kinsing | cb75f1b1356e87ffc64352bbcd47fd05431cdccfedf672499c48fdd953b5cd4b

Analysis

max time kernel
869s
max time network
874s
platform
windows10-1703_x64
resource
win10-20231215-en
resource tags

arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system
submitted
25-01-2024 17:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

unblocker.pdf
Size

352KB
MD5

58e1544e10d0f339b5f50eaf63a62e6e
SHA1

812a8a29a81aecfecba8dd9ad382ae5e00abf92c
SHA256

cb75f1b1356e87ffc64352bbcd47fd05431cdccfedf672499c48fdd953b5cd4b
SHA512

85f79f5f78656477134914236b53d076b8c5e68d3e5dba6b7b5c735360ce140b7cd3d2cf6cd0e83c2e07c7676fb36a5396e7019d54b1142b3d98042e4bcac020
SSDEEP

6144:zISwrqYcmAxHG4R8Gb3fQOf/up4ve66vGrH+pDx4R9EkZxKiE7QE93e1ZYnx3C1E:zISwrZAxHNuxmv3rHODxWhKd73hnxy1E

Score

10^/10

kinsing loader

Malware Config

Signatures

Kinsing
Kinsing is a loader written in Golang.
loader kinsing

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AcroRd32.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exechrome.exe

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

AcroRd32.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3196661410-1888440797-2304965013-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies data under HKEY_USERS 3 IoCs

Processes:

chrome.exechrome.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133506764434205974"	chrome.exe

Suspicious behavior: EnumeratesProcesses 30 IoCs

Processes:

chrome.exeAcroRd32.exechrome.exechrome.exechrome.exe

pid	Process
968	chrome.exe
968	chrome.exe
2372	AcroRd32.exe
2372	AcroRd32.exe
2372	AcroRd32.exe
2372	AcroRd32.exe
2372	AcroRd32.exe
2372	AcroRd32.exe
2372	AcroRd32.exe
2372	AcroRd32.exe
2372	AcroRd32.exe
2372	AcroRd32.exe
2372	AcroRd32.exe
2372	AcroRd32.exe
2372	AcroRd32.exe
2372	AcroRd32.exe
2372	AcroRd32.exe
2372	AcroRd32.exe
2372	AcroRd32.exe
2372	AcroRd32.exe
2372	AcroRd32.exe
2372	AcroRd32.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
4372	chrome.exe
2248	chrome.exe
2248	chrome.exe
1868	chrome.exe
1868	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

chrome.exechrome.exe

pid	Process
968	chrome.exe
968	chrome.exe
968	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exechrome.exe

description	pid	Process
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	968	chrome.exe
Token: SeCreatePagefilePrivilege	968	chrome.exe
Token: SeShutdownPrivilege	2248	chrome.exe
Token: SeCreatePagefilePrivilege	2248	chrome.exe
Token: SeShutdownPrivilege	2248	chrome.exe
Token: SeCreatePagefilePrivilege	2248	chrome.exe
Token: SeShutdownPrivilege	2248	chrome.exe
Token: SeCreatePagefilePrivilege	2248	chrome.exe
Token: SeShutdownPrivilege	2248	chrome.exe
Token: SeCreatePagefilePrivilege	2248	chrome.exe
Token: SeShutdownPrivilege	2248	chrome.exe
Token: SeCreatePagefilePrivilege	2248	chrome.exe
Token: SeShutdownPrivilege	2248	chrome.exe
Token: SeCreatePagefilePrivilege	2248	chrome.exe
Token: SeShutdownPrivilege	2248	chrome.exe
Token: SeCreatePagefilePrivilege	2248	chrome.exe
Token: SeShutdownPrivilege	2248	chrome.exe
Token: SeCreatePagefilePrivilege	2248	chrome.exe
Token: SeShutdownPrivilege	2248	chrome.exe
Token: SeCreatePagefilePrivilege	2248	chrome.exe
Token: SeShutdownPrivilege	2248	chrome.exe
Token: SeCreatePagefilePrivilege	2248	chrome.exe
Token: SeShutdownPrivilege	2248	chrome.exe
Token: SeCreatePagefilePrivilege	2248	chrome.exe
Token: SeShutdownPrivilege	2248	chrome.exe
Token: SeCreatePagefilePrivilege	2248	chrome.exe
Token: SeShutdownPrivilege	2248	chrome.exe
Token: SeCreatePagefilePrivilege	2248	chrome.exe
Token: SeShutdownPrivilege	2248	chrome.exe
Token: SeCreatePagefilePrivilege	2248	chrome.exe
Token: SeShutdownPrivilege	2248	chrome.exe
Token: SeCreatePagefilePrivilege	2248	chrome.exe
Token: SeShutdownPrivilege	2248	chrome.exe
Token: SeCreatePagefilePrivilege	2248	chrome.exe
Token: SeShutdownPrivilege	2248	chrome.exe
Token: SeCreatePagefilePrivilege	2248	chrome.exe
Token: SeShutdownPrivilege	2248	chrome.exe
Token: SeCreatePagefilePrivilege	2248	chrome.exe
Token: SeShutdownPrivilege	2248	chrome.exe
Token: SeCreatePagefilePrivilege	2248	chrome.exe
Token: SeShutdownPrivilege	2248	chrome.exe
Token: SeCreatePagefilePrivilege	2248	chrome.exe
Token: SeShutdownPrivilege	2248	chrome.exe
Token: SeCreatePagefilePrivilege	2248	chrome.exe
Token: SeShutdownPrivilege	2248	chrome.exe
Token: SeCreatePagefilePrivilege	2248	chrome.exe
Token: SeShutdownPrivilege	2248	chrome.exe
Token: SeCreatePagefilePrivilege	2248	chrome.exe
Token: SeShutdownPrivilege	2248	chrome.exe
Token: SeCreatePagefilePrivilege	2248	chrome.exe
Token: SeShutdownPrivilege	2248	chrome.exe
Token: SeCreatePagefilePrivilege	2248	chrome.exe
Token: SeShutdownPrivilege	2248	chrome.exe
Token: SeCreatePagefilePrivilege	2248	chrome.exe
Token: SeShutdownPrivilege	2248	chrome.exe
Token: SeCreatePagefilePrivilege	2248	chrome.exe

Suspicious use of FindShellTrayWindow 53 IoCs

Processes:

AcroRd32.exechrome.exechrome.exe

pid	Process
2372	AcroRd32.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

Processes:

chrome.exechrome.exe

pid	Process
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
968	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe
2248	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

AcroRd32.exe

pid	Process
2372	AcroRd32.exe
2372	AcroRd32.exe
2372	AcroRd32.exe
2372	AcroRd32.exe
2372	AcroRd32.exe
2372	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

AcroRd32.exeRdrCEF.exe

description	pid	Process	procid_target
PID 2372 wrote to memory of 4976	2372	AcroRd32.exe	72
PID 2372 wrote to memory of 4976	2372	AcroRd32.exe	72
PID 2372 wrote to memory of 4976	2372	AcroRd32.exe	72
PID 4976 wrote to memory of 4812	4976	RdrCEF.exe	73
PID 4976 wrote to memory of 4812	4976	RdrCEF.exe	73
PID 4976 wrote to memory of 4812	4976	RdrCEF.exe	73
PID 4976 wrote to memory of 4812	4976	RdrCEF.exe	73
PID 4976 wrote to memory of 4812	4976	RdrCEF.exe	73
PID 4976 wrote to memory of 4812	4976	RdrCEF.exe	73
PID 4976 wrote to memory of 4812	4976	RdrCEF.exe	73
PID 4976 wrote to memory of 4812	4976	RdrCEF.exe	73
PID 4976 wrote to memory of 4812	4976	RdrCEF.exe	73
PID 4976 wrote to memory of 4812	4976	RdrCEF.exe	73
PID 4976 wrote to memory of 4812	4976	RdrCEF.exe	73
PID 4976 wrote to memory of 4812	4976	RdrCEF.exe	73
PID 4976 wrote to memory of 4812	4976	RdrCEF.exe	73
PID 4976 wrote to memory of 4812	4976	RdrCEF.exe	73
PID 4976 wrote to memory of 4812	4976	RdrCEF.exe	73
PID 4976 wrote to memory of 4812	4976	RdrCEF.exe	73
PID 4976 wrote to memory of 4812	4976	RdrCEF.exe	73
PID 4976 wrote to memory of 4812	4976	RdrCEF.exe	73
PID 4976 wrote to memory of 4812	4976	RdrCEF.exe	73
PID 4976 wrote to memory of 4812	4976	RdrCEF.exe	73
PID 4976 wrote to memory of 4812	4976	RdrCEF.exe	73
PID 4976 wrote to memory of 4812	4976	RdrCEF.exe	73
PID 4976 wrote to memory of 4812	4976	RdrCEF.exe	73
PID 4976 wrote to memory of 4812	4976	RdrCEF.exe	73
PID 4976 wrote to memory of 4812	4976	RdrCEF.exe	73
PID 4976 wrote to memory of 4812	4976	RdrCEF.exe	73
PID 4976 wrote to memory of 4812	4976	RdrCEF.exe	73
PID 4976 wrote to memory of 4812	4976	RdrCEF.exe	73
PID 4976 wrote to memory of 4812	4976	RdrCEF.exe	73
PID 4976 wrote to memory of 4812	4976	RdrCEF.exe	73
PID 4976 wrote to memory of 4812	4976	RdrCEF.exe	73
PID 4976 wrote to memory of 4812	4976	RdrCEF.exe	73
PID 4976 wrote to memory of 4812	4976	RdrCEF.exe	73
PID 4976 wrote to memory of 4812	4976	RdrCEF.exe	73
PID 4976 wrote to memory of 4812	4976	RdrCEF.exe	73
PID 4976 wrote to memory of 4812	4976	RdrCEF.exe	73
PID 4976 wrote to memory of 4812	4976	RdrCEF.exe	73
PID 4976 wrote to memory of 4812	4976	RdrCEF.exe	73
PID 4976 wrote to memory of 4812	4976	RdrCEF.exe	73
PID 4976 wrote to memory of 4812	4976	RdrCEF.exe	73
PID 4976 wrote to memory of 4812	4976	RdrCEF.exe	73
PID 4976 wrote to memory of 3900	4976	RdrCEF.exe	74
PID 4976 wrote to memory of 3900	4976	RdrCEF.exe	74
PID 4976 wrote to memory of 3900	4976	RdrCEF.exe	74
PID 4976 wrote to memory of 3900	4976	RdrCEF.exe	74
PID 4976 wrote to memory of 3900	4976	RdrCEF.exe	74
PID 4976 wrote to memory of 3900	4976	RdrCEF.exe	74
PID 4976 wrote to memory of 3900	4976	RdrCEF.exe	74
PID 4976 wrote to memory of 3900	4976	RdrCEF.exe	74
PID 4976 wrote to memory of 3900	4976	RdrCEF.exe	74
PID 4976 wrote to memory of 3900	4976	RdrCEF.exe	74
PID 4976 wrote to memory of 3900	4976	RdrCEF.exe	74
PID 4976 wrote to memory of 3900	4976	RdrCEF.exe	74
PID 4976 wrote to memory of 3900	4976	RdrCEF.exe	74
PID 4976 wrote to memory of 3900	4976	RdrCEF.exe	74
PID 4976 wrote to memory of 3900	4976	RdrCEF.exe	74
PID 4976 wrote to memory of 3900	4976	RdrCEF.exe	74
PID 4976 wrote to memory of 3900	4976	RdrCEF.exe	74
PID 4976 wrote to memory of 3900	4976	RdrCEF.exe	74
PID 4976 wrote to memory of 3900	4976	RdrCEF.exe	74
PID 4976 wrote to memory of 3900	4976	RdrCEF.exe	74

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\unblocker.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2372
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4976
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C4D4812EFDD616C858D16290DAA563A8 --mojo-platform-channel-handle=1628 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4812
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=DCFFE89A11704DBFC3FBDE827F177CA7 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=DCFFE89A11704DBFC3FBDE827F177CA7 --renderer-client-id=2 --mojo-platform-channel-handle=1636 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:3900
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=0BE2A45E166F9BF602FC0F279CBBA890 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=0BE2A45E166F9BF602FC0F279CBBA890 --renderer-client-id=4 --mojo-platform-channel-handle=2080 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2204
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B8C2061B207ADAF40ED52482511DD64F --mojo-platform-channel-handle=2484 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4796
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=3291FA4A498CAFA8AF6B3E98A9A9F146 --mojo-platform-channel-handle=2584 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3280
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=562C5E15B073BBB6F027A46A1D6E37EF --mojo-platform-channel-handle=2688 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffb7b769758,0x7ffb7b769768,0x7ffb7b769778
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1812 --field-trial-handle=1828,i,10155408328590608586,12855032914495974864,131072 /prefetch:8
  2⤵
  PID:4408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1516 --field-trial-handle=1828,i,10155408328590608586,12855032914495974864,131072 /prefetch:2
  2⤵
  PID:4500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2084 --field-trial-handle=1828,i,10155408328590608586,12855032914495974864,131072 /prefetch:8
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2876 --field-trial-handle=1828,i,10155408328590608586,12855032914495974864,131072 /prefetch:1
  2⤵
  PID:928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2868 --field-trial-handle=1828,i,10155408328590608586,12855032914495974864,131072 /prefetch:1
  2⤵
  PID:1164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4332 --field-trial-handle=1828,i,10155408328590608586,12855032914495974864,131072 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4572 --field-trial-handle=1828,i,10155408328590608586,12855032914495974864,131072 /prefetch:8
  2⤵
  PID:1284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4564 --field-trial-handle=1828,i,10155408328590608586,12855032914495974864,131072 /prefetch:8
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4880 --field-trial-handle=1828,i,10155408328590608586,12855032914495974864,131072 /prefetch:8
  2⤵
  PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4988 --field-trial-handle=1828,i,10155408328590608586,12855032914495974864,131072 /prefetch:8
  2⤵
  PID:532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4580 --field-trial-handle=1828,i,10155408328590608586,12855032914495974864,131072 /prefetch:8
  2⤵
  PID:4788

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffb7b769758,0x7ffb7b769768,0x7ffb7b769778
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1716,i,14633335637950542996,8150561686126808176,131072 /prefetch:2
  2⤵
  PID:4040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1996 --field-trial-handle=1716,i,14633335637950542996,8150561686126808176,131072 /prefetch:8
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2056 --field-trial-handle=1716,i,14633335637950542996,8150561686126808176,131072 /prefetch:8
  2⤵
  PID:3036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2832 --field-trial-handle=1716,i,14633335637950542996,8150561686126808176,131072 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2824 --field-trial-handle=1716,i,14633335637950542996,8150561686126808176,131072 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4376 --field-trial-handle=1716,i,14633335637950542996,8150561686126808176,131072 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4572 --field-trial-handle=1716,i,14633335637950542996,8150561686126808176,131072 /prefetch:8
  2⤵
  PID:4620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4508 --field-trial-handle=1716,i,14633335637950542996,8150561686126808176,131072 /prefetch:8
  2⤵
  PID:2416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4660 --field-trial-handle=1716,i,14633335637950542996,8150561686126808176,131072 /prefetch:8
  2⤵
  PID:4200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 --field-trial-handle=1716,i,14633335637950542996,8150561686126808176,131072 /prefetch:8
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4660 --field-trial-handle=1716,i,14633335637950542996,8150561686126808176,131072 /prefetch:8
  2⤵
  PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2028 --field-trial-handle=1716,i,14633335637950542996,8150561686126808176,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1868

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4784

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
ab2423c031601b9c49b58b597eb35aca

SHA1
3de5b434e3dbc53e79afaf443534be88246f774a

SHA256
dcaa0634d01dd3d54e098bc3f97007b01f7ca484792a5bcfed9151e6d7abbe25

SHA512
2ad72a4fc17dbd1702ecb55d926c4b262b28a5d9cc2bff8a40921d94c8379c714af3eb174a19dc9c7e0a4fd4554b8f0e277c26fb0958d505c3ab96c1732bd255

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
56KB

MD5
c26ed30e7d5ab440480838636efc41db

SHA1
c66e0d00b56abebfb60d2fcc5cf85ad31a0d6591

SHA256
6a3c5c4a8e57f77ecc22078fbf603ecc31fb82d429bd87b7b4b9261447092aef

SHA512
96cdb78bca3e01d4513c31661987e5646e6a8ff24708918aa0d66dfa3ca5d98af4862c9f38c4f41f933c345d2d3adfb1d34d1430b33f45f916f41a9872a030df

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\metadata

Filesize
114B

MD5
2c4882342c0217fd0332cf9bd7d65959

SHA1
566993580d8d294953e9e3cc1bd5e64eddf22b04

SHA256
bec18b103be9e0ee68976ba2fab6ad7e0a5cc621658859b51ebf2fac77256d84

SHA512
2d45825a87405575694ef743a3b97c3a8b8b949400fad67e9fbf9c11db4ba15bc960e60657195dde53d0ee5f06f24a85b345a913965ab8d7b221aff393d187a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\reports\b6253831-c384-46b7-a231-4ea4b9bfb83a.dmp

Filesize
1.2MB

MD5
fac5c38b35a3f52ffeb6cdb9d437f644

SHA1
a2cfded27f567260e4f8612dfadca7f9eb300265

SHA256
65a2987924f8b5ec8490279238f9442d2e2577a34a1bbaad3050d27dab9aed21

SHA512
593e4bba57b28831f8658e4f98c1d80a020a77738ad4caf6c916ebc0dfda1a60d0243028ebd1444531286c8009909cab684e1894fbc117fcbb9911241d0465bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
bdcee9e93d2bf010f78325957317455f

SHA1
1075d79d0d7aedc8419abafc7f0a374dee639788

SHA256
b73cdbbd8ec9fb2cbca03301af585e78e3a53ab5ef3f2ece8934d01b70d5749c

SHA512
86e1211141b5ea675d298791b8fa0e0420c53f7b74b287463156d0271d00ce657e028b9556aafbe345dcf4acafad3e6b518a776501ec75c3e337a4272b735c01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
7bba1efa958b34a550877c3585b4f86c

SHA1
e6cfc2316a09187f6cdf20d8cb4e170fb8a4db98

SHA256
7390946943bde7327bfb685ce51b4e0a7116a2316badf127c25889ac7b05c9a9

SHA512
5db318c889c45757b9f8492d2960cfbe1ac8fedb53da235c0bb903eea19fb3b95b55837b60f40faa60d81c696f143053ef051f080fe6d98100d1b398382fc111

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
e962ec203d3842e47e86ebbbfb104d37

SHA1
8056f735114d690ef130cddf2060662b0471c317

SHA256
8c00bf5e049a79af0364cf0b22a7f2385883d1701b3c3841625b85e4da99c3b0

SHA512
5b4d98d94ff1b634e804b3e3807806ef81ed58834b6527fdcb68112a24eb932e0d3ff67bec57f9b0ba4ee7cca9d157cb5ec48c0b7474ff3ee463c9a358cf9480

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
9192956e49ff289d76213f296eb1b96e

SHA1
28751851166043ade932d4f1dcf36e128af52e07

SHA256
daf1b41dd9b1fb1515c990d4d627a605b8e410165a9cff0c5d1491c600f17d54

SHA512
86d3f444ff1cc4fdb3e0bbba40ea4c96e7e82ea345aedb6a6793e2450138da6b7caf77a64025d63e8df6b962d4166e7f6f8bf524a47e573d48c3690794681e00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
37KB

MD5
2c97525a9475d01d30e048d5049d5e11

SHA1
16a9447ba2e02ad75a56baf283173200d7e597c6

SHA256
9071a4a9f1a6cfab92f1ed8223f242e6c3f924f9fe8a3d37210d0f993f35a1b0

SHA512
85cb3e0f339f9da47d4fdf266e4be2ef3dc95321ba00c7a62bd97f9ba1656ab38b69621e96a9a0c46569f20ee78ef6d12bd8d087416161b82cb8f9b341ccaba3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
58KB

MD5
fd260693cc675c611743b0211a32cfda

SHA1
217a28596306e1738bc53fc2d49b1338e46fef64

SHA256
4d614d69036285da97a42eab9bf618774ffdda39338e10cec94fe6b3084171e1

SHA512
c6983ae9447c62719b7418ab6c38f1f00f4529d0ff044a07377dde752cc0058da05a1e6b571866ba477fb8aed670ccfc146d8507919a97067669c6279126955e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
314B

MD5
d0daf4e0ce7e8e249d5d465d5706f237

SHA1
d3acae29795e060681b872c05b6e73f06986327d

SHA256
a24f1fd9ca2cbcbd12c7fde3f1da1274e18f71a8ef7da2dc1292c5953a930f11

SHA512
eda5b2e69839542b159fd40b7eac7f6afec106532cfa717142a688d41736366e8538790ca609c8599022f4d6a865351ab758c50cf9a5b74ffdf6712bbad0cf5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG

Filesize
327B

MD5
55c2c5d8084667afce8a53fcc276e99d

SHA1
86ef81f7ec53962d168d82ce038fe93cced227e4

SHA256
b374e5930fa5933c555513bd3cccb03f2c30e0c0f9f550606a9dc1387abd29c7

SHA512
a3473f67d49ad0eba0c4c0b6e33c1cb8049dad6543ac42719470c9aa9e479988b7f4df699d45edc39e42deccfff2e8ed9c27261058a461853862ea1769665c56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
636e07bb81c5a3fcd8c111a2773afe67

SHA1
d11a60a332bb192438593240ee0df2e0ba154ebb

SHA256
8e5b9e13bc4c473abcc23274357810fe60d8d222d197b187c005d67889d65fb4

SHA512
b81f3b4cc0d2856ae166d247e1afcec6a6abb52fc2166505070f58e9f25d94cb527157f6003d5bb452d0768b871600741795e64e016ff511111bef38d4bb21c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
866B

MD5
6aed42724d43f0df04bc63fd93f7e4ba

SHA1
afd93409264d493b0df4b81666dd39c23c24aa05

SHA256
02daa1fda2662eaba5896ed1bed6006ec5d48d74fe0c9efa0517b5f6c77a1894

SHA512
b43d3d8ef050c6a26f1bba8ecb67c9cda8240a00542a8d5ea81720dc0831b86321c81befab8fc35d438ec4cd7a5b847fe21a012affb16aced7fa8cf44c1ce74a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
c5544acdd88508a0a62de3f051204398

SHA1
c60cd377b89f7a6ac2c9ccb370e8b9063ff0c50f

SHA256
ab919014a499198e5df047daa27c2e7fef77b4f99016b727e041ecf1a0a2c7c4

SHA512
2c1d6f62ce49a60b9bd84a14d2a95cc32ac7b8f084d55c523376ffacdc9e24dfbf48ae78a043717b205384c59c82f9de497cdbfc7a035ac74d8f14140b6b00be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
089f5695e578bff8e0eb6031b3de57a3

SHA1
88b1c34e24c94d1951448131b64d2dc54807161c

SHA256
ba151a936245613b0b2aa7901c925b0b82d543488bbe62e450584e811cad9bdb

SHA512
0915fceef5fef3667af9fcabc5c9cf6a8955aa240825a2ad1690b94459f8a1d7285681fdf752b64e1c57ad56f428b0ba538917631204d603cdc86e17e72e27df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
bc8a10a05a6bad0faa6318160991f969

SHA1
eff83daf096afd1b60949801c6df9822e085801e

SHA256
852157b8c2514bb1a510c1324f04f4e32241f5134e73492e081d3a166d791909

SHA512
56b21cbab7c4b4492ae44ce72a99fea1523fde61417285aaa40d44727ad628464b9a015dae518f7c4e311f22e5ff1c7f464954dfdef74b49fcc1d418ea7a38db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ddacdee83ff84e28c02d59c4c30ef6f4

SHA1
443312663dffa00ba1b6e85baa0d94c317a4f5c3

SHA256
f1ecdab2b0236b6b5379e300625660b8a6b99b258e156dab7cc565091bac3b64

SHA512
93bbd4e76af772ab5e766bfa3dabc69b6e46634826058441c2934c1b24533b9d84b3cf220df536b04675828a1b2c21412edc84eee23ae5f8f03bf65cfc82abb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
9f19b25542e080a698954e9f52584557

SHA1
b54067610050b06106d06d30440aa0ae31ddf031

SHA256
68d8c7b8b65250208b1dc3827f1d63797038d988b02fbfcd66556dc6705369f8

SHA512
2e7e2e26ea2426fa33698b87b391c9efaa66159e7a65a2e0ecb61097dd8dc7605867f706c6cf0422652710e73c2394faf4a5a8cbe5922d541f861ec2a2bcb406

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

Filesize
194B

MD5
d7d9437445aa960dcea52ffe772822dc

SHA1
c2bbf4ac0732d905d998c4f645fd60f95a675d02

SHA256
4ff49903bec1197017a35995d5c5fc703caf9d496467345d783f754b723d21c1

SHA512
335eb1ba85670550ed1e1e4e14ea4b5d14f8306125bf147a42de4def5e5f75f14c422b014414030cf30378c04f748ac875cf056adda196511a0b057b3598fe9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

Filesize
317B

MD5
1c3ec52097f31f130ae9b15891253dba

SHA1
7ede2a966c677a43c73a77a30c166760914a024b

SHA256
4f9eb1975b81faf57510f11e6e1b6367bf6089438c3f60c4877bd0bb25c88719

SHA512
3abb48bfe92fc23b62c866742f262af2aae88173e43e4b2f1da02c328f690b9a4b703a5fa52ad50a85d56a50ea1b71502c7d3b37853cbab477264ba8a3afa167

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13350676442672395

Filesize
2KB

MD5
5d23d7e8d4a0aaffa1ce77efa0d33b19

SHA1
51c32969f1407417385662ee4a7efadbc5f3ee14

SHA256
33451132627bfc39b0d8141ed5d3ead6edec9772c4dfac25c5da46ec366be0a4

SHA512
b2b9c7b13c53cf6989833c530f162dde37671e9a2eab2dcd040255ce83faf6f55a6479291f86c249544e36e12bc1e8c03f7944511d104f002eade25b6fe54d54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
348B

MD5
3d6191124f02d73345b41356603545e4

SHA1
751802b0fc9ad3150d4b1aae036743b0436867e9

SHA256
3aad2b567d6c15eee58b4da41eed7ff3588245603e9b3f5a68f5f62bc83488da

SHA512
00e2a3221269c4316097176bd95ba8fbd119ed3b67d44447e92f15ec7c420bd40734d19628635ebede5f1ad443b097368c1fa8a00e3a6a3bd662667cf4debf17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log

Filesize
8KB

MD5
0ecbb21142747f6f597bf11b6cb45ab2

SHA1
9ae684390e09f5132282e15c86d6cd71f6deef70

SHA256
3a17ef057af42da442d121e737f2f6fda5711c2e6ce59437ae93a5c4afb64348

SHA512
6ea6895b399d69e126a8ee838286b7b65ad073ad508183fb503948014ab4a6c53b1a6b51a055d6a54caf01af41342b7b6d7c2473c69d521987994b0cbe3c8828

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
acb4b42bd65b82c01f3a81a60b25343b

SHA1
a8da6db42c18ac1d02dff0ca3a511cdf5b2d39eb

SHA256
af146a1637e0acb29d96158ae247bdcbd806f03278a2e3d4e52d21f591690338

SHA512
8964267d3d0f9f4d4eae6f50c168909a1a483565e40ab2a99aa3481185b7b74febddfc5c1299629e1ffdd11eb8381f1374e59fa071dcbdb639cb5b3b22554b38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

Filesize
843B

MD5
0103e3c34fb4f550504206316d5636f8

SHA1
1a141c24243007f96e7183f83a2f7c83e603b309

SHA256
41e37f2edaa7909d3592deb3606b1857bf3cec4fb5d56f227d86c15ce32b322e

SHA512
c05f705c4280f86696c9aac76cee3cfe22ae64e082a2785913ec5d801cfe55c9ffdbe6d73ba903747342ada7c19a2c5c1d76c312f6ced04ec49817f97eb0eb00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
317B

MD5
c2cb5bd14fb537a032d66ebd02017bde

SHA1
f21c60d3f3e0bc9222759779504290eab88fdcd5

SHA256
4a2dfa425f2f4248ee3fb1ba3644f2fd54f3962b40fa996b0cc4a5463522b00d

SHA512
6b4f24dc1da1e332079ec85c842ab528e560441679d0004cb3bff1032a38b1e45b5800dbc247866f0f3a217d27334c862d70f1b584b987b2681fb21182e83c06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
889B

MD5
2abf8703c3c1110f66ab7c97e13644a9

SHA1
e8a5050abdd35a45f3fb1c441e5cc9b528eb9505

SHA256
00cac629a04bfdad14a8318de009d31ddd18025c53dc011248446cae04b23732

SHA512
b82ee6fc4d368999cf8f76c48084c846f5828c374d414314c01aa51d660b73e226aba08d57a4c8d780630ede1ddb303805d76f55ef26e9432cc7160da0e6c387

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
335B

MD5
6bb6ae46bc77e5873be60c59e47d5bf1

SHA1
31163f157d54e513615dda57a8c8a9427aa39fee

SHA256
6a8076cca7f463895c7498e0ab9c5318ff5caaa2cb62645b06791b68330264bf

SHA512
39925ba364e41ec5634305e7bca81753d62f439d94e990167386266af913c1c24561ee1e02546e875e04fbddc42e822273a4cd4e6690b5115b30c5718f5ba1be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
9a9c88c9fc49c2d00a4bbe5065ebc367

SHA1
21075e1602656f55efe7939be1fb44bb2883e99e

SHA256
3e41fbdc91f3f25f4024c6b0f865fc082c1c80dd4d9ff4b5adf0b3811ff07adb

SHA512
58f55f33bda94aa7888d041ab4b0cac47cc9f89db0367cfa83ccb2d10e105645e56b38d92dd5f50dc4b6f42d08270f633b90d0975214b3dc0077845a3d6c5a5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
e092cace89e1eb356aa92489dd2a2a0a

SHA1
e2df5932dfb10f78d14cb64e1ce7b23df4e125d6

SHA256
4e81c3434e7b62e8f2a6de176ad26431dd82d5d00b36dcc1b14c1db0648b146c

SHA512
8b4cc9b45d88dd9ac1b6049ba0d152e27c743fa06e7ba02914c06370d3b635bdf27fced1f8a1e7cb368b2279484d10ef520daf59d2da8ea698dd7d26aaacfe81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

Filesize
4.0MB

MD5
e7eadbc561c80ae0cc4c338df640df81

SHA1
f435cc769d5e5944783d5f864861bfe565a9da9e

SHA256
31b6494fdf7f7fbbea2fa1d283e4b790052ff617bff22915c15733d79ef4c76c

SHA512
eff0030385d4e70e29620457d5f914799e8c61870f69766e2ce3188ed733abb17cfc7276f877c38d986022ddcfadb34636898453fe00d882559378b8ac931e9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Browser

Filesize
106B

MD5
de9ef0c5bcc012a3a1131988dee272d8

SHA1
fa9ccbdc969ac9e1474fce773234b28d50951cd8

SHA256
3615498fbef408a96bf30e01c318dac2d5451b054998119080e7faac5995f590

SHA512
cea946ebeadfe6be65e33edff6c68953a84ec2e2410884e12f406cac1e6c8a0793180433a7ef7ce097b24ea78a1fdbb4e3b3d9cdf1a827ab6ff5605da3691724

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
2003dd01e9e886259086e368ba098b38

SHA1
fe54cb652bcddf1b66f6d102e915b0fe5a4ee8eb

SHA256
18110deb1f4afac312dddc2c155d731d935945078cb36d20819a7a50d1386e60

SHA512
2719c279dfd996d20cea939b3634949f376689ea8f26d4b7a2e216da5b18fcca1140e940d497a867101900cd71d58211d4f7ea94f0a05e12f2bfbaad69e24f84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
f732dbed9289177d15e236d0f8f2ddd3

SHA1
53f822af51b014bc3d4b575865d9c3ef0e4debde

SHA256
2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93

SHA512
b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_968_WZIGROTDJOIYWSHK

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit