agenttesla | hxxps://www[.]mediafire[.]com/file/t9usn5skz63s9p9/Sipari%C5%9F+%C3%96zellikleri+pdf[.]tgz/file

max time kernel
1170s
max time network
1174s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
27-11-2023 07:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/t9usn5skz63s9p9/Sipari%C5%9F+%C3%96zellikleri+pdf.tgz/file

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Extracted

Family

agenttesla

https://api.telegram.org/bot6914781013:AAFw5Lm73ahTisnJp0Jdlgo14kV_jOgJDAE/

Signatures

AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
keylogger trojan stealer spyware agenttesla
Executes dropped EXE 5 IoCs

Processes:

QZ1NZs1eMs3oX5U.exeQZ1NZs1eMs3oX5U.exeQZ1NZs1eMs3oX5U.exeQZ1NZs1eMs3oX5U.exeQZ1NZs1eMs3oX5U.exe

pid process

716 QZ1NZs1eMs3oX5U.exe
2552 QZ1NZs1eMs3oX5U.exe
1996 QZ1NZs1eMs3oX5U.exe
1788 QZ1NZs1eMs3oX5U.exe
4852 QZ1NZs1eMs3oX5U.exe
Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

pid	process
716	QZ1NZs1eMs3oX5U.exe
2552	QZ1NZs1eMs3oX5U.exe
1996	QZ1NZs1eMs3oX5U.exe
1788	QZ1NZs1eMs3oX5U.exe
4852	QZ1NZs1eMs3oX5U.exe

Suspicious use of SetThreadContext 2 IoCs

Processes:

QZ1NZs1eMs3oX5U.exeQZ1NZs1eMs3oX5U.exe

description	pid	process	target process
PID 2552 set thread context of 1788	2552	QZ1NZs1eMs3oX5U.exe	QZ1NZs1eMs3oX5U.exe
PID 716 set thread context of 4852	716	QZ1NZs1eMs3oX5U.exe	QZ1NZs1eMs3oX5U.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exechrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

Processes:

chrome.exechrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133455432680201080"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 3 IoCs

Processes:

OpenWith.exechrome.exechrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

chrome.exechrome.exeQZ1NZs1eMs3oX5U.exeQZ1NZs1eMs3oX5U.exeQZ1NZs1eMs3oX5U.exe

pid	process
1520	chrome.exe
1520	chrome.exe
1684	chrome.exe
1684	chrome.exe
716	QZ1NZs1eMs3oX5U.exe
716	QZ1NZs1eMs3oX5U.exe
4852	QZ1NZs1eMs3oX5U.exe
4852	QZ1NZs1eMs3oX5U.exe
1788	QZ1NZs1eMs3oX5U.exe
1788	QZ1NZs1eMs3oX5U.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

Processes:

7zFM.exe7zFM.exe

pid process

3492 7zFM.exe
4628 7zFM.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

chrome.exechrome.exe

pid process

1520 chrome.exe
1520 chrome.exe
1684 chrome.exe
1684 chrome.exe
1684 chrome.exe
1684 chrome.exe

pid	process
3492	7zFM.exe
4628	7zFM.exe

Suspicious use of AdjustPrivilegeToken 59 IoCs

Processes:

chrome.exechrome.exe7zFM.exe7zFM.exeQZ1NZs1eMs3oX5U.exeQZ1NZs1eMs3oX5U.exeQZ1NZs1eMs3oX5U.exe

description	pid	process
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1520	chrome.exe
Token: SeCreatePagefilePrivilege	1520	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeShutdownPrivilege	1684	chrome.exe
Token: SeCreatePagefilePrivilege	1684	chrome.exe
Token: SeRestorePrivilege	3492	7zFM.exe
Token: 35	3492	7zFM.exe
Token: SeSecurityPrivilege	3492	7zFM.exe
Token: SeRestorePrivilege	4628	7zFM.exe
Token: 35	4628	7zFM.exe
Token: SeSecurityPrivilege	4628	7zFM.exe
Token: SeDebugPrivilege	716	QZ1NZs1eMs3oX5U.exe
Token: SeDebugPrivilege	1788	QZ1NZs1eMs3oX5U.exe
Token: SeDebugPrivilege	4852	QZ1NZs1eMs3oX5U.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exechrome.exe7zFM.exe

pid	process
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
3492	7zFM.exe

Suspicious use of SendNotifyMessage 48 IoCs

Processes:

chrome.exechrome.exe

pid	process
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1520	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe
1684	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

OpenWith.exe

pid process

1412 OpenWith.exe

pid	process
1412	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1520 wrote to memory of 3764	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 3764	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 4924	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 4924	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 4924	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 4924	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 4924	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 4924	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 4924	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 4924	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 4924	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 4924	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 4924	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 4924	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 4924	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 4924	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 4924	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 4924	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 4924	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 4924	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 4924	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 4924	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 4924	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 4924	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 4924	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 4924	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 4924	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 4924	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 4924	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 4924	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 4924	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 4924	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 4924	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 4924	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 4924	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 4924	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 4924	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 4924	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 4924	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 4924	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 4764	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 4764	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 4780	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 4780	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 4780	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 4780	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 4780	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 4780	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 4780	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 4780	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 4780	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 4780	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 4780	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 4780	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 4780	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 4780	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 4780	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 4780	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 4780	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 4780	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 4780	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 4780	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 4780	1520	chrome.exe	chrome.exe
PID 1520 wrote to memory of 4780	1520	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.mediafire.com/file/t9usn5skz63s9p9/Sipari%C5%9F+%C3%96zellikleri+pdf.tgz/file
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1520

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c77f9758,0x7ff8c77f9768,0x7ff8c77f9778
2⤵
PID:3764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 --field-trial-handle=1868,i,471304095434881127,14623208251788093117,131072 /prefetch:2
2⤵
PID:4924

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2096 --field-trial-handle=1868,i,471304095434881127,14623208251788093117,131072 /prefetch:8
2⤵
PID:4780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3020 --field-trial-handle=1868,i,471304095434881127,14623208251788093117,131072 /prefetch:1
2⤵
PID:4508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2000 --field-trial-handle=1868,i,471304095434881127,14623208251788093117,131072 /prefetch:8
2⤵
PID:4764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3028 --field-trial-handle=1868,i,471304095434881127,14623208251788093117,131072 /prefetch:1
2⤵
PID:1380

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 --field-trial-handle=1868,i,471304095434881127,14623208251788093117,131072 /prefetch:8
2⤵
PID:1400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 --field-trial-handle=1868,i,471304095434881127,14623208251788093117,131072 /prefetch:8
2⤵
PID:1904

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3976 --field-trial-handle=1868,i,471304095434881127,14623208251788093117,131072 /prefetch:8
2⤵
PID:3620

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4536

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1412

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1684

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8c77f9758,0x7ff8c77f9768,0x7ff8c77f9778
2⤵
PID:4344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3044 --field-trial-handle=2076,i,15382065915871372375,12189290010498974806,131072 /prefetch:1
2⤵
PID:4388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3016 --field-trial-handle=2076,i,15382065915871372375,12189290010498974806,131072 /prefetch:1
2⤵
PID:4940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2152 --field-trial-handle=2076,i,15382065915871372375,12189290010498974806,131072 /prefetch:8
2⤵
PID:1912

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1892 --field-trial-handle=2076,i,15382065915871372375,12189290010498974806,131072 /prefetch:8
2⤵
PID:2216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=2076,i,15382065915871372375,12189290010498974806,131072 /prefetch:2
2⤵
PID:3392

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4780 --field-trial-handle=2076,i,15382065915871372375,12189290010498974806,131072 /prefetch:1
2⤵
PID:4640

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4980 --field-trial-handle=2076,i,15382065915871372375,12189290010498974806,131072 /prefetch:8
2⤵
PID:3788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4948 --field-trial-handle=2076,i,15382065915871372375,12189290010498974806,131072 /prefetch:8
2⤵
PID:3384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4716 --field-trial-handle=2076,i,15382065915871372375,12189290010498974806,131072 /prefetch:1
2⤵
PID:1428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 --field-trial-handle=2076,i,15382065915871372375,12189290010498974806,131072 /prefetch:8
2⤵
PID:4452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5364 --field-trial-handle=2076,i,15382065915871372375,12189290010498974806,131072 /prefetch:8
2⤵
PID:1724

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 --field-trial-handle=2076,i,15382065915871372375,12189290010498974806,131072 /prefetch:8
2⤵
PID:3356

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1436

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Desktop\Sipariş Özellikleri pdf.tgz"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3492

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Desktop\Sipariş Özellikleri pdf.tar"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:4628

C:\Users\Admin\Desktop\QZ1NZs1eMs3oX5U.exe
"C:\Users\Admin\Desktop\QZ1NZs1eMs3oX5U.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:2552

C:\Users\Admin\Desktop\QZ1NZs1eMs3oX5U.exe
"C:\Users\Admin\Desktop\QZ1NZs1eMs3oX5U.exe"
2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1788

C:\Users\Admin\Desktop\QZ1NZs1eMs3oX5U.exe
"C:\Users\Admin\Desktop\QZ1NZs1eMs3oX5U.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:716

C:\Users\Admin\Desktop\QZ1NZs1eMs3oX5U.exe
"C:\Users\Admin\Desktop\QZ1NZs1eMs3oX5U.exe"
2⤵
- Executes dropped EXE
PID:1996

C:\Users\Admin\Desktop\QZ1NZs1eMs3oX5U.exe
"C:\Users\Admin\Desktop\QZ1NZs1eMs3oX5U.exe"
2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
226222977c175456a902b4b1963b2e0e

SHA1
6e6763fecc7e711768fafdbcfbc05a03ade9f65a

SHA256
43b4790ced93864ac2b364e312bed86e23e7d0e2015b65ec2544d94d1e11f728

SHA512
bc864ffd482b4bb0d49d3ecd0b69580c8faec638ab8eb918467548f97e8d7425298270597ff642559f8991b50ed3495373e4da19e67bc194aeed01aaede2f4d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
226222977c175456a902b4b1963b2e0e

SHA1
6e6763fecc7e711768fafdbcfbc05a03ade9f65a

SHA256
43b4790ced93864ac2b364e312bed86e23e7d0e2015b65ec2544d94d1e11f728

SHA512
bc864ffd482b4bb0d49d3ecd0b69580c8faec638ab8eb918467548f97e8d7425298270597ff642559f8991b50ed3495373e4da19e67bc194aeed01aaede2f4d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
788b4201248c8a21a2f7402f7f373b93

SHA1
18baea48a5c13c8810a0d39aeb19b7bd9dd4a96a

SHA256
975e1806bd32a25977ddb30a161fb3154633b3ceed793e5c6221ecec0c2a81e2

SHA512
3375905ab6dfc9ee5cb7d18b58422a4f474097683b5cd4040f6150549330a6580a0fa5cc7713c321d14977bfa5f2c9dbe31e4988d29cd4e71c88953e859741a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
430001d191bd695f6610fd33ccc5057b

SHA1
25b73d5c1f693c3fc18328f779f05b84cf104e5d

SHA256
70b280b3c141339d9ac2e0f55deb8467cfc55abab55eb694d78a0a5d2f52f10c

SHA512
a2c7e24eaaa63da073104d648e2033668f9075f6501fe7b386e62ab600f81aee2892f8033566276aa3f3e3aeea05fa90beb1f517599290264c5520388f4d0bbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
eff8ab5d5772bae68d757c8b2524e092

SHA1
69215ae76cbd18a71d22fcc833a20d05254a8828

SHA256
dff93e58b71b22e0b3ffa816abaec285d52f3f93778b01350a5f12cc79b180a0

SHA512
09c591eb20947725ce904bb239780459d32df6e84fbe8fc658e6520420b85a99be46aa8dac6c850d691650e80111771932b9c914faf8aedf32aafde975b45ab2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
320B

MD5
25ba8eaa2366f92f3aa93817120a9192

SHA1
cf0b2a014785d1b4988cddeed0ba372c3802d149

SHA256
d9dec291841b165f2cf1ed0a31c49d940fbdec8fa4e7b520d4ee2031f14059bb

SHA512
a7baa5f456bd8f68844d926e667037ddc44ff08e80fa1f6c58f16e48410e06175cedb9b1484058b15909c8c500072edc2372c0a699eba51275773cb1ade0019e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG

Filesize
327B

MD5
d98bd2116abf77220d67da5cb1e90332

SHA1
34472317befd63c109c2d13499b8bbeae4931857

SHA256
db176c7b4cdd047f1c3d9800c29de2e5a656222c4fd7a2bcbe965c9fb7ecd08f

SHA512
65495de7cc731879910ddeb63569401ea0a42f9ecb929b7bc03a13cfc1f3b896072b7934a48452f86a8300701031d69470ae646c57e61f9cc5e0429ab2a00612

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
148KB

MD5
f6df9caef1303584459eb9a9e6c4733e

SHA1
b9e7a74ed96230107eda36eab37c8cc90500fc55

SHA256
ed0d1aa48e21b37befc530c60996398e9dd05c0e81f3faf8b15cd2abe52f143d

SHA512
94791142831ea73a3b86bf9033306f2111a620a916b2ec85db6e4e25208726f5b680e591ee63683b86b97e4d44fe6c1dac29448d48048b8b0413b916b3903fdf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
cd30fa1616d38bf43345959691b23a0f

SHA1
22fed0f5c5ffd3297b121757fb76256856f8a48b

SHA256
1b4ffb0f76667fe4c58c9165ba8c1f84733cbc69ec6ad11ff6f8587932463c45

SHA512
49ce3d28f717f4de33b8df6847f0cf38e448eeebd97162d7ec1a6ee4ac67ff5695ff84b0f036a84023b616844363fb35a005a5f96e9c04f8d238511cef8f2aca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
20KB

MD5
8c6311d1adfda9f8caa64c3134581723

SHA1
e1fc7df17f89efdc83c42f6d22a104a86f1053e0

SHA256
f2df891b73abd75a19747a85d9e8ef51e5bb4fac5c33a77fc144149a761f9849

SHA512
867a64de11bf28125647af7fbf3581781c78ff7504ed9a87acd0f17edcd2d2467cb5b833b0385ce6335e7d520f8a6c477d3f2136180727896404208c1b72ed84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies-journal

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
898B

MD5
93e384d57428a6d668b1796d1fd81b72

SHA1
9e4d2135d400b2448f314b9cf5dfb06b699d566a

SHA256
1f54feeae495b76bd54b90658dcad0ad6b1d57e776ce54425e081a4939daef6d

SHA512
b866cf019a19ef6939b3133b120babe201b9ea84d2d988e099fefc940f06bd7ef56eac8700d1af691501f2acadbe9efb3011d82038a6c25ef4b72daf56c2cfd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
898B

MD5
93e384d57428a6d668b1796d1fd81b72

SHA1
9e4d2135d400b2448f314b9cf5dfb06b699d566a

SHA256
1f54feeae495b76bd54b90658dcad0ad6b1d57e776ce54425e081a4939daef6d

SHA512
b866cf019a19ef6939b3133b120babe201b9ea84d2d988e099fefc940f06bd7ef56eac8700d1af691501f2acadbe9efb3011d82038a6c25ef4b72daf56c2cfd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
2b4cd9a8b31cebe21d916ffd6479b96c

SHA1
580686c94fe7917717c7bed06273bd82055f327f

SHA256
ca0efe597a026ca7200a9e4f343d14e0a2d625894f12b69a12653cf345ca441c

SHA512
7e42811de2a5f631370974b2e92781830624d505a39b7f1d47cc5d94570e908b9ceed67315ca246af756ec767064664fa0fa4b31d7f9e1bd23bb4ae15a7faf16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
230f89a89d2bb63708bf2266ff236230

SHA1
5f7a89040db241424a59d8383db7ac0fe05494b9

SHA256
97bb22c8367a741406de3ccc96f52e5bfd3ca57a8fabb6bf80e0376a5c5a06c2

SHA512
8b8efa15012280d8f96a0df7ea54a6de7d5709ba447ba26bc0693681119fe9a1dbf904632ecd9d5015750f0591569af6414a4f777148ef707f07481516789630

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
367B

MD5
764a57a97cdf213367fb7c4b28fb987c

SHA1
7473258413f4e32a7e696657bff6a26a344df931

SHA256
cd441dc770d2fab4b35f07514532b898a0e565ff610ff954518725cd817c6b16

SHA512
ce692d2c9c2bcf3e2147c969cc0eb2953ef047b49b26db70f80b9aededd5bd13bf373e8425459fea1f4668b0491a7058bb9fbd0dd59c43e9ed28906652bf1442

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
367B

MD5
764a57a97cdf213367fb7c4b28fb987c

SHA1
7473258413f4e32a7e696657bff6a26a344df931

SHA256
cd441dc770d2fab4b35f07514532b898a0e565ff610ff954518725cd817c6b16

SHA512
ce692d2c9c2bcf3e2147c969cc0eb2953ef047b49b26db70f80b9aededd5bd13bf373e8425459fea1f4668b0491a7058bb9fbd0dd59c43e9ed28906652bf1442

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
59cd9bcfd78d9e53cc328664c6d7756b

SHA1
ad5c1c42c433b51e0c284a1fc6012a85e0d2abc4

SHA256
839242e3bda79e0bcc283c7f6d41f8093e0cde9a5100389fb7c780615290b0ea

SHA512
899f904fafcd299e4622d249265aef2d89566b930fecc0f311f7ee741a766261b0c3386e74ff94c76d30e7b5dd2030d64356ed830e3fc3919d8cf3a6f3781d74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d08b628f88c182f0af7df9df1e3fc3f6

SHA1
b4f4de2b269ff71e0312005125eb2dc16cca3adb

SHA256
c552767b125dde8fdf1375295279abea0e84fa58006ee1a2b5c030ef8263acd6

SHA512
80d861add87654c66aeac2706e6657ebd3ef970d71161ec41cf60d3a7b796ad97a30099b94b6550db9e71885a5cb6fdc8d35f874da03c9010446962f3b1f7b2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6fe16a2b8183afe84c0fe3c68caaf4b0

SHA1
ba461513f87345ba26a57cc3841a9d5430cd4502

SHA256
092ae60b0a4195b71544b144ffa674f01847ec43866fd92dd1e42d644b020974

SHA512
1c42899e461e9dad14d85708b5d3c211971e91f41ad9c74b56a4ddf2f6d42ee05a44f71853ce109e7ac8bef772a1353671adbe69c97943195fefd9c05db4d497

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
83f84dde98927d1b5a306b5d72bb2da9

SHA1
744bde54effd2f2f05a6e265bc90689a29ee329f

SHA256
89452f63a65c7cf5498402ddc60455f57ea80ab2012b810e1b8b067fbfee9b95

SHA512
f115ec69da7756e701e49fe3b67b4d692437d59af29718124d003ead03a85426ab79e47156831dccef16a9a0cea05d5e36d06b6656559909e5b0109758ac10d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

Filesize
232B

MD5
8a30a1fdd0459d9ea8b1e78a8e636856

SHA1
9d7225e97f9cfcfb225cfbfd0b0bba21d4efdd20

SHA256
88fe1d31608930f2738d102d45c75dc77acdf01a1b69bfb7e7c0281575b75e33

SHA512
b529bce870cd8165bf82f3ebf94f07552467bd0993b9d35145182e54e26fb2ae8e7bb167d88267b632757e2146f27dfddf8867db0c66e5dcc306db12ec6b7bef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
317B

MD5
48462daae8621e148bba21c1a60c0718

SHA1
b26c8382048429bc41eb9c5826286b49c44859b3

SHA256
8656ad65646585bbf74ec0d0dc65fda07b35b37c808e1f79adf462c42a44fd1d

SHA512
213ccc17fb3ddb8890330422d8ea70030e7922bea6ec9914f35053488ce15df5224db2ca0e52a2c5606c58d312639e7b8ed5f612fa3c10976695b2c47cfb8907

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13345543269028058

Filesize
484B

MD5
2daaad7c9557df690fd3f6ed7d4b3fbf

SHA1
61f1b04231ef2171a6ad20a2cc011d855eec98ff

SHA256
0ce3ce72f79feb3e64170b641d4cc2a4bf5ff2d82abb5c43a845c55cdd9619d5

SHA512
788d6fe8addc8353b7445dca357600e55540b001fd4d0fa3ba7eb6a5fbe2d9563e6d0edcc76edef86f91947954751f12cfcebb86d7f3cd1af1463e4567822449

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
58b030fd80b32576e7b5f6d4f62e4620

SHA1
74498c738e0a425037813688907d2e424b05253d

SHA256
980630a596d01f8be9bf901f9e7c8aabf395e3d9cd38fee8459c6357a7173f11

SHA512
8401471ba83fc69f32735e1a3e8241109a2267b20bc7c7d9527f7b47b6235ecf0690527797549ef3606f06b8b9b0c69d4534cb4b52af643a961af7ef2a181f89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

Filesize
8KB

MD5
0940a728ec4df1b040bb8eedbc42959e

SHA1
f384f71d7904e2819ce8b61891ffc4ac9ee161bd

SHA256
788eac47037530c4c3acc6be5e257bc21489c9193afc3b49b1a738f59718c189

SHA512
21b39e5fe6f4e2959d9e6cf0d8d9f86af609de55b9bce61c4f35c849ee2cc860617071adccd3cbde1a2666c09b9f5972e97e98dabf69e49c166c731355f5e0ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
d1eede7c7c6711f9de18dec4e4ad7408

SHA1
b721b0105cf972106d9095741ec4f6778c192add

SHA256
d13fa4c0dc41f41eff60d600eed468a125f8f4a6baf87310a70c839e43e3d742

SHA512
22d49be6976b5e345079f51af26e18434bbfd65f5e4eab1bf3096215a314fc525c4a7cdf289b3777d4fc4919f92755ba36f4cc2e1a37dd586df4f0ac515fa22f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

Filesize
3KB

MD5
60d05c4d921089b52bf2b5fcfa3bf8c1

SHA1
43babb90d883bd7dfacc99625a74b5840c41687c

SHA256
79f146fb1f985a7508f6baa22ad4d396ffa33982d83fe99cc154dd780ee31487

SHA512
222b7f9c46658dc4fb393eed5e8ce0525b04b9d9380daae4e583e3889517ccf577daa34f23328c0ba43153430689e49924ef3d10da3681ffd5c0a473f556e93d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
320B

MD5
c9f39aaf6f26394f8cebb81de93bb349

SHA1
49b66eaaea1173726af277870606b496affe9231

SHA256
f6b1d3f318f84506383486a2ff6a3a2293fdd9e859a4eb30230fba2ee8edd1ed

SHA512
9a3307238aa47aa2219ef8f4a83190cc9f99f9fac906168a5aadebfd2d88606683af14fb902d483f8b3fcf173abd06e68bc7c3ef0e728e7a1f3f1c8f644704d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
889B

MD5
6e916c98efa38f7ba9ef2246b1cbfdd0

SHA1
0d5b6a8d108229cbc9bf64d4a25d5d768676234a

SHA256
a328ade1d7f4240cb6362f1199e61df6a01fc81af5dda7ded0bf8997007ad471

SHA512
267d10ba219dda490479e4e6cfdfdf186da4902377c55a50c419cbd39bc202ced65dcca3f7ba098710d7d9a011bd843065eddf77a295d5287138965a4058f5b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
338B

MD5
9ea1e73bfc92f63fb37e4468b645e124

SHA1
ef28385293221b62b70098f6a445425795da0dc1

SHA256
0f05b9dcab4a5b71483af692d64d45ae9238778f6da9220f35d45d2f120216e0

SHA512
910b7d13c1a044805314a601b1ae15a080b56d27045a0ec2e0e7a5a0a918ef897a1a7812e108b0e41331b9c19ac0c4a774e776c4683285daed7a736d6ebaccd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
8db161097057b4fa1006215770c469e5

SHA1
3cc7a38472d0e4edda8894046ceb8d1b773f2414

SHA256
46d25a169d2891f5fafe7ea09ceb805d5e6a0bb05659581b99f002e02c01b652

SHA512
b785355c83daed87a2561657eda040c24edb3e1899414b4d0b37f6e783cc9bafb12d81415e2caff556dab21664d28dd1fad2954fb8ecd123290ac598a575fc9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
ce34f52360d51b68534b7cc763c12708

SHA1
4102a01ff100ec076a92bb16a5b7b630c62893ae

SHA256
d197b1d623114eb81850b05b5ea1b1e30705f1ec455819e0e6694357ef147875

SHA512
6abf6b538eb13673756a56cdf1631ec9affea913f8c1688e92b3ea6724ef206225f795087cc0d39538296fb1a0538f0ae8cde8014f5c97a8e7ac40e39031276d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
bccc1bf4fabffa4d71ba4c33d361950c

SHA1
4efa66d62df6ca4c109508f1f2958a510cb5ea6b

SHA256
0f36e8d0a7850644d2a18369f9f645adeefd49855365f9d57d3f30685692a264

SHA512
ab00765e817c9dc48defe9edbb2ed308346c0a31642202dc369dff3354c8bd63a20fbe10b5c5f3e47da1da620bae8e2f6d3b71a6859947041a7d54b96fb08543

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Browser

Filesize
106B

MD5
de9ef0c5bcc012a3a1131988dee272d8

SHA1
fa9ccbdc969ac9e1474fce773234b28d50951cd8

SHA256
3615498fbef408a96bf30e01c318dac2d5451b054998119080e7faac5995f590

SHA512
cea946ebeadfe6be65e33edff6c68953a84ec2e2410884e12f406cac1e6c8a0793180433a7ef7ce097b24ea78a1fdbb4e3b3d9cdf1a827ab6ff5605da3691724

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
9a98d99968371fe0354c8ff2c153bbe8

SHA1
b659850dfdb6487eb6f01f997407df31b3ab7540

SHA256
56b70b5c1fffe3b6d3a7c82bc4354800e5e41f89896e382dd4f4f77263e21989

SHA512
f6511923727e310d20278d7fcde4675f2d6d564507742712d3a34ef9cf30a54a5908b8bb7d8f0321295209613ac1b54cf693ff97f84fbe46ba3b2aca288b45f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
87f3ac7d3b519aef16cd5b2dd5bc7fe9

SHA1
c9c4e160e804b6fffe389eb2f1d7b7f74dc0d170

SHA256
d889f5e537975c07801ac5da88e507fc079f75c0583cd56590e7b6923947b9d6

SHA512
c17b05a3ea4a175173a889e3fbd1a478ebf57b6c367a2d12b731fcbea3e5a1dee552d2b174678a900f59bad56843a50f794f604da1aa41b667c6b262e5119927

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
220KB

MD5
069e3de627fc3ca7c08ab16017df9a0c

SHA1
065f7fc729dfe3d50427ff68955ea7ed947d3d41

SHA256
3c9fd6b20805caff0b718873122d0d0fcf37b3af2b861ac99fc5459571ac295b

SHA512
5328fd5ee2011c7101f47a658232a242812b96cae8d766a0abc6fd88bd7bf64d9529ffe81f5120c7a9a0103260e0ec6b996d557f80ac4e94be0e24bd1bc10bea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
87f3ac7d3b519aef16cd5b2dd5bc7fe9

SHA1
c9c4e160e804b6fffe389eb2f1d7b7f74dc0d170

SHA256
d889f5e537975c07801ac5da88e507fc079f75c0583cd56590e7b6923947b9d6

SHA512
c17b05a3ea4a175173a889e3fbd1a478ebf57b6c367a2d12b731fcbea3e5a1dee552d2b174678a900f59bad56843a50f794f604da1aa41b667c6b262e5119927

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt

Filesize
4B

MD5
be501e4a25be66ec967d36ebadbb5d86

SHA1
4b51fcf23c0fea996c631f210ff7ac1fb31f3368

SHA256
e2eed454e2115520576b0086fd5eedc0be12371b7eee831ff2214600c95d26d5

SHA512
b85f0f1c11cc2cc9ac252bbc60e332ff02bda90d4b482f000fd27ec2ecf22f497e8c60e6b86b1bd4f24541fa5b0f15bec63ac9b9865a25e1b07aefaf0823b929

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\QZ1NZs1eMs3oX5U.exe.log

Filesize
1KB

MD5
8cb8dbbb019a535fe00246c7afdb4270

SHA1
7d4fd9f302e4fc68a6fc3f95f0513c471ebfbb50

SHA256
2c4f3f1d603c33e8410ce061380ec7a1772db21bdc4b01d3ca4067500a391f86

SHA512
abc0cc34903b4d91f9f48ced799ee8019dcaa52f852e2b33cab42e92c3fd80a4ff2c71c12734836288c26165a77daa60badb6f0cc45ee8b6e1b431d3b1952a44

Download Submit
C:\Users\Admin\Desktop\QZ1NZs1eMs3oX5U.exe

Filesize
906.0MB

MD5
4f768ac7829fef8e664d21a7cfaf662e

SHA1
7503ec93439bfb17ab26df31eb9f61331e3281b8

SHA256
91e23aee42ff691031ff4d7fc115b27575072ce1e034ad079dc230b59c92244e

SHA512
b19314abd318abb26e9716a55527f7d3ced876dacb9d23bb101046037e19317804eeb286f6f272011b41c3211253bb2d7e7f1df2293b06a099ad22f8d0c90b44

Download Submit
C:\Users\Admin\Desktop\QZ1NZs1eMs3oX5U.exe

Filesize
906.0MB

MD5
4f768ac7829fef8e664d21a7cfaf662e

SHA1
7503ec93439bfb17ab26df31eb9f61331e3281b8

SHA256
91e23aee42ff691031ff4d7fc115b27575072ce1e034ad079dc230b59c92244e

SHA512
b19314abd318abb26e9716a55527f7d3ced876dacb9d23bb101046037e19317804eeb286f6f272011b41c3211253bb2d7e7f1df2293b06a099ad22f8d0c90b44

Download Submit
C:\Users\Admin\Desktop\QZ1NZs1eMs3oX5U.exe

Filesize
906.0MB

MD5
4f768ac7829fef8e664d21a7cfaf662e

SHA1
7503ec93439bfb17ab26df31eb9f61331e3281b8

SHA256
91e23aee42ff691031ff4d7fc115b27575072ce1e034ad079dc230b59c92244e

SHA512
b19314abd318abb26e9716a55527f7d3ced876dacb9d23bb101046037e19317804eeb286f6f272011b41c3211253bb2d7e7f1df2293b06a099ad22f8d0c90b44

Download Submit
C:\Users\Admin\Desktop\QZ1NZs1eMs3oX5U.exe

Filesize
906.0MB

MD5
4f768ac7829fef8e664d21a7cfaf662e

SHA1
7503ec93439bfb17ab26df31eb9f61331e3281b8

SHA256
91e23aee42ff691031ff4d7fc115b27575072ce1e034ad079dc230b59c92244e

SHA512
b19314abd318abb26e9716a55527f7d3ced876dacb9d23bb101046037e19317804eeb286f6f272011b41c3211253bb2d7e7f1df2293b06a099ad22f8d0c90b44

Download Submit
C:\Users\Admin\Desktop\QZ1NZs1eMs3oX5U.exe

Filesize
906.0MB

MD5
4f768ac7829fef8e664d21a7cfaf662e

SHA1
7503ec93439bfb17ab26df31eb9f61331e3281b8

SHA256
91e23aee42ff691031ff4d7fc115b27575072ce1e034ad079dc230b59c92244e

SHA512
b19314abd318abb26e9716a55527f7d3ced876dacb9d23bb101046037e19317804eeb286f6f272011b41c3211253bb2d7e7f1df2293b06a099ad22f8d0c90b44

Download Submit
C:\Users\Admin\Desktop\QZ1NZs1eMs3oX5U.exe

Filesize
906.0MB

MD5
4f768ac7829fef8e664d21a7cfaf662e

SHA1
7503ec93439bfb17ab26df31eb9f61331e3281b8

SHA256
91e23aee42ff691031ff4d7fc115b27575072ce1e034ad079dc230b59c92244e

SHA512
b19314abd318abb26e9716a55527f7d3ced876dacb9d23bb101046037e19317804eeb286f6f272011b41c3211253bb2d7e7f1df2293b06a099ad22f8d0c90b44

Download Submit
C:\Users\Admin\Desktop\Sipariş Özellikleri pdf.tar

Filesize
906.0MB

MD5
a18d42ded7ddc9d9c761e8205194427d

SHA1
9e648af554f7ba0ac084d642881951f1d475da91

SHA256
269da4f88353f8bc28e89b38358b22c8abd6d67365c553201b519c49bc4e7caf

SHA512
67ba156ccfdf77fb150c5ea91807c8afc2dc5c75a3e58e03e58cc5087d7db9de009a97c6ab7df796cb8da9fa42f343430d113a232f61eecbc044a212f3e29da6

Download Submit
C:\Users\Admin\Desktop\Sipariş Özellikleri pdf.tgz

Filesize
1.5MB

MD5
5906bb529c758cb49bfc28a7f2118a0e

SHA1
7aaacd5b41f06aa4c64ea6499fac5bcb25d564aa

SHA256
a4719468271cc9c9be8c60818725317467481b4963c898d18a37fedec68028ba

SHA512
ff77b02f8dfefd79b9b3295bd1acbbb630db58a929a2ed8f359bb67d728f1c82851926e510dc39ed3b8675916e666426f27aa4d832890a20b547a8a3d04b8911

Download Submit
\??\pipe\crashpad_1520_SVDEREBJLSEKQYPF

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\crashpad_1684_EOFJCKAETTVBNLQE

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/716-290-0x0000000001110000-0x000000000111A000-memory.dmp

Filesize
40KB

Download
memory/716-284-0x0000000074440000-0x0000000074BF0000-memory.dmp

Filesize
7.7MB

Download
memory/716-288-0x0000000004E80000-0x0000000004F12000-memory.dmp

Filesize
584KB

Download
memory/716-291-0x0000000005110000-0x0000000005120000-memory.dmp

Filesize
64KB

Download
memory/716-308-0x0000000074440000-0x0000000074BF0000-memory.dmp

Filesize
7.7MB

Download
memory/716-293-0x0000000004FA0000-0x0000000004FBA000-memory.dmp

Filesize
104KB

Download
memory/716-294-0x0000000004FC0000-0x0000000004FC8000-memory.dmp

Filesize
32KB

Download
memory/716-295-0x0000000000EB0000-0x0000000000EBA000-memory.dmp

Filesize
40KB

Download
memory/716-289-0x0000000004FE0000-0x000000000508A000-memory.dmp

Filesize
680KB

Download
memory/716-287-0x00000000054E0000-0x0000000005A84000-memory.dmp

Filesize
5.6MB

Download
memory/1788-298-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1788-316-0x0000000004ED0000-0x0000000004EE0000-memory.dmp

Filesize
64KB

Download
memory/1788-313-0x0000000074440000-0x0000000074BF0000-memory.dmp

Filesize
7.7MB

Download
memory/1788-311-0x0000000004ED0000-0x0000000004EE0000-memory.dmp

Filesize
64KB

Download
memory/1788-305-0x0000000074440000-0x0000000074BF0000-memory.dmp

Filesize
7.7MB

Download
memory/2552-306-0x0000000074440000-0x0000000074BF0000-memory.dmp

Filesize
7.7MB

Download
memory/2552-292-0x0000000005500000-0x0000000005510000-memory.dmp

Filesize
64KB

Download
memory/2552-297-0x00000000055C0000-0x000000000565C000-memory.dmp

Filesize
624KB

Download
memory/2552-296-0x00000000050E0000-0x000000000515A000-memory.dmp

Filesize
488KB

Download
memory/2552-286-0x0000000074440000-0x0000000074BF0000-memory.dmp

Filesize
7.7MB

Download
memory/2552-285-0x0000000000AB0000-0x0000000000B72000-memory.dmp

Filesize
776KB

Download
memory/4852-309-0x0000000074440000-0x0000000074BF0000-memory.dmp

Filesize
7.7MB

Download
memory/4852-307-0x00000000058B0000-0x0000000005916000-memory.dmp

Filesize
408KB

Download
memory/4852-310-0x00000000056F0000-0x0000000005700000-memory.dmp

Filesize
64KB

Download
memory/4852-312-0x00000000054D0000-0x0000000005520000-memory.dmp

Filesize
320KB

Download
memory/4852-314-0x0000000074440000-0x0000000074BF0000-memory.dmp

Filesize
7.7MB

Download
memory/4852-315-0x00000000056F0000-0x0000000005700000-memory.dmp

Filesize
64KB

Download