kinsing | cb75f1b1356e87ffc64352bbcd47fd05431cdccfedf672499c48fdd953b5cd4b

Analysis

max time kernel
1049s
max time network
1051s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2024 17:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

unblocker.pdf
Size

352KB
MD5

58e1544e10d0f339b5f50eaf63a62e6e
SHA1

812a8a29a81aecfecba8dd9ad382ae5e00abf92c
SHA256

cb75f1b1356e87ffc64352bbcd47fd05431cdccfedf672499c48fdd953b5cd4b
SHA512

85f79f5f78656477134914236b53d076b8c5e68d3e5dba6b7b5c735360ce140b7cd3d2cf6cd0e83c2e07c7676fb36a5396e7019d54b1142b3d98042e4bcac020
SSDEEP

6144:zISwrqYcmAxHG4R8Gb3fQOf/up4ve66vGrH+pDx4R9EkZxKiE7QE93e1ZYnx3C1E:zISwrZAxHNuxmv3rHODxWhKd73hnxy1E

Score

10^/10

kinsing loader

Malware Config

Signatures

Kinsing
Kinsing is a loader written in Golang.
loader kinsing

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AcroRd32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

AcroRd32.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133506786956091733"	chrome.exe

Suspicious behavior: EnumeratesProcesses 24 IoCs

Processes:

chrome.exeAcroRd32.exechrome.exe

pid	process
2368	chrome.exe
2368	chrome.exe
1412	AcroRd32.exe
1412	AcroRd32.exe
1412	AcroRd32.exe
1412	AcroRd32.exe
1412	AcroRd32.exe
1412	AcroRd32.exe
1412	AcroRd32.exe
1412	AcroRd32.exe
1412	AcroRd32.exe
1412	AcroRd32.exe
1412	AcroRd32.exe
1412	AcroRd32.exe
1412	AcroRd32.exe
1412	AcroRd32.exe
1412	AcroRd32.exe
1412	AcroRd32.exe
1412	AcroRd32.exe
1412	AcroRd32.exe
1412	AcroRd32.exe
1412	AcroRd32.exe
216	chrome.exe
216	chrome.exe

Suspicious behavior: LoadsDriver 2 IoCs

Processes:

pid process

652
652

pid	process
652
652

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

chrome.exe

pid	process
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe
Token: SeShutdownPrivilege	2368	chrome.exe
Token: SeCreatePagefilePrivilege	2368	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

Processes:

AcroRd32.exechrome.exe

pid	process
1412	AcroRd32.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe
2368	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

AcroRd32.exe

pid process

1412 AcroRd32.exe
1412 AcroRd32.exe
1412 AcroRd32.exe
1412 AcroRd32.exe
1412 AcroRd32.exe
1412 AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

AcroRd32.exeRdrCEF.exe

description	pid	process	target process
PID 1412 wrote to memory of 2556	1412	AcroRd32.exe	RdrCEF.exe
PID 1412 wrote to memory of 2556	1412	AcroRd32.exe	RdrCEF.exe
PID 1412 wrote to memory of 2556	1412	AcroRd32.exe	RdrCEF.exe
PID 2556 wrote to memory of 1100	2556	RdrCEF.exe	RdrCEF.exe
PID 2556 wrote to memory of 1100	2556	RdrCEF.exe	RdrCEF.exe
PID 2556 wrote to memory of 1100	2556	RdrCEF.exe	RdrCEF.exe
PID 2556 wrote to memory of 1100	2556	RdrCEF.exe	RdrCEF.exe
PID 2556 wrote to memory of 1100	2556	RdrCEF.exe	RdrCEF.exe
PID 2556 wrote to memory of 1100	2556	RdrCEF.exe	RdrCEF.exe
PID 2556 wrote to memory of 1100	2556	RdrCEF.exe	RdrCEF.exe
PID 2556 wrote to memory of 1100	2556	RdrCEF.exe	RdrCEF.exe
PID 2556 wrote to memory of 1100	2556	RdrCEF.exe	RdrCEF.exe
PID 2556 wrote to memory of 1100	2556	RdrCEF.exe	RdrCEF.exe
PID 2556 wrote to memory of 1100	2556	RdrCEF.exe	RdrCEF.exe
PID 2556 wrote to memory of 1100	2556	RdrCEF.exe	RdrCEF.exe
PID 2556 wrote to memory of 1100	2556	RdrCEF.exe	RdrCEF.exe
PID 2556 wrote to memory of 1100	2556	RdrCEF.exe	RdrCEF.exe
PID 2556 wrote to memory of 1100	2556	RdrCEF.exe	RdrCEF.exe
PID 2556 wrote to memory of 1100	2556	RdrCEF.exe	RdrCEF.exe
PID 2556 wrote to memory of 1100	2556	RdrCEF.exe	RdrCEF.exe
PID 2556 wrote to memory of 1100	2556	RdrCEF.exe	RdrCEF.exe
PID 2556 wrote to memory of 1100	2556	RdrCEF.exe	RdrCEF.exe
PID 2556 wrote to memory of 1100	2556	RdrCEF.exe	RdrCEF.exe
PID 2556 wrote to memory of 1100	2556	RdrCEF.exe	RdrCEF.exe
PID 2556 wrote to memory of 1100	2556	RdrCEF.exe	RdrCEF.exe
PID 2556 wrote to memory of 1100	2556	RdrCEF.exe	RdrCEF.exe
PID 2556 wrote to memory of 1100	2556	RdrCEF.exe	RdrCEF.exe
PID 2556 wrote to memory of 1100	2556	RdrCEF.exe	RdrCEF.exe
PID 2556 wrote to memory of 1100	2556	RdrCEF.exe	RdrCEF.exe
PID 2556 wrote to memory of 1100	2556	RdrCEF.exe	RdrCEF.exe
PID 2556 wrote to memory of 1100	2556	RdrCEF.exe	RdrCEF.exe
PID 2556 wrote to memory of 1100	2556	RdrCEF.exe	RdrCEF.exe
PID 2556 wrote to memory of 1100	2556	RdrCEF.exe	RdrCEF.exe
PID 2556 wrote to memory of 1100	2556	RdrCEF.exe	RdrCEF.exe
PID 2556 wrote to memory of 1100	2556	RdrCEF.exe	RdrCEF.exe
PID 2556 wrote to memory of 1100	2556	RdrCEF.exe	RdrCEF.exe
PID 2556 wrote to memory of 1100	2556	RdrCEF.exe	RdrCEF.exe
PID 2556 wrote to memory of 1100	2556	RdrCEF.exe	RdrCEF.exe
PID 2556 wrote to memory of 1100	2556	RdrCEF.exe	RdrCEF.exe
PID 2556 wrote to memory of 1100	2556	RdrCEF.exe	RdrCEF.exe
PID 2556 wrote to memory of 1100	2556	RdrCEF.exe	RdrCEF.exe
PID 2556 wrote to memory of 1100	2556	RdrCEF.exe	RdrCEF.exe
PID 2556 wrote to memory of 1100	2556	RdrCEF.exe	RdrCEF.exe
PID 2556 wrote to memory of 1100	2556	RdrCEF.exe	RdrCEF.exe
PID 2556 wrote to memory of 4076	2556	RdrCEF.exe	RdrCEF.exe
PID 2556 wrote to memory of 4076	2556	RdrCEF.exe	RdrCEF.exe
PID 2556 wrote to memory of 4076	2556	RdrCEF.exe	RdrCEF.exe
PID 2556 wrote to memory of 4076	2556	RdrCEF.exe	RdrCEF.exe
PID 2556 wrote to memory of 4076	2556	RdrCEF.exe	RdrCEF.exe
PID 2556 wrote to memory of 4076	2556	RdrCEF.exe	RdrCEF.exe
PID 2556 wrote to memory of 4076	2556	RdrCEF.exe	RdrCEF.exe
PID 2556 wrote to memory of 4076	2556	RdrCEF.exe	RdrCEF.exe
PID 2556 wrote to memory of 4076	2556	RdrCEF.exe	RdrCEF.exe
PID 2556 wrote to memory of 4076	2556	RdrCEF.exe	RdrCEF.exe
PID 2556 wrote to memory of 4076	2556	RdrCEF.exe	RdrCEF.exe
PID 2556 wrote to memory of 4076	2556	RdrCEF.exe	RdrCEF.exe
PID 2556 wrote to memory of 4076	2556	RdrCEF.exe	RdrCEF.exe
PID 2556 wrote to memory of 4076	2556	RdrCEF.exe	RdrCEF.exe
PID 2556 wrote to memory of 4076	2556	RdrCEF.exe	RdrCEF.exe
PID 2556 wrote to memory of 4076	2556	RdrCEF.exe	RdrCEF.exe
PID 2556 wrote to memory of 4076	2556	RdrCEF.exe	RdrCEF.exe
PID 2556 wrote to memory of 4076	2556	RdrCEF.exe	RdrCEF.exe
PID 2556 wrote to memory of 4076	2556	RdrCEF.exe	RdrCEF.exe
PID 2556 wrote to memory of 4076	2556	RdrCEF.exe	RdrCEF.exe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\unblocker.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1412
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2556
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=08AF403092770809FF03A7F6117571C4 --mojo-platform-channel-handle=1732 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1100
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=07D33E8070198C89FA4595B2EBA9295E --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=07D33E8070198C89FA4595B2EBA9295E --renderer-client-id=2 --mojo-platform-channel-handle=1744 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4076
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=206B6C7A4C29A2811AA2D90D9E28C024 --mojo-platform-channel-handle=2288 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4752
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=EE524DB5144038E8AEC35F0E6E3BE705 --mojo-platform-channel-handle=2344 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1888
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=5A08109844F6958E4E3A36B56820ED88 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=5A08109844F6958E4E3A36B56820ED88 --renderer-client-id=6 --mojo-platform-channel-handle=2424 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2660
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=933688C01B45FD5AF65CFDD96319F85D --mojo-platform-channel-handle=2708 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4260

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff86cb59758,0x7ff86cb59768,0x7ff86cb59778
  2⤵
  PID:4356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1952 --field-trial-handle=1896,i,566326768685499131,11511361153576709922,131072 /prefetch:8
  2⤵
  PID:2356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2908 --field-trial-handle=1896,i,566326768685499131,11511361153576709922,131072 /prefetch:1
  2⤵
  PID:2532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2900 --field-trial-handle=1896,i,566326768685499131,11511361153576709922,131072 /prefetch:1
  2⤵
  PID:860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1896,i,566326768685499131,11511361153576709922,131072 /prefetch:8
  2⤵
  PID:4136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1896,i,566326768685499131,11511361153576709922,131072 /prefetch:2
  2⤵
  PID:3920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4672 --field-trial-handle=1896,i,566326768685499131,11511361153576709922,131072 /prefetch:1
  2⤵
  PID:3880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4812 --field-trial-handle=1896,i,566326768685499131,11511361153576709922,131072 /prefetch:8
  2⤵
  PID:1604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4976 --field-trial-handle=1896,i,566326768685499131,11511361153576709922,131072 /prefetch:8
  2⤵
  PID:5172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4764 --field-trial-handle=1896,i,566326768685499131,11511361153576709922,131072 /prefetch:8
  2⤵
  PID:5384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5348 --field-trial-handle=1896,i,566326768685499131,11511361153576709922,131072 /prefetch:8
  2⤵
  PID:5484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 --field-trial-handle=1896,i,566326768685499131,11511361153576709922,131072 /prefetch:8
  2⤵
  PID:5524
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:5732
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x238,0x23c,0x240,0x214,0x244,0x7ff655c47688,0x7ff655c47698,0x7ff655c476a8
    3⤵
    PID:5764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5432 --field-trial-handle=1896,i,566326768685499131,11511361153576709922,131072 /prefetch:1
  2⤵
  PID:5420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2340 --field-trial-handle=1896,i,566326768685499131,11511361153576709922,131072 /prefetch:1
  2⤵
  PID:6028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5564 --field-trial-handle=1896,i,566326768685499131,11511361153576709922,131072 /prefetch:1
  2⤵
  PID:6096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4088 --field-trial-handle=1896,i,566326768685499131,11511361153576709922,131072 /prefetch:8
  2⤵
  PID:6120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5784 --field-trial-handle=1896,i,566326768685499131,11511361153576709922,131072 /prefetch:8
  2⤵
  PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2968 --field-trial-handle=1896,i,566326768685499131,11511361153576709922,131072 /prefetch:8
  2⤵
  PID:5408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=2368 --field-trial-handle=1896,i,566326768685499131,11511361153576709922,131072 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3748 --field-trial-handle=1896,i,566326768685499131,11511361153576709922,131072 /prefetch:1
  2⤵
  PID:3292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5224 --field-trial-handle=1896,i,566326768685499131,11511361153576709922,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4716 --field-trial-handle=1896,i,566326768685499131,11511361153576709922,131072 /prefetch:1
  2⤵
  PID:5492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5272 --field-trial-handle=1896,i,566326768685499131,11511361153576709922,131072 /prefetch:1
  2⤵
  PID:5196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5160 --field-trial-handle=1896,i,566326768685499131,11511361153576709922,131072 /prefetch:8
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5980 --field-trial-handle=1896,i,566326768685499131,11511361153576709922,131072 /prefetch:8
  2⤵
  PID:3260

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1604

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x418 0x2ec
1⤵
PID:944

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
6bd79841ccad916b81b1badabb336476

SHA1
670a8d79842c991dff72c6216fab7f8ec6324b08

SHA256
71c1f4e61e5f1caa7222d5da2886b5de8740b35f1c7bb758a6ba1fe5e6ffd32b

SHA512
b96769089a34d2ea539d70ff8e4ea142db3ea7d4f7c34142730a7f34c3c265eea52eb93303609dfa204997d5a61778f1eacfb093c8b5a362467bdced576a7153

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
36KB

MD5
b30d3becc8731792523d599d949e63f5

SHA1
19350257e42d7aee17fb3bf139a9d3adb330fad4

SHA256
b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

SHA512
523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
471B

MD5
d7ed2375603b9d9d755c9b9cdaa10d04

SHA1
d6b213ac0d614b95b4b95e118fae2fd7cd3d49f0

SHA256
3e02bbbe110c81de6e341560176b6e7c5063cf0b90d3e4dddb3e6bfebbd9a8f5

SHA512
82a48a6cf85ff8d49f017303a9d9379105f824d324c7cda3efdb7b42e795e66dd80c0e6810759aa17670e59ec356b809f8457dc359a09f7f03bef87d6b3c2665

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
400B

MD5
3db09a00c98eeca52025a576bd46f19f

SHA1
a600374406f4b5d00ce4ff6ea53d9da81b5dc2d4

SHA256
eda77dad74a0d341647892d3e671dfb2fe21fc240088b68ecf0ac69c50012316

SHA512
d45c58d56053c9f946fabf3273af521df55dc98da84ae5c6c2bd4f759a1fcf035250b42d1e16882032c41906db81a890f53b7d6bb334db1dc2f894cdfedeb8c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
40KB

MD5
1128652e9d55dcfc30d11ce65dbfc490

SHA1
c3dc05f00453708162853a9e6083a1362cc0fc26

SHA256
b189ff1f576a3672b67406791468936b4b5070778957ba3060a7141200231e4e

SHA512
75e611ba64a983b85b314b145a6d776ed8c786f62126539f6da3c1638bf7e566c11daf18d1811b07656de47ff8b50637520cf719a2cacc77a9d27393fc08453b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000040

Filesize
16KB

MD5
72b36dbce8d90c0647367105fc0c895a

SHA1
8b2a09222f7cb3ba7c6928208793fb3e8a1e53fc

SHA256
c477c0f6ae247efdad2c9f87884a622ae134494ca18141189cca8e8e090b238c

SHA512
d60cc54b969a272446c45d03ce496a03f5474f2139ad6edf354d13a605270efe784089eb08c6dfff1ab2a3c429392f76a4bb4a2d05b55462719d8ce814b4b7f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
a790d0e8103c0c94ca374c1824b28d5b

SHA1
36943766fa75e5d1e2235c443d382967f03f83bc

SHA256
61fc26151facff9a7f7154f7388ffa290ab931a5efc88aa946f8adfc1e76ef3b

SHA512
4c2418e11c2ff6cf75ef212de326ea7f4dacd041268f68630f44dce1239b6d8ca692e577ea8801fbf5d5665d825dea92e06d9a3397e5601099ef0e8b4410e32c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d9822edbd6196f75898025866bcbb086

SHA1
72d748bac0defa37ea689f94e86ad441899c59fd

SHA256
aac3f0fa752a264a7e1b8907835e64270bf4374caca8750f6cfe474c3b89a863

SHA512
f7a79d767ea2922df50474c6b417f31430682d3c96b7889ca92cd7d198760e884aa7633779cd83a5f91e2a197e4df14f2e8453ef974bc4f8860718e0a65394ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\40db8301-73aa-4c3f-a7b7-2914264ed7e7.tmp

Filesize
3KB

MD5
b90ebf1fed42c197f43414c944d0337e

SHA1
7f578d33455b97caf2a82928cae19b7fb3bd1685

SHA256
3bbf5fc896969c95e1200b3631a94c29ae080be8d82d8d0f6ec15aa7b37a97e8

SHA512
1eee9ae4f039491fbb94fdf7b1e7408c617cb22ae85ef855c7792bd0a0a66f63ee5e37f98815b9e2fc14b90ffb20001c8c05c2016e1a81cc904caf0d961e8b61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
9f9ca35720ca967da99092d37b72b2d2

SHA1
4744addb5ec175b3b9c59fe5ed16dc0486c1aaf5

SHA256
b61c67bd94d790e1a074cf36cdfe046a36fc94dde8d78e771ea53471ee46faaa

SHA512
01535a35153a2686364579100e51637cfc315440b9e84d5ddaddf9aee80cb5fe7e953a3fb72d5ddcbd14a3cff50fee32b0484f216e05eb4ab983d1f2a5903561

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
58f7d7309383ff19f1c95257371b6a7e

SHA1
ad63a6d0628fe5ef573626d271d623b5cdeb4d7c

SHA256
767e8a58d73ce8f6a2ba099fced2673d42fe08dd5bb30c126c503d6385ad2af2

SHA512
4c09d2dacb3a281f719d013fabab7c6c92866aa96f9af98562219e5b0b7dde44975f5e7e1e10243edad1c6f488e0f2a3d48e6862c2679378ff5a4ac0b3fc662a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
18732a1e70990e48c4b8bf55f3ec9b6b

SHA1
9e3c30a6cafea1eea22a54932c083be74b10c1e5

SHA256
96e657cf40655a8384889ec51199024e4a4368d830784dc87fb7377ddf797dc6

SHA512
36f8b5b8816ecc1d18185c517b3ad54d0da7b553449f8350d24626a2d0b804b2781b1cbc11b197bfa242046ae3845c5da41cb7b585804942a7bc915f2e7e6b61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
ca3729490914aa8964c516c5399b120f

SHA1
d4617a0c14023a483970924e233dbfba6f5ad003

SHA256
067bcdbddbf3a5fa96d7bdf96dd2db8755c211056bbb56fa9fd5d345a1e84d6a

SHA512
90f2afd6138fdad3294adca40a61e81583f46598652df5b9af75949eb3fa18a49d06fb30234be007046e402ff74a8816be133d29305fb209e44d37b7ef3f2492

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
b0458322ad2065dbdb7d1ec70ce5a831

SHA1
963e1c13ad948dd01bee1438507b4aad32a51b06

SHA256
bd1d2dfcee26c98422e7a8cb7587d30788600bb77657d9c97a65b47ffe907929

SHA512
c7acfbd39f5a298e1f461044167ea52c54e24200e71da70a96165bd5181a533161121766e280503b170817bcc2bb81b163a28cf28d6a1818dea368fdc1863503

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
9849240a9a4fce4209e22020205a24b8

SHA1
55d5b4bd39ac57c4722d7f6ea95724005f73107d

SHA256
45ef0ac9e912329ef3f255a73454881eb44dadd48f77bec8cb673890d5bb5442

SHA512
2c5f271cbd242171a592d37d420db0efbbc5a0d5a26a3039052e3775cf1d9217727629231fbb2ce4721a8e712d27fa5acea4ad50514db21b05f0d70e053f68d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
981dee60419b8a87a157dcb133fe15cf

SHA1
7a6645beea3670a0152f75c6004b12716beeffe0

SHA256
5531d40daa3f80a04faa6051ecd74c38db70f332d366cd948169b776fce6879d

SHA512
69adb9968f54f989d29375919535006d25b31a9e229ebbeccbeebe70ef79c22d7c2ead2d78bd375fa3e44563199a39e4484a5c96b4467154ab7755a68b421150

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
9f6856c7c3c1a4a01fda348b302e9dd7

SHA1
84fde8d0366ce24fd8039338b4714e63db350632

SHA256
1446941a86ab4ef17f60dbe4faa70b1f8a96ab0a987390d852dd91fdd74c22cb

SHA512
a343f8e17e2466d035f9c22f737d11b5b84ba61b70b74482c1016d87971a86bc2cfc00fb73fb92fd3662a6c00fca67575c5a7d62e74eece925f3cfe6e7dfe132

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
916703e45a644370545227ae207862ab

SHA1
37de45dbc503d4f0866c46b8d8249366fab7eccc

SHA256
610cbf2f3ecafec042c1fe8f459627744ee347eadda8f591564d4cff0fadb08a

SHA512
1b7fd36efc5e8f999218576d02cbd1d1c2fab872aa4bd8dacefffcea505c2395314dd3fafd40a0c2545519877f2c0a5526b7502df258c9ca25430b2a7e61510d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d09cce31cfaf353e19c06e39a14e456b

SHA1
2ba2d3b1c2d1c7b01c26d7726bc12d409fc8c4a3

SHA256
42a70c2d985f25da4e24043b1fb274592e36b8285138df2fa33f666d7991efb6

SHA512
af6fa08c810a821a1541b984bd66ed3dd5c08589cba8092cdffa73efd780f5c34cc37590177085b28c5674195783dc925ae95754c89d0b9271af24fc92e7490b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
671d9d3ae73b3d5d29f398f2c9f2e8a2

SHA1
159bf63c126d9abadd82b3a2119165dbf2033bef

SHA256
838d3d18cac1b25dee29d0a82eae5ea4df331093d6fc7440dd064ea7df8f95ce

SHA512
62ee3c9bf073931ba8e7616d3500d5d4ced04d7deab9033575cca8036e9f5cba565f18f09f313c6c2411db88ebcb4259e046fd6d9c74915a680a9b307b0bfc7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
2dc3459ab65c877a576f66261f50bcbe

SHA1
d2e0d76cf22377f5bbe28ba930970dce1f118b20

SHA256
dc84c03825ff46109e4699cf480a19ea46b1fe272d73560f30fb629548892e9d

SHA512
64008cb4d493032510be77031464941c954c6d1ec5b5a63615882f55ed4cb4d16a970582e210edc3ac2f6fdd4785cbea8a7538c39490c79332f866db7e33c0a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e613b5c7ad548548afc20bc593e9ce46

SHA1
4a53d4aebc7fc8c337075649148df6507b932052

SHA256
6faefddda82dbd4fd599cb1ad5853deca57c04cb9a4c637e6c3053a89234b2b6

SHA512
b7fe7660f53367ee485679167c8dc5e07c872d1b47a2bdb64e84de000013662c087cd6166c3cf965bfda1127bf57af9566edf8afa3ff9d234b88ef0df3612919

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
817e3cb976abdbf9eaa73612b6475003

SHA1
77144df57adcca4b3457cc42c026edbad32d9f00

SHA256
2748c5433ebb1c16adb9f1ddac9312354e29786e4d517bd34464ecc769d7942a

SHA512
ba7c4367128f81d3bad14ea4543d49f5e46eb1e574e80788b87ff0273e46708ed31ba0d183ee55bf967c893c643f89edb5e6aa712de5578e290bd8293b11dac9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
459f416b8a5072c1c57144d8865ce9ce

SHA1
053e6a7c8c15960efa71a72cc1d8e522ea44bda8

SHA256
16a6ffcd028f374985f297f10401491921788fd0c2efcb06ff0772a8ad97ee97

SHA512
b8a7d5d8147b1cf6d3a98016e6e6e619d84bb5ea6227ae3b665da65cfa49f1a5b6801009269f05b2e2f28a1d0591e4b033240d1bca8078dc6a1086ef2f044ea1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
62f9cb13c26aadd426e2aef984aac2bf

SHA1
2b0efcb9d7f1d89a2c5c0dbfad7384bf53e76d82

SHA256
27c89b8c74982a83b32c002336132082eae4b02a7833e70427cf52efd9a71941

SHA512
8951e3c5c746cf6d5db89ff3f208b9a2540a6b9f358e397363cfc8cc294abdc3fdf0821004e6038cd814593bf1c772e1ec2ee20283ecacf8ccff6fd4ec4ac9a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
102KB

MD5
e188463b1b8aa437447040da64288f86

SHA1
84ca2c95db016a89fa28a8cb1ae2167173a103f8

SHA256
f4eb30b0cf48bf634e6e6f7d8a1a65dc5503962ab121e2fa6d7a69008caf01d7

SHA512
8818d8285bfcef5cf73ebac8c275892154ec7313dbcfa8004cff2efa82046fccb47047d983ffb838a8649c706e6864a4bc8b381d36ef14eee00bb2b963376e0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
cb5b82405cc8461b49a89a3324a36c89

SHA1
cee744bd0fc7d803465a1c688a0a0aaeff043c90

SHA256
80dc6dcaa0cd8401b12272a635d4e14e638ce168f492ed2f751260716bc9ad25

SHA512
814fde6564eea782b616e55dd1ff1ec02a579b69aa79b2142f50624a8bf1aee91ec4a506548974c294392c27b47c78576a12d9fff297789bc470ecfc473bf1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe580f4d.TMP

Filesize
98KB

MD5
018b2ec2cece010e890cb018109385c1

SHA1
9356b2c042d253c8437b5635cbf99e44ae56f16a

SHA256
b7914c52774403f64e11de9599b42d23d9b9b73652fef626490acddf1c44de4a

SHA512
311bb9edc47d0be31190c0c7e25ce82836d51c4df87a00a62bc30cd667cf1a4ba030eab5e56f082d7534359a9d4e416a9ced91600a31e66cf4989458f39faa46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_2368_LVZRWGCMLQRNOPHG

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1412-52-0x0000000009030000-0x0000000009080000-memory.dmp

Filesize
320KB

Download