6cc092d750ed58607c82b2e06f4b83daed7abf961852c2eeebeb888a8a2428b4

Resubmissions

26-04-2024 01:08

240426-bg7pssgg38 3

26-04-2024 01:04

240426-bfebvsgf96 3

26-04-2024 01:02

240426-bds28sgf73 3

26-04-2024 00:59

240426-bb59sagf53 3

Analysis

max time kernel
1790s
max time network
1134s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
26-04-2024 01:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

EMO.pdf
Size

225KB
MD5

84e1ffc8db5cbcae237e3581fc21924f
SHA1

688e5360cde7dec84d0aa19b9d4141236d021bb9
SHA256

6cc092d750ed58607c82b2e06f4b83daed7abf961852c2eeebeb888a8a2428b4
SHA512

d463e05357a8904546471f57aebfc427c1ea517cdf17b1054f6efe42d7a40fd017ad4168679ddafbcb686feba31756f54ce75ab2288a2e4b6a41a6872f19c2c7
SSDEEP

6144:qhsouQoG/OXwjLl6GHtYXpizMlw0fIo3WqTA4t:qpoEe0l6GHyiAGqUg

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AcroRd32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

AcroRd32.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133585673103713903"	chrome.exe

Suspicious behavior: EnumeratesProcesses 24 IoCs

Processes:

chrome.exeAcroRd32.exechrome.exe

pid	process
5052	chrome.exe
5052	chrome.exe
3688	AcroRd32.exe
3688	AcroRd32.exe
3688	AcroRd32.exe
3688	AcroRd32.exe
3688	AcroRd32.exe
3688	AcroRd32.exe
3688	AcroRd32.exe
3688	AcroRd32.exe
3688	AcroRd32.exe
3688	AcroRd32.exe
3688	AcroRd32.exe
3688	AcroRd32.exe
3688	AcroRd32.exe
3688	AcroRd32.exe
3688	AcroRd32.exe
3688	AcroRd32.exe
3688	AcroRd32.exe
3688	AcroRd32.exe
3688	AcroRd32.exe
3688	AcroRd32.exe
2012	chrome.exe
2012	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

chrome.exe

pid process

5052 chrome.exe
5052 chrome.exe
5052 chrome.exe
5052 chrome.exe
5052 chrome.exe
5052 chrome.exe
5052 chrome.exe
5052 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe
Token: SeShutdownPrivilege	5052	chrome.exe
Token: SeCreatePagefilePrivilege	5052	chrome.exe

Suspicious use of FindShellTrayWindow 28 IoCs

Processes:

AcroRd32.exechrome.exe

pid	process
3688	AcroRd32.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe
5052	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

AcroRd32.exe

pid process

3688 AcroRd32.exe
3688 AcroRd32.exe
3688 AcroRd32.exe
3688 AcroRd32.exe
3688 AcroRd32.exe
3688 AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

AcroRd32.exeRdrCEF.exe

description	pid	process	target process
PID 3688 wrote to memory of 2564	3688	AcroRd32.exe	RdrCEF.exe
PID 3688 wrote to memory of 2564	3688	AcroRd32.exe	RdrCEF.exe
PID 3688 wrote to memory of 2564	3688	AcroRd32.exe	RdrCEF.exe
PID 2564 wrote to memory of 2136	2564	RdrCEF.exe	RdrCEF.exe
PID 2564 wrote to memory of 2136	2564	RdrCEF.exe	RdrCEF.exe
PID 2564 wrote to memory of 2136	2564	RdrCEF.exe	RdrCEF.exe
PID 2564 wrote to memory of 2136	2564	RdrCEF.exe	RdrCEF.exe
PID 2564 wrote to memory of 2136	2564	RdrCEF.exe	RdrCEF.exe
PID 2564 wrote to memory of 2136	2564	RdrCEF.exe	RdrCEF.exe
PID 2564 wrote to memory of 2136	2564	RdrCEF.exe	RdrCEF.exe
PID 2564 wrote to memory of 2136	2564	RdrCEF.exe	RdrCEF.exe
PID 2564 wrote to memory of 2136	2564	RdrCEF.exe	RdrCEF.exe
PID 2564 wrote to memory of 2136	2564	RdrCEF.exe	RdrCEF.exe
PID 2564 wrote to memory of 2136	2564	RdrCEF.exe	RdrCEF.exe
PID 2564 wrote to memory of 2136	2564	RdrCEF.exe	RdrCEF.exe
PID 2564 wrote to memory of 2136	2564	RdrCEF.exe	RdrCEF.exe
PID 2564 wrote to memory of 2136	2564	RdrCEF.exe	RdrCEF.exe
PID 2564 wrote to memory of 2136	2564	RdrCEF.exe	RdrCEF.exe
PID 2564 wrote to memory of 2136	2564	RdrCEF.exe	RdrCEF.exe
PID 2564 wrote to memory of 2136	2564	RdrCEF.exe	RdrCEF.exe
PID 2564 wrote to memory of 2136	2564	RdrCEF.exe	RdrCEF.exe
PID 2564 wrote to memory of 2136	2564	RdrCEF.exe	RdrCEF.exe
PID 2564 wrote to memory of 2136	2564	RdrCEF.exe	RdrCEF.exe
PID 2564 wrote to memory of 2136	2564	RdrCEF.exe	RdrCEF.exe
PID 2564 wrote to memory of 2136	2564	RdrCEF.exe	RdrCEF.exe
PID 2564 wrote to memory of 2136	2564	RdrCEF.exe	RdrCEF.exe
PID 2564 wrote to memory of 2136	2564	RdrCEF.exe	RdrCEF.exe
PID 2564 wrote to memory of 2136	2564	RdrCEF.exe	RdrCEF.exe
PID 2564 wrote to memory of 2136	2564	RdrCEF.exe	RdrCEF.exe
PID 2564 wrote to memory of 2136	2564	RdrCEF.exe	RdrCEF.exe
PID 2564 wrote to memory of 2136	2564	RdrCEF.exe	RdrCEF.exe
PID 2564 wrote to memory of 2136	2564	RdrCEF.exe	RdrCEF.exe
PID 2564 wrote to memory of 2136	2564	RdrCEF.exe	RdrCEF.exe
PID 2564 wrote to memory of 2136	2564	RdrCEF.exe	RdrCEF.exe
PID 2564 wrote to memory of 2136	2564	RdrCEF.exe	RdrCEF.exe
PID 2564 wrote to memory of 2136	2564	RdrCEF.exe	RdrCEF.exe
PID 2564 wrote to memory of 2136	2564	RdrCEF.exe	RdrCEF.exe
PID 2564 wrote to memory of 2136	2564	RdrCEF.exe	RdrCEF.exe
PID 2564 wrote to memory of 2136	2564	RdrCEF.exe	RdrCEF.exe
PID 2564 wrote to memory of 2136	2564	RdrCEF.exe	RdrCEF.exe
PID 2564 wrote to memory of 2136	2564	RdrCEF.exe	RdrCEF.exe
PID 2564 wrote to memory of 2136	2564	RdrCEF.exe	RdrCEF.exe
PID 2564 wrote to memory of 2136	2564	RdrCEF.exe	RdrCEF.exe
PID 2564 wrote to memory of 2136	2564	RdrCEF.exe	RdrCEF.exe
PID 2564 wrote to memory of 3256	2564	RdrCEF.exe	RdrCEF.exe
PID 2564 wrote to memory of 3256	2564	RdrCEF.exe	RdrCEF.exe
PID 2564 wrote to memory of 3256	2564	RdrCEF.exe	RdrCEF.exe
PID 2564 wrote to memory of 3256	2564	RdrCEF.exe	RdrCEF.exe
PID 2564 wrote to memory of 3256	2564	RdrCEF.exe	RdrCEF.exe
PID 2564 wrote to memory of 3256	2564	RdrCEF.exe	RdrCEF.exe
PID 2564 wrote to memory of 3256	2564	RdrCEF.exe	RdrCEF.exe
PID 2564 wrote to memory of 3256	2564	RdrCEF.exe	RdrCEF.exe
PID 2564 wrote to memory of 3256	2564	RdrCEF.exe	RdrCEF.exe
PID 2564 wrote to memory of 3256	2564	RdrCEF.exe	RdrCEF.exe
PID 2564 wrote to memory of 3256	2564	RdrCEF.exe	RdrCEF.exe
PID 2564 wrote to memory of 3256	2564	RdrCEF.exe	RdrCEF.exe
PID 2564 wrote to memory of 3256	2564	RdrCEF.exe	RdrCEF.exe
PID 2564 wrote to memory of 3256	2564	RdrCEF.exe	RdrCEF.exe
PID 2564 wrote to memory of 3256	2564	RdrCEF.exe	RdrCEF.exe
PID 2564 wrote to memory of 3256	2564	RdrCEF.exe	RdrCEF.exe
PID 2564 wrote to memory of 3256	2564	RdrCEF.exe	RdrCEF.exe
PID 2564 wrote to memory of 3256	2564	RdrCEF.exe	RdrCEF.exe
PID 2564 wrote to memory of 3256	2564	RdrCEF.exe	RdrCEF.exe
PID 2564 wrote to memory of 3256	2564	RdrCEF.exe	RdrCEF.exe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\EMO.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3688
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2564
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=4180C90522FD31C5BD620E63C18D0A29 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2136
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=0AAF2F8EFD2475E71DE58239D0C8595B --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=0AAF2F8EFD2475E71DE58239D0C8595B --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:3256
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=05FACAE888B84E0BFEA39DDB13CBFE98 --mojo-platform-channel-handle=2156 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:920
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=2B41D78C9704CA4A78F18E78B3E4B44E --mojo-platform-channel-handle=2404 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1420
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=62659624DE9D4E840FEA4A2F773DB035 --mojo-platform-channel-handle=1860 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:628
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=2E0D5707D7EADB07B84077120B210CCA --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=2E0D5707D7EADB07B84077120B210CCA --renderer-client-id=7 --mojo-platform-channel-handle=2160 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2760

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0x104,0x128,0x7ff9461dab58,0x7ff9461dab68,0x7ff9461dab78
  2⤵
  PID:208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 --field-trial-handle=1840,i,8966165047314126356,3767952413308531624,131072 /prefetch:2
  2⤵
  PID:3136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1840,i,8966165047314126356,3767952413308531624,131072 /prefetch:8
  2⤵
  PID:224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2272 --field-trial-handle=1840,i,8966165047314126356,3767952413308531624,131072 /prefetch:8
  2⤵
  PID:3408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=1840,i,8966165047314126356,3767952413308531624,131072 /prefetch:1
  2⤵
  PID:3684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3080 --field-trial-handle=1840,i,8966165047314126356,3767952413308531624,131072 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4284 --field-trial-handle=1840,i,8966165047314126356,3767952413308531624,131072 /prefetch:1
  2⤵
  PID:5400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4460 --field-trial-handle=1840,i,8966165047314126356,3767952413308531624,131072 /prefetch:8
  2⤵
  PID:5492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4604 --field-trial-handle=1840,i,8966165047314126356,3767952413308531624,131072 /prefetch:8
  2⤵
  PID:5504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4520 --field-trial-handle=1840,i,8966165047314126356,3767952413308531624,131072 /prefetch:8
  2⤵
  PID:5880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4484 --field-trial-handle=1840,i,8966165047314126356,3767952413308531624,131072 /prefetch:8
  2⤵
  PID:5940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4816 --field-trial-handle=1840,i,8966165047314126356,3767952413308531624,131072 /prefetch:8
  2⤵
  PID:5972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4876 --field-trial-handle=1840,i,8966165047314126356,3767952413308531624,131072 /prefetch:1
  2⤵
  PID:6140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3340 --field-trial-handle=1840,i,8966165047314126356,3767952413308531624,131072 /prefetch:1
  2⤵
  PID:5204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4872 --field-trial-handle=1840,i,8966165047314126356,3767952413308531624,131072 /prefetch:1
  2⤵
  PID:6016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2740 --field-trial-handle=1840,i,8966165047314126356,3767952413308531624,131072 /prefetch:8
  2⤵
  PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3272 --field-trial-handle=1840,i,8966165047314126356,3767952413308531624,131072 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3276 --field-trial-handle=1840,i,8966165047314126356,3767952413308531624,131072 /prefetch:1
  2⤵
  PID:4152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2740 --field-trial-handle=1840,i,8966165047314126356,3767952413308531624,131072 /prefetch:8
  2⤵
  PID:1644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4268 --field-trial-handle=1840,i,8966165047314126356,3767952413308531624,131072 /prefetch:8
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5296 --field-trial-handle=1840,i,8966165047314126356,3767952413308531624,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2012

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:620

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4a4 0x50c
1⤵
PID:3868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
641fd51d0a7a4a6a6ed94f722de04783

SHA1
9686eb9fc26db56ea65ac13757541e0c2e19db3f

SHA256
4bc63cd831d39a4bc9591a5821e43c40e6df871b512c76afae0808f7a978138c

SHA512
b12d909209082b714934cad0c07d1b184576a9593a5582a0d9f3ee325d75c9c50f0b468721314caaff25dff1e88af65b5541cb721d2d7efa143635cd56231387

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
36KB

MD5
b30d3becc8731792523d599d949e63f5

SHA1
19350257e42d7aee17fb3bf139a9d3adb330fad4

SHA256
b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

SHA512
523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
27KB

MD5
d6f862353c2433098d82725f90a0e280

SHA1
55ab2e7e58fd35c99aec7fb52849d866eaefc438

SHA256
719a5b617534fb3a811c51a999f943911439fb43225e3a38a79dfb9c0ffbac38

SHA512
0de7c8478de4d63e2d49e834c5ddc7e6190dfa851b46914f32adc392c1b9e22e6222c01950738985b44612b65a8cdfa6ddd99e77c49e1d6b9257c63af974b178

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
64KB

MD5
9c831bb0607c1778d78672c5e584bf57

SHA1
842b4427e3961916d57468515b364b47b5b0a9ce

SHA256
d7c019252f4c55d90b8a0d2660cdc09cfacd067eaa8ac17f14c83082b9a025c2

SHA512
7d814efcde843bebcb5bc1c59a416d6314da227249b9481a0664cfcfeac3c8d1a19c7689682ed99f5b8ef2e4913bbd4a4eb4455ec4d4586aae68b8509aa31ab8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
76KB

MD5
46fed68aa90cbf1f2c1e798cbb3a1b22

SHA1
7b73754ac9d73f11f61ee359721dca421381ae19

SHA256
2b7014ddf74d0619962b571fdd1b4b1ed49774b0feba597ae45b7ff19cc9930a

SHA512
24c835a2c7be41c522f391929be1ae3bfa309dc10eee8bb4c1331600ac4ef7c70e297b952d7e2b104273ba4bcd0e00ce368d0f4d41539cb5372dece542e2306c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

Filesize
93KB

MD5
b1b4f5ce212537f7ad26bd08d742c2fc

SHA1
6aa780582c65f039188b625c6d99a6aa2cd62b19

SHA256
46ee82ef9ee4349ebd915e5e2b884a2c0e2353a7525616e2970a4aed432ddd61

SHA512
e6c1625a8992e438024700558cb8054f10122b798d75a8b0aa66d7bddc8610b4b9543591df0ecc7b08c03b64f4baa806802d70a6907a9a79f040c27f9edd33c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

Filesize
16KB

MD5
48c80c7c28b5b00a8b4ff94a22b72fe3

SHA1
d57303c2ad2fd5cedc5cb20f264a6965a7819cee

SHA256
6e9be773031b3234fb9c2d6cf3d9740db1208f4351beca325ec34f76fd38f356

SHA512
c7381e462c72900fdbb82b5c365080efa009287273eb5109ef25c8d0a5df33dd07664fd1aed6eb0d132fa6a3cb6a3ff6b784bffeeca9a2313b1e6eb6e32ab658

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

Filesize
29KB

MD5
f85e85276ba5f87111add53684ec3fcb

SHA1
ecaf9aa3c5dd50eca0b83f1fb9effad801336441

SHA256
4b0beec41cb9785652a4a3172a4badbdaa200b5e0b17a7bcc81af25afd9b2432

SHA512
1915a2d4218ee2dbb73c490b1acac722a35f7864b7d488a791c96a16889cd86eee965174b59498295b3491a9783facce5660d719133e9c5fb3b96df47dde7a53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
093c1f52004a7533cef03973f1b225f0

SHA1
3a5fe0b25b5587715630c2eec5b281604d98566c

SHA256
27ea7bd837d5b3a205b51f027720264bb7ebab3de9fdc07c3e09b1a545916994

SHA512
5df8634b9f9d2dcaa80ab3e445ef0f0862b848aba3ccfd0c1ac9f5701292728058aa09922ee031a2a1ee524dcb7b923dd355f5db0c634f8f9f2aa63dac122055

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
32ffc31f130a3c7dfa57e8e75b5a4cf9

SHA1
f6eb954e8ae226f11e1f16272949ec9a72a65e93

SHA256
61c05e767877a6f350f95312e2dfcf069ebb1ec7364e3ffa9b73d6fba3cf80ab

SHA512
83a50426fdd2e4b912828c647fffd4f2c596d32a99c5a62bcfd81db8f40415e70685552c3acb766a305cc50aef1fe65c48b91fecf6625ac5898a11b1fe27b924

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
edd18f354b57663a88d7fbbf3be59cef

SHA1
ad15c888dd8d78695d8b49d87a36b4509556bdfb

SHA256
51d9cea2bfd906692db6272bed70c4fb3bfaa3f8d93c60e003065221fe4fb4d8

SHA512
2f5cb02ab97f6f993e3f1229d18057dc8702eee837188392ef762ad46fd2c4da004da32ae2fb8b9bec476b79842639d7d42e62cb8aa37a66792fef3a3e44f759

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
efc70240677b2327e841c1231f1b96d3

SHA1
aba667c858dee92cf4e49e0d50a103afb93e19ab

SHA256
366951e2a354018e5683631bec096c8a600ba04c7b81ec761a8a834b06699614

SHA512
a9dd2fea0fa3068bab197103184e44254f5e33034eb29b0b482de2545a028fa69aa38132541dbe197def6dc2a615314a281f0e3814981f454328ccb36567937c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
f74093edfb5a8b036c4515cf6f420829

SHA1
b584c684f6f9720d95707c896f4d989796e9497d

SHA256
e7e94286b6d597292b2ce969787ac88462e5161910d2b35862473bffa3966863

SHA512
cbe414b6c3343f23d8da3eb85fc91b5ec48acddf2d7be330d9f3faff425a1cb2fa3d79825633f3c0254ef93746cc43c43b380798483b2ee2d80298364bb98be9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
c6cec0f302b1d1bf90b96e4b8e2694da

SHA1
61c27a55a4901adedecaa8842904d5b3dbff0000

SHA256
ca5b226aaeb2f7f62023b41c65d4f5885497a91cd425941534c0d6e7970102d3

SHA512
6d8f91652b06c2ec0df16af25c39f1044cf93902cce7e2d9bc004393b874526737439eb3d2e0df0307cb8b3c4706484d62415598964564a78b7c4f45e30f06ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
8fa5ef43a854b9cd4d95ea3d80bf103c

SHA1
d0d71588792785bdec2a8d6ee3a406c02be89aab

SHA256
418037d762668ddb3c8ce1702a50889d6061366ba78c98988997575de10dbd8c

SHA512
0fdbd99463330d9aba5a96691daf91c15017aa5711d1662eefb72670dc15be96fcaebd403d488f39d53d8efdc4b33a12b71210a2120fc6c0fc36ea7f45a39f4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
1a320d0e222d69c7473644e2ae751ba6

SHA1
832e8ca5b0ee4f75cae77c38b20f13f46f8f62da

SHA256
041d7b6760b427e1e46d9e60a413bbe3637ddf40b49f9f11ed7f6044ad345bb2

SHA512
958acbced79f7a2bcd7c114081ecdac849655e6bcb192638294e308158c5d728210ba1cdda4739abac6155f1ab8041847b45f8a0c5191e47808d289dc544f17d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
e12c7f26e17ab4578b291465eacd1610

SHA1
2e8aaadf170090704ee17d971460883ed1817c89

SHA256
6e2b5c06526b6c3e79beb6e01a5c1ec1aa2a1f9a2ae943eef070aa72eeb38622

SHA512
eebba09536936f4c7a374b7a93bd05b9e1c5b6e7dc9cb1809818c3f38797cd57da0a0373814bbcd50a4c2244870a877cb9510643da5b02dc23fffc340370d9eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1024B

MD5
62003c79e1c1a88c3f051f34c2e8bb70

SHA1
a82b345066a41d41a5614d2bb6bc122dc1111ca1

SHA256
3108f895c9383c5c3d89440206786b86926f8d503d760336adde508ee58f6f02

SHA512
8bdbcd5941eecd33b52aecea5304cbe900b821f16d07ccc8dcfad04b1637d8b07dcab5abecf6898f9236a4458a0171ea0fb58bf285afc4a113767fd937fe8d46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
5c7f12cd855e03ecfd80e461a55c59ce

SHA1
33c8f5175a5f63194b8f78ecc0ba884093b58a40

SHA256
2bd1833f07dc20a3a1aec71d6b00818111f2d68f48fe8b6136da75f09af6dd74

SHA512
9cdb0ac9375ba7dcec547b83398af312d2e418a1d0818933b769b1cac0433ccd43852ba050c28be727e154dbd3cba04b40f6e941a5d45b67a12b6d12fdaad2d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1024B

MD5
73b776f70d0c73d56a07a3fa0b3533e7

SHA1
60838ce9a205d55f5ca5506984af9c65715554a5

SHA256
1fd672245fdb0418f040096b220ba515151e915a76dc82bdfb5fc86d9002776d

SHA512
b4019ce9aa4d929556985dc44bbc14e1a2e2cf535f3977fe03aa52ddb46e21c4c0ec792b90d633aad27e1904fb4e090d36a2f891344c22498de29ad6e6a05b27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
22b7a20c28f951bafd119fe8704c02e5

SHA1
5746b0a43dc664a803d628448943885c38dba389

SHA256
36bd7e52c4ecb850d6765b8464ddce21537bc5f9ba2e95bfeca9bfecaee85c24

SHA512
467e453c288c4c829ec95cc572d483cc4bb09faf0e5c6443dd1b78f89db49b551479f71d2f8e7dfd6270f2b749b8e0077b4c437a8df0f32a85d9b963e18efa03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
05f12184ade8c25c40df7cf4aac5f9e3

SHA1
e3ebbcde0ede96ca952b4d9d1f41cd2c6a7d38d3

SHA256
11fcc814c61321b791bb543bde8622b936111e95cf0788f39090fcfe6048d2f5

SHA512
42ad9873feb1dd6eeafdd2fa57a4c5310e424a83d579a6c81eb8d9ee135c33b3ae81791be300beb4d16d41eb022ffe16801bab74a6325bb29431692987c66e29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
022c7905d4d0cbbf3b5004352893fdec

SHA1
fb565b0f247acf88efd59ba182bcf8ebb0b8f76f

SHA256
20ed6db70c6d204d42ad20a46a62106e6c97ba3787d076680427f5f8c4c17309

SHA512
66f18f8b5c200c92f3d3c88aa6afbd3a720c6f9f08b54befa40cae4d624e9bf209cc11c779f05bc36e1496908e0dfc92e215576f9dee8394257f6a8d42885f50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9d08525825dab7701bdc6af887c22faa

SHA1
7fefae6f0644bec9a840e2bcfeebf7a4bede6b9f

SHA256
dd36ab8cc5963581adea88d6e3643bd8c0881ab321328931dd3fd600fbe42686

SHA512
633dcaedf4e0fe60ac75f9b5f77703ab41685154df7156c8850bd06c42e910f6d4ed60b3179a6bd9135c39fd630dfe4db522c79db7b33e3b8dc30158c91e9acc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0eeea4bf5838e120a215629b1e04e664

SHA1
1c472367a686591db2a21ab78db58c82f475ab2d

SHA256
94966c21c9422c5aab4a25b56f56d9e4c6c0d178e2b0ee2c61cd70bf3e3c79fc

SHA512
ad66169810be8c5646c80097e385e221f0a5d2dfced74e574f8894dece314313a8e98427e1a7675d2355a9027340ef278e77968469e019b24e4898c9a2649478

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7581d70c15b438124498742c484187ce

SHA1
2258959d1a646c38a3b0e7afb36853a454c282f8

SHA256
f10d72f0592593e2ef59805019d24dfa01e89e56625f720c156ad23ec8f3fe0f

SHA512
c298d18c423b2a2a0a5e023c04e94e16dc3a3eaa58acb805c123400e779ca2d4163e5882039df07b9348c27a985db57d97a786f5ea362f0fe5d84eaf1bf96752

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8fb411847c6ac239382c8b4feae23024

SHA1
edf4752d13b238b4e0e8ed0c2cf39d90408d06a7

SHA256
adb893114e36ae65643069d4c1497c5c4de822beb46937ad94e8e17a09853159

SHA512
22ef451c1c782f1305e36f0c55afc5fe3218e298905d9226c7f173d1b73e1a96cdacddcf89c2c5a1e7a6a0e7fc640fb226bb97b44c945f5477f238aec5c2eb26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a67b13ce8cbf8890a868348dfa7f5087

SHA1
1f15bba4c525ac433c744c3c08dbb728e7bbaec1

SHA256
5a4e46db96d18ab4521b7d52d47223bd1ea3ffc3c136127c59e4ee59f3c01526

SHA512
ba31b83023346da3c4551f05454e487fb2d7cdd1dd1eee7b806fc1079184de15b4a3e3d272773804ce872e8c47665a0d715218e78ddcc3e2b736fff47b65fa00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
4fc4a0f8dc1e659a2730ffc2fdbfb883

SHA1
4078d0f56c17195ebe2180945a24ccce923ae2e8

SHA256
fab90999ffe2a7a893b602d672600fb1cda2912a967483f6e5bacc9dbcd9fe07

SHA512
08c557fca3e6f6e01e5ba460e59cfd28c019d7860a31728d9cfc5b756dc2aaa6b3e553e0bc4fb442c390ffafc6cc54e999da185bda7a77dad66a44e1d45fe4b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
94af91a8996ef56e7afda1e3dbc417c6

SHA1
03458954946bb96c383961dce9768fd6062eedae

SHA256
d84dba9056e583870735a804aecd85144a0c318ed8afa203f920072e4bd49611

SHA512
f11689646490ba1a7d8670beaa5826cd9580bb2c9147c4796f2bc2175da503b3a1640239b429179d6ebd5dc83b7e9c562bf28a0537f5017c0a903b4ff6e8aec1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
da2b1792b27a91c224dd7db0cf4f1813

SHA1
87c73e06c879ecf085204b72602d2cc9b6eff804

SHA256
e010328660197fb14b73f5389f0390c519b05f926cd7eac335e183bf5de5cb26

SHA512
35fde90cb279076fe02e2f07d5eba4ed866796c535320d656dbf346233c363685468f9f52126dd8f7f327e11ce5fbe032ab4d9e641a965825feaf3586112e3eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
871a43db279199417d6c662c1afa249d

SHA1
4d714b91af24e6fb34b31a91929b867790020275

SHA256
b81f4680aa1ce9c896798822628392f1febd5a6b07f9308e1f419ebee49c8f71

SHA512
f545fb8c7bb3e08f6e6c5d85ab939f2ba3c0b928bc360d159c17c041ebafb469e1f61dcc8035b55ac38ca814d5e822c5c8c2ad6f157aa6488187fa6025032aeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
61186dcbbc68585916800f114fa67aea

SHA1
2c2c509e88f8fba7ae1abe4e3d18a4d4d939d51c

SHA256
fdea3c9043c216fc21014757b88bffde52c9fa01e60718aa99e23442bce502c8

SHA512
d0aadc59fc14b1d3f17373abd2871d99e2a86732b409929fe6f562409b07c8c1a980f177fb783861607c1a74059b948dea0ad9a9377ff485fb6d037b25f56498

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
9ba1d26f2995e0477dba9157df4b2005

SHA1
882305e0435886057a257f74849402190f314dcd

SHA256
d18caa64da6b5b6f1ec9183e59f369080035bd85725ea46e87a300d2303044e9

SHA512
0f177d3ff6a5a35def50d4bc0b6604858e6e74976913b4ee03a3cad9473f4edfc1e1dafd2aea54eb32fbecf0e640308a347590aa46819bcf1cd3d384de8d3189

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
00a03136d8c9516c8e5a9f2179280032

SHA1
d864027fdc8b08e14edee796553c6fd0059a24d6

SHA256
588bbf13c1e7dc25b1822305fe1efaaadeccb8254e588a326fce3d6210d1f956

SHA512
c71d7d29cd63d54e5eeb00ea8674e623e7d2664f45a0fcfb5d4a2790079df53af94c8cbd7f4acfa22ca88332fb92059a30d597ad857460f45557cfd579aba120

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
5c32a9f8b87bd759b60cb5c46b2675a0

SHA1
0c5d06e4bd4a64572678aab2b59c694c67f9564b

SHA256
8b9ebcafa67c397540938ff53cee7534784239af58611748cb5efb27d2cbc844

SHA512
12fc1c8e9e04c439acb7a88e7d3efd42f1d0d5e235d64ec6883a8186f06871a90cfafa4173324aafbc6c8889146be30ad8a86be7ebdfee8e23b4570f79b1ee24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58a236.TMP

Filesize
48B

MD5
a4812fbe7aefcdd8eebd90890e84e5ba

SHA1
1a128ae24f9e32860b61a468e727442e6576cf51

SHA256
dbe69773cbedb99434b04eb99fab519c38afd694237f76f97dac337f48932bcb

SHA512
48baf5b3c636fd4b2d2ba89971c89461b5a301ec1ac1056f5803adce797d5061517d2eb89e25a86b8ed9020c03e84710b6068f09112915b2a993c5ade95b6b38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
253KB

MD5
c3c63ed10da8c12a03c1a43a11dcd34e

SHA1
41b2a84790f393d51f0dde376d425c90e8243edd

SHA256
446fe80adb86b0b747f7fb9c0ac11f522a12e599126ce6446b667bc20c3f49eb

SHA512
0d63a0f30779ef67e82e13284bf3015c7d0b80cd930c50589ffa5a6c5c5b55a6f00e1387861f4d53c984f1c14e0d2de76798cac0e9e5dff5b88db00b30b24f01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
253KB

MD5
8fb3327083470adf3ee2017d10e41330

SHA1
53e6aede215b1945ac73dd0c55f37e2d7a68b869

SHA256
22435b2b80f5202de418e428502c0a24e4159a4fec21a337a5fe8b410b4af3d9

SHA512
2fce24148eeed9f5ef208d7d9dee8b31e2f1a23e207caec81678d939fcca0a0b7910437a4889d7cc5ebc252f4b368a3fd40ddc12340ecf7873ece96c207c76f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
90KB

MD5
035c96bea10eed82a91574530dc56f9d

SHA1
2fa8ad43fb1b75699f2f473714aa6351297e12f4

SHA256
6e08614e048021d549f80c53c512cc7f2834934472e7173ec762c495319c21c8

SHA512
439b595506a2f4ec65491aeadc1d204564215cd02af9997ac6e4f9726f9e2a6eb7b5b09641b99d761e07dc26ada14b9bf971dd68dce173f13688b314a56b5fcf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
91KB

MD5
193f598942e8bae433ceb2eea665b0f6

SHA1
8cc9a5753e481d920309837ef0eb42537c4bc330

SHA256
4750215699de83956ce6d51aadca52dfacdd68cbfca5f00de398dba7ef4ae1fb

SHA512
40a55a2ef825bd48a78b62ccf2201195955a1f8e5e803a66f74202c809e8cb959f0a275cc077f48f433117090e8b405ae78d9fcd290abf91ae8d9f761b50e640

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58c3b8.TMP

Filesize
89KB

MD5
a7260c8b39ab82ba3f2b6720f2940bbc

SHA1
608acef4318a1ae0ec7cfcf5d652f728ae3579be

SHA256
844d3bc919bfa46d7e5898c7c6af8e386b52fbaac43dd5695b710550cdc49521

SHA512
b6ebc20cb2599e5f2b46382356744a10774ac76dea70cff1e557093d5b11038c48b4d8eb6433b46ca18fe8b54aab91f1dc76c1f3840815c73cdf26a0578a3c4b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\crashpad_5052_BMGCDCTDDJPSSBAW

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/3688-277-0x000000000BED0000-0x000000000C17B000-memory.dmp

Filesize
2.7MB

Download