e5562d7c4302c0950131a4ecca6310

SHA256
9da26290cd40570c23caa7629b293b01bc31b11a8966febabf5d4308ecf4fe64

SHA512
7a9c26c1960084d8f7283bc8280c37c81b97debf4ea9f0197d101763cc745490c2060ebaa77311a43195f6456cdcb573340dce7f74779631368c5d1319382a8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
143KB

MD5
f6bc12ee50c1ee82a725c24e81b9569a

SHA1
24d203b0b31aa190e65b1a39e775057bab7cce06

SHA256
64ea6e0c269da87532e527770808a6169b005489c47044dbf389c6110aa6478d

SHA512
2dde6b5aacbc4d9b8c9a70f2ace9c0267089e7263186b0212e21a703aaa300d875e94498e2d6d1ae1b22ea039bd7ca698743936a935cfd7cbb1d4bb1d584de35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
110KB

MD5
037d38dac3527e07e6935324882f5905

SHA1
dff909d713634fd245c901e575ef613290d36c69

SHA256
2f7527553ebfb2b4038361180887ec52a82e86fe6f1be77f52066f4d37b827ea

SHA512
214aa92824ac25dd75d93db089ceff5c00f0ec1927b3f8ce6ff3cf2f2410cb4a5d3799158f432796cc2bb6478ac2e8d5aff71e3a9455f11900ba32aa6e6d0d7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe574d64.TMP

Filesize
100KB

MD5
a8e393177d74b5b0b6e6745cd332a54a

SHA1
7de7c9d4cd98b339ddebc6e0831a4bac6f16f1fb

SHA256
7fcde5a9d6fe45ce0c1c616e9bb60197a5d5e513820ab2c15b8074f77cf88915

SHA512
f99b79619f45f2a6c518fa1fc48685021790ddbcdb4fcb560852a094268af6a8348f256c751a7d68227187699ece38b1c20fbb92faa25721d6335c40e5320b13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\Adobe photoshop lightroom classic cc 2018 system requirements.zip

Filesize
1.9MB

MD5
1eeaf2d90cbf6f38604e496f03fbf7a6

SHA1
c3f250aaf56a021b05e421b9612960b5e0ae63b4

SHA256
75d4955521cc256f763ff010aa97780782352411c39fbd7a3ddd1c1eb424afd6

SHA512
556172a23345eda669562b4b8f0f28f10df309be08f1ab6bd31e8976a121ef87bfece13b8ff986dd68b899761635de9493a23c56803515c23df1d4ac055d65e7

Download Submit
C:\Windows\Installer\MSI35E0.tmp

Filesize
495.6MB

MD5
8711f1bac117eebd505b950534191b89

SHA1
bf5003bb570b6fb073718537fe46b0f3db069d08

SHA256
4062ec5a80778521d632763e247f6740032208ec59235532e5cae231340e141f

SHA512
a063e6aedf21ab1a36981ef21f9c6db9352834d4d7ffb7ced77c7c0e07e2bb2f5a49a23e2706e5e59cd2e3641740a8a6f6abcbc0dfce798df42050bc3397865b

Download Submit
C:\Windows\Installer\MSI35E0.tmp

Filesize
495.6MB

MD5
8711f1bac117eebd505b950534191b89

SHA1
bf5003bb570b6fb073718537fe46b0f3db069d08

SHA256
4062ec5a80778521d632763e247f6740032208ec59235532e5cae231340e141f

SHA512
a063e6aedf21ab1a36981ef21f9c6db9352834d4d7ffb7ced77c7c0e07e2bb2f5a49a23e2706e5e59cd2e3641740a8a6f6abcbc0dfce798df42050bc3397865b

Download Submit
C:\Windows\Installer\MSI35E0.tmp

Filesize
495.6MB

MD5
8711f1bac117eebd505b950534191b89

SHA1
bf5003bb570b6fb073718537fe46b0f3db069d08

SHA256
4062ec5a80778521d632763e247f6740032208ec59235532e5cae231340e141f

SHA512
a063e6aedf21ab1a36981ef21f9c6db9352834d4d7ffb7ced77c7c0e07e2bb2f5a49a23e2706e5e59cd2e3641740a8a6f6abcbc0dfce798df42050bc3397865b

Download Submit
memory/644-239-0x00007FFC8CE90000-0x00007FFC8CE91000-memory.dmp

Filesize
4KB

Download
memory/644-238-0x00007FFC8D100000-0x00007FFC8D101000-memory.dmp

Filesize
4KB

Download
memory/1964-635-0x00000252987E0000-0x00000252987E1000-memory.dmp

Filesize
4KB

Download
memory/1964-637-0x00000252987E0000-0x00000252987E1000-memory.dmp

Filesize
4KB

Download
memory/1964-643-0x00000252987E0000-0x00000252987E1000-memory.dmp

Filesize
4KB

Download
memory/1964-636-0x00000252987E0000-0x00000252987E1000-memory.dmp

Filesize
4KB

Download
memory/1964-646-0x00000252987E0000-0x00000252987E1000-memory.dmp

Filesize
4KB

Download
memory/1964-647-0x00000252987E0000-0x00000252987E1000-memory.dmp

Filesize
4KB

Download
memory/1964-648-0x00000252987E0000-0x00000252987E1000-memory.dmp

Filesize
4KB

Download
memory/1964-649-0x00000252987E0000-0x00000252987E1000-memory.dmp

Filesize
4KB

Download
memory/1964-650-0x00000252987E0000-0x00000252987E1000-memory.dmp

Filesize
4KB

Download
memory/1964-644-0x00000252987E0000-0x00000252987E1000-memory.dmp

Filesize
4KB

Download
memory/3308-653-0x0000000021D80000-0x0000000021EA9000-memory.dmp

Filesize
1.2MB

Download
memory/3308-659-0x0000000000DF0000-0x0000000000EE9000-memory.dmp

Filesize
996KB

Download
memory/3308-661-0x0000000021D80000-0x0000000021EA9000-memory.dmp

Filesize
1.2MB

Download
memory/3308-676-0x0000000002F10000-0x0000000002FF1000-memory.dmp

Filesize
900KB

Download
memory/3308-677-0x0000000002F10000-0x0000000002FF1000-memory.dmp

Filesize
900KB

Download
memory/3308-678-0x0000000002F10000-0x0000000002FF1000-memory.dmp

Filesize
900KB

Download
memory/4412-136-0x00007FFC8DB90000-0x00007FFC8DB91000-memory.dmp

Filesize
4KB

Download