0ddb647153201797e44915c3aea58fb97d8a0270d1f58feae7954125ab187d7d

Analysis

max time kernel
1800s
max time network
1600s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
27-04-2024 22:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Lámina 06A Texturas.pdf
Size

324KB
MD5

6e12e9ddbe3c9e283716c0522e15fb9c
SHA1

9de7c37a77bdfdb16501f2da3837868098c91230
SHA256

0ddb647153201797e44915c3aea58fb97d8a0270d1f58feae7954125ab187d7d
SHA512

cb6f1bba3067c6b750125976c80838aab8a4fd4d0c6c894fb821ee3d0a7dd792d566c94c2cb2e37d45c40bdbc3fa24b0aa584ea6668f7a4d0c946b01c7050312
SSDEEP

6144:ImY++x9JRjBk2fUK4vX45PlOn9jy/T8nUBPwLSozvewsCgme1ci4F0KzmiY0:Ih++xjnRwvIlyegQwkmeRZKaix

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AcroRd32.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exechrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

AcroRd32.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies data under HKEY_USERS 3 IoCs

Processes:

chrome.exechrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133587301982721142"	chrome.exe

Suspicious behavior: EnumeratesProcesses 30 IoCs

Processes:

AcroRd32.exechrome.exechrome.exechrome.exechrome.exe

pid	process
4908	AcroRd32.exe
4908	AcroRd32.exe
4908	AcroRd32.exe
4908	AcroRd32.exe
4908	AcroRd32.exe
4908	AcroRd32.exe
4908	AcroRd32.exe
4908	AcroRd32.exe
4908	AcroRd32.exe
4908	AcroRd32.exe
4908	AcroRd32.exe
4908	AcroRd32.exe
4908	AcroRd32.exe
4908	AcroRd32.exe
4908	AcroRd32.exe
4908	AcroRd32.exe
4908	AcroRd32.exe
4908	AcroRd32.exe
4908	AcroRd32.exe
4908	AcroRd32.exe
2532	chrome.exe
2532	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
3996	chrome.exe
5084	chrome.exe
5084	chrome.exe
5716	chrome.exe
5716	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

Processes:

chrome.exechrome.exe

pid	process
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exechrome.exe

description	pid	process
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	2532	chrome.exe
Token: SeCreatePagefilePrivilege	2532	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe
Token: SeShutdownPrivilege	5084	chrome.exe
Token: SeCreatePagefilePrivilege	5084	chrome.exe

Suspicious use of FindShellTrayWindow 54 IoCs

Processes:

AcroRd32.exechrome.exechrome.exe

pid	process
4908	AcroRd32.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

Processes:

chrome.exechrome.exe

pid	process
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
2532	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe
5084	chrome.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

AcroRd32.exe

pid process

4908 AcroRd32.exe
4908 AcroRd32.exe
4908 AcroRd32.exe
4908 AcroRd32.exe
4908 AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

AcroRd32.exeRdrCEF.exe

description	pid	process	target process
PID 4908 wrote to memory of 3232	4908	AcroRd32.exe	RdrCEF.exe
PID 4908 wrote to memory of 3232	4908	AcroRd32.exe	RdrCEF.exe
PID 4908 wrote to memory of 3232	4908	AcroRd32.exe	RdrCEF.exe
PID 3232 wrote to memory of 3780	3232	RdrCEF.exe	RdrCEF.exe
PID 3232 wrote to memory of 3780	3232	RdrCEF.exe	RdrCEF.exe
PID 3232 wrote to memory of 3780	3232	RdrCEF.exe	RdrCEF.exe
PID 3232 wrote to memory of 3780	3232	RdrCEF.exe	RdrCEF.exe
PID 3232 wrote to memory of 3780	3232	RdrCEF.exe	RdrCEF.exe
PID 3232 wrote to memory of 3780	3232	RdrCEF.exe	RdrCEF.exe
PID 3232 wrote to memory of 3780	3232	RdrCEF.exe	RdrCEF.exe
PID 3232 wrote to memory of 3780	3232	RdrCEF.exe	RdrCEF.exe
PID 3232 wrote to memory of 3780	3232	RdrCEF.exe	RdrCEF.exe
PID 3232 wrote to memory of 3780	3232	RdrCEF.exe	RdrCEF.exe
PID 3232 wrote to memory of 3780	3232	RdrCEF.exe	RdrCEF.exe
PID 3232 wrote to memory of 3780	3232	RdrCEF.exe	RdrCEF.exe
PID 3232 wrote to memory of 3780	3232	RdrCEF.exe	RdrCEF.exe
PID 3232 wrote to memory of 3780	3232	RdrCEF.exe	RdrCEF.exe
PID 3232 wrote to memory of 3780	3232	RdrCEF.exe	RdrCEF.exe
PID 3232 wrote to memory of 3780	3232	RdrCEF.exe	RdrCEF.exe
PID 3232 wrote to memory of 3780	3232	RdrCEF.exe	RdrCEF.exe
PID 3232 wrote to memory of 3780	3232	RdrCEF.exe	RdrCEF.exe
PID 3232 wrote to memory of 3780	3232	RdrCEF.exe	RdrCEF.exe
PID 3232 wrote to memory of 3780	3232	RdrCEF.exe	RdrCEF.exe
PID 3232 wrote to memory of 3780	3232	RdrCEF.exe	RdrCEF.exe
PID 3232 wrote to memory of 3780	3232	RdrCEF.exe	RdrCEF.exe
PID 3232 wrote to memory of 3780	3232	RdrCEF.exe	RdrCEF.exe
PID 3232 wrote to memory of 3780	3232	RdrCEF.exe	RdrCEF.exe
PID 3232 wrote to memory of 3780	3232	RdrCEF.exe	RdrCEF.exe
PID 3232 wrote to memory of 3780	3232	RdrCEF.exe	RdrCEF.exe
PID 3232 wrote to memory of 3780	3232	RdrCEF.exe	RdrCEF.exe
PID 3232 wrote to memory of 3780	3232	RdrCEF.exe	RdrCEF.exe
PID 3232 wrote to memory of 3780	3232	RdrCEF.exe	RdrCEF.exe
PID 3232 wrote to memory of 3780	3232	RdrCEF.exe	RdrCEF.exe
PID 3232 wrote to memory of 3780	3232	RdrCEF.exe	RdrCEF.exe
PID 3232 wrote to memory of 3780	3232	RdrCEF.exe	RdrCEF.exe
PID 3232 wrote to memory of 3780	3232	RdrCEF.exe	RdrCEF.exe
PID 3232 wrote to memory of 3780	3232	RdrCEF.exe	RdrCEF.exe
PID 3232 wrote to memory of 3780	3232	RdrCEF.exe	RdrCEF.exe
PID 3232 wrote to memory of 3780	3232	RdrCEF.exe	RdrCEF.exe
PID 3232 wrote to memory of 3780	3232	RdrCEF.exe	RdrCEF.exe
PID 3232 wrote to memory of 3780	3232	RdrCEF.exe	RdrCEF.exe
PID 3232 wrote to memory of 3780	3232	RdrCEF.exe	RdrCEF.exe
PID 3232 wrote to memory of 3780	3232	RdrCEF.exe	RdrCEF.exe
PID 3232 wrote to memory of 3780	3232	RdrCEF.exe	RdrCEF.exe
PID 3232 wrote to memory of 5000	3232	RdrCEF.exe	RdrCEF.exe
PID 3232 wrote to memory of 5000	3232	RdrCEF.exe	RdrCEF.exe
PID 3232 wrote to memory of 5000	3232	RdrCEF.exe	RdrCEF.exe
PID 3232 wrote to memory of 5000	3232	RdrCEF.exe	RdrCEF.exe
PID 3232 wrote to memory of 5000	3232	RdrCEF.exe	RdrCEF.exe
PID 3232 wrote to memory of 5000	3232	RdrCEF.exe	RdrCEF.exe
PID 3232 wrote to memory of 5000	3232	RdrCEF.exe	RdrCEF.exe
PID 3232 wrote to memory of 5000	3232	RdrCEF.exe	RdrCEF.exe
PID 3232 wrote to memory of 5000	3232	RdrCEF.exe	RdrCEF.exe
PID 3232 wrote to memory of 5000	3232	RdrCEF.exe	RdrCEF.exe
PID 3232 wrote to memory of 5000	3232	RdrCEF.exe	RdrCEF.exe
PID 3232 wrote to memory of 5000	3232	RdrCEF.exe	RdrCEF.exe
PID 3232 wrote to memory of 5000	3232	RdrCEF.exe	RdrCEF.exe
PID 3232 wrote to memory of 5000	3232	RdrCEF.exe	RdrCEF.exe
PID 3232 wrote to memory of 5000	3232	RdrCEF.exe	RdrCEF.exe
PID 3232 wrote to memory of 5000	3232	RdrCEF.exe	RdrCEF.exe
PID 3232 wrote to memory of 5000	3232	RdrCEF.exe	RdrCEF.exe
PID 3232 wrote to memory of 5000	3232	RdrCEF.exe	RdrCEF.exe
PID 3232 wrote to memory of 5000	3232	RdrCEF.exe	RdrCEF.exe
PID 3232 wrote to memory of 5000	3232	RdrCEF.exe	RdrCEF.exe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Lámina 06A Texturas.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4908

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
- Suspicious use of WriteProcessMemory
PID:3232

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C350261518006AA51E0C21FE2F83A9F3 --mojo-platform-channel-handle=1628 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:3780

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=53744CCD62C9182381D9C9E9C3968585 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=53744CCD62C9182381D9C9E9C3968585 --renderer-client-id=2 --mojo-platform-channel-handle=1636 --allow-no-sandbox-job /prefetch:1
3⤵
PID:5000

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D8E60DF11F8FD4B59743DC8BF006AF39 --mojo-platform-channel-handle=2320 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:2704

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=54C5A4DB669C4FCFFD84949FA2B32989 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=54C5A4DB669C4FCFFD84949FA2B32989 --renderer-client-id=5 --mojo-platform-channel-handle=1728 --allow-no-sandbox-job /prefetch:1
3⤵
PID:648

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=EC14A3E47108B982692FDFE8F9A51BE5 --mojo-platform-channel-handle=2608 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:2016

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8AACFCFF5946155A782A1D88E1E26D19 --mojo-platform-channel-handle=2612 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:4612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc383a9758,0x7ffc383a9768,0x7ffc383a9778
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1856,i,3850879640533363114,10726937260415253317,131072 /prefetch:2
2⤵
PID:2940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1776 --field-trial-handle=1856,i,3850879640533363114,10726937260415253317,131072 /prefetch:8
2⤵
PID:4444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2056 --field-trial-handle=1856,i,3850879640533363114,10726937260415253317,131072 /prefetch:8
2⤵
PID:1612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2844 --field-trial-handle=1856,i,3850879640533363114,10726937260415253317,131072 /prefetch:1
2⤵
PID:1956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2852 --field-trial-handle=1856,i,3850879640533363114,10726937260415253317,131072 /prefetch:1
2⤵
PID:4988

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4400 --field-trial-handle=1856,i,3850879640533363114,10726937260415253317,131072 /prefetch:1
2⤵
PID:644

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4456 --field-trial-handle=1856,i,3850879640533363114,10726937260415253317,131072 /prefetch:8
2⤵
PID:712

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4660 --field-trial-handle=1856,i,3850879640533363114,10726937260415253317,131072 /prefetch:8
2⤵
PID:2620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4856 --field-trial-handle=1856,i,3850879640533363114,10726937260415253317,131072 /prefetch:8
2⤵
PID:5084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 --field-trial-handle=1856,i,3850879640533363114,10726937260415253317,131072 /prefetch:8
2⤵
PID:4428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4968 --field-trial-handle=1856,i,3850879640533363114,10726937260415253317,131072 /prefetch:8
2⤵
PID:2620

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5084

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffc383a9758,0x7ffc383a9768,0x7ffc383a9778
2⤵
PID:3164

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1544 --field-trial-handle=1860,i,1447922797066447528,7261286564951203088,131072 /prefetch:2
2⤵
PID:4148

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1616 --field-trial-handle=1860,i,1447922797066447528,7261286564951203088,131072 /prefetch:8
2⤵
PID:2012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2092 --field-trial-handle=1860,i,1447922797066447528,7261286564951203088,131072 /prefetch:8
2⤵
PID:1968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2888 --field-trial-handle=1860,i,1447922797066447528,7261286564951203088,131072 /prefetch:1
2⤵
PID:2880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2896 --field-trial-handle=1860,i,1447922797066447528,7261286564951203088,131072 /prefetch:1
2⤵
PID:1528

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4476 --field-trial-handle=1860,i,1447922797066447528,7261286564951203088,131072 /prefetch:1
2⤵
PID:2016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4632 --field-trial-handle=1860,i,1447922797066447528,7261286564951203088,131072 /prefetch:8
2⤵
PID:984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4772 --field-trial-handle=1860,i,1447922797066447528,7261286564951203088,131072 /prefetch:8
2⤵
PID:1916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4988 --field-trial-handle=1860,i,1447922797066447528,7261286564951203088,131072 /prefetch:8
2⤵
PID:5012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4948 --field-trial-handle=1860,i,1447922797066447528,7261286564951203088,131072 /prefetch:8
2⤵
PID:392

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 --field-trial-handle=1860,i,1447922797066447528,7261286564951203088,131072 /prefetch:8
2⤵
PID:984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5332 --field-trial-handle=1860,i,1447922797066447528,7261286564951203088,131072 /prefetch:1
2⤵
PID:3432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5556 --field-trial-handle=1860,i,1447922797066447528,7261286564951203088,131072 /prefetch:1
2⤵
PID:5136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3152 --field-trial-handle=1860,i,1447922797066447528,7261286564951203088,131072 /prefetch:1
2⤵
PID:5272

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3004 --field-trial-handle=1860,i,1447922797066447528,7261286564951203088,131072 /prefetch:1
2⤵
PID:5360

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4544 --field-trial-handle=1860,i,1447922797066447528,7261286564951203088,131072 /prefetch:1
2⤵
PID:5580

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6008 --field-trial-handle=1860,i,1447922797066447528,7261286564951203088,131072 /prefetch:1
2⤵
PID:6076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4488 --field-trial-handle=1860,i,1447922797066447528,7261286564951203088,131072 /prefetch:1
2⤵
PID:4040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5716 --field-trial-handle=1860,i,1447922797066447528,7261286564951203088,131072 /prefetch:1
2⤵
PID:5468

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5924 --field-trial-handle=1860,i,1447922797066447528,7261286564951203088,131072 /prefetch:8
2⤵
PID:5696

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5956 --field-trial-handle=1860,i,1447922797066447528,7261286564951203088,131072 /prefetch:1
2⤵
PID:5768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1532 --field-trial-handle=1860,i,1447922797066447528,7261286564951203088,131072 /prefetch:8
2⤵
PID:5820

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1732 --field-trial-handle=1860,i,1447922797066447528,7261286564951203088,131072 /prefetch:8
2⤵
PID:5828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5640 --field-trial-handle=1860,i,1447922797066447528,7261286564951203088,131072 /prefetch:1
2⤵
PID:5228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4444 --field-trial-handle=1860,i,1447922797066447528,7261286564951203088,131072 /prefetch:1
2⤵
PID:5260

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6132 --field-trial-handle=1860,i,1447922797066447528,7261286564951203088,131072 /prefetch:1
2⤵
PID:5936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5204 --field-trial-handle=1860,i,1447922797066447528,7261286564951203088,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5716

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2704

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
Filesize
64KB

MD5
764dd9706f1f2d1ad9c10e198e8351a3

SHA1
e6748308ae1e49dc66963afaff0a27c142c2f1ab

SHA256
70d718bc0a6ec9a744c19843f48c7a3865deccdeefad726232f78a3304f08090

SHA512
ba6e43ad8afbebff95dc61387dbf8e736bd23efbeb6b1eb458812e99646904145d38af02e213dfcd7c42d8d37bfc4ad05584d1d5396079fe5a5f42bd7fb484bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
Filesize
36KB

MD5
b30d3becc8731792523d599d949e63f5

SHA1
19350257e42d7aee17fb3bf139a9d3adb330fad4

SHA256
b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

SHA512
523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents
Filesize
12KB

MD5
fb51fb3aa9ace375a0bde096de0d26bb

SHA1
2fa496a6e0985961db5c32af4a8a98fa2dec6ac6

SHA256
e1e66d4b79bca79c1e69245b1a3bd5ec04800b1bf709fdb71a7e7baec03c17ef

SHA512
8fdea830b25c65868ca94121360266353566b7bb8d85a282a4a8a039a349b44b5ca0c0abf27498055571011e1a3abbb49e1be676baf988ed310393e612d8b554

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\metadata
Filesize
114B

MD5
dedcad3ba554d25386ac86a5f10f2682

SHA1
fe30b8315dd0c824953d0d97f72be33105b0f33a

SHA256
f1de2e4c35bf18138c5574a3891ec0997fb773a3c8987ab2a583922795aa9c88

SHA512
d693b71147c15cfad7e4232756ff9f169cb3dfac2c9df3b73a07bda02fae2093b8c72d3f79b176117ce6a0e303a9535d60d837fea068af6ff6346975c47f4af8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\reports\c686e138-64b0-4fe9-b2ab-8cc52cee63b5.dmp
Filesize
1.2MB

MD5
12bbab925b062548dd489336b4ce5d3a

SHA1
b4e0cfde15054aca34a3169656474fbad30122af

SHA256
ebdd900e0495457037645c67b5eb1b267169654dd7076363a387bad46588ff5c

SHA512
81bdcf62df47c2a35578cc9618b5966771c4df6dce65fbfe81cd12c0ceaee9a0a32c662704bb5d37c8278028452c06f27b62ab47eacd041ae9250aeac0087ea1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
419cb87eea0a14990a3be016793cb112

SHA1
2e35de87be431bd96dd5ccf4250b6b1f42e7413e

SHA256
87af132c8cb0c13cd8bacafbd5e279f5325fe969977b91b5586a87d447aec484

SHA512
af5d4e9887ee8b64b4cd5d098512699206c0484ded49c605ea14c15bb605713448bdafd5599ce6e253fd4af73b627169f48b86fc779d45cda4971d917a79694c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0
Filesize
44KB

MD5
4934b0f3ca832be17b3d73db358613df

SHA1
bdcd529bab9ac153a55510556cf5ba90e7da13c4

SHA256
987697f482d1f03233ac7ce71b2e5aad87880946cfa0e1c75cddf0e84b529832

SHA512
0cfe4fd429e41011d1df92712c28e668b4e86d4e90a5e8bbc8d8f863129b8056f47c405d7314f23addb0e8df27ce062ca1364174a5c92ce2995210a4d388b052

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1
Filesize
264KB

MD5
ee11a489ef0f5208f4a9e0568f7aa161

SHA1
db3478f3db931890ac018b8a713535dbc86cacf3

SHA256
ed1a0f283fcaa55e2a9fcdf33d8eff451b7825fc87f7354fd86db80d0ef779db

SHA512
b2d169c02ac4e234404e42b7a5247a5d760de7d96e55c09ac3a9076cbf1461879cf4ecc6c3848e0c34ed6ec00d93b1c5ab083e0f4cf13baf0b19b9225a8f4e1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3
Filesize
4.0MB

MD5
54f806a539049ba3cf4985eaffc94916

SHA1
67852003e6015765f81314f5b0de97f5a18921c5

SHA256
26049e6611be767f41fbb7af0672755e4619d47b6ad4f52dfb06ea4e2e02650a

SHA512
033609dc27a943280626067505c77e176fc3da7bb90949c7d464b9e87907a37cdfea5a027752e97ed25db61b1e8eb01af193f64e306cea6f15cf220583e44045

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
Filesize
34KB

MD5
866ace5564477ca91b5638c21bc6947b

SHA1
a56b16bd12e2a4e57e07b24b86ab3bf97cf1644d

SHA256
3d398878624379c2f7a043092cef04fc1bbbaeeea51fa00ed143cfd1ff63c3b2

SHA512
e426365ff48704af1de62e1eb49ef614194f8fa7fab9124d541e2ef0ffe0a091eda81d5fb750f92c05ac18b28d287634b6bda23f02b62dee95604a5252448b83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002
Filesize
58KB

MD5
9b603992d96c764cbd57766940845236

SHA1
4f081f843a1ae0bbd5df265e00826af6c580cfe7

SHA256
520408fec7c6d419184ec68ad3d3f35f452d83bd75546aa5d171ffc7fe72cb2b

SHA512
abd88ee09909c116db1f424f2d1cbc0795dbc855fef81f0587d9a4e1a8d90de693fa72841259cf4a80e0e41d9f3e1f4bf3a78c4801264e3e9c7d9635bb79ccf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003
Filesize
40KB

MD5
5ce7bdeeea547dc5e395554f1de0b179

SHA1
3dba53fa4da7c828a468d17abc09b265b664078a

SHA256
675cd5fdfe3c14504b7af2d1012c921ab0b5af2ab93bf4dfbfe6505cae8b79a9

SHA512
0bf3e39c11cfefbd4de7ec60f2adaacfba14eac0a4bf8e4d2bc80c4cf1e9d173035c068d8488436c4cf9840ae5c7cfccbefddf9d184e60cab78d1043dc3b9c4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005
Filesize
481KB

MD5
d1e3041229659996dfbe0ac751707c1b

SHA1
e9603eed9d3abf0f3742e32c397d9edeced21cc0

SHA256
33f1bbe38e89a1cf18d7bb42fc1c5ed23ad258258fa03a4d795c503d8103cbf4

SHA512
6f5b7c3f2cdb243ee42f75214cd6e27cdd2e7c02780f7902c0314a8e321dbdeb55c3d7a8cb8a0479ce836b727bdbdf61fd936da2d7e821c63139da22b252ef7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
Filesize
80KB

MD5
0665bfd4bddc2fc96cf483bc8984e0d2

SHA1
d7161a4974f3dba370e103fab35f098cdda12632

SHA256
cf4167b6f180c321365b9b6847f2abea86c74323d882934dac48a58022ffb175

SHA512
2ad2e4d1790f94d434fade49168e84639e0901304cf9e4c8cd4e0c504a12ce25b00391513d5bad44241d145bc4b61613616406b1a792b7d51c0a131da070371d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007
Filesize
345KB

MD5
15d0784d6b426a822824d1d934ae2ba6

SHA1
9cbd46528dced7aef1d6bbd58bddb276bd355bd1

SHA256
42d1792df588dbdfd956b9ecd2f6d85d368ecd7e27ddc91adb09d984a22ed46b

SHA512
61e4db9e5b0cf48088c3a977ba853032b011022cc4e2553711b6c519f384010d7294faf37d96a5a33d2f5f116ad1db5e342f7fe9bd030db5a45958d9a4f7bd49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
Filesize
186KB

MD5
1b28ff4b65bb6df4379d3169ea188b07

SHA1
55cad349c074200191ff831b2a17396ef34c9fcd

SHA256
67b75829e0d3332d67b77417e09105896ca2d63d1ae24781244c882693b66e83

SHA512
b2fadd7b9c2347b9b4c772f4a469ad933b1f74be956e042d3e8801f414a221f13df33bb5041be21d0cf16efb4f39c2ed51be06ddf4aa4e3f589f95004877f6e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009
Filesize
87KB

MD5
8fb8fee4fcc3cc86ff6c724154c49c42

SHA1
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4

SHA256
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

SHA512
f3de1813a4160f9239f4781938645e1589b876759cd50b7936dbd849a35c38ffaed53f6a61dbdd8a1cf43cf4a28aa9fffbfddeec9a3811a1bb4ee6df58652b31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a
Filesize
190KB

MD5
2f4f128c039556b31fb98107f76200e5

SHA1
2f2c716d18e115e6223db5adee5b302abaf397a9

SHA256
1ff23a45aa2b6247989d3a3c8e3e1248113204bdc8931bca6e49ae46e3d848d8

SHA512
401073b2b3ab03c5162f71609a003ce90508ce5bf6a61c885b4f993a2bb70fce10e26af0e828e0baa5811ccbbc21a63e2fc7f553dc666e4091088685db191ebe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b
Filesize
31KB

MD5
4ee83e4f05af7494782bf4313b963f10

SHA1
487736613b18bbd341cdf8ba25953b4deffdb889

SHA256
fec071ae7b0e47827951fa945652468c4bbdeec1717b7700c12a0f07bdb4117b

SHA512
af82984a1acef0e37b1fa4d069cac2cb8ddb1fc98d76a64ed599106ac2b4a1c33b5cd939d8a2ba9242123e04c847e778e4ec5ec0e6fcc44a2dd224a452f985c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c
Filesize
170KB

MD5
0e377e741f7d57da94c0d5aed41693cd

SHA1
f2619196a61c34b00491f62774a84f778134b974

SHA256
38a4dc885f9d1267bbfaf361e24fbf51994bd7f6743784ec3e4a267bbe74a0be

SHA512
0ec135c5f1e0a57cfd9eb5f946aab9798b2dfb52e042ef6dbfbfce0f6f72ebd2211ac9b44e56e3fa8bd97f38eecea66ea01011f8091cc2c6c6fef6748a898013

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018
Filesize
40KB

MD5
abb64a8baaae5976882416ce3c4563be

SHA1
1c5e40a1b77faaf963c6dd3c8b999e8b137110ec

SHA256
c832fe55fc65f709def6e7dadfb4fbe326fbe0347896bb47e2e1e629b037b66f

SHA512
a790fc3d02ecf7ce589f46a0ea8db30f1fd84f37192aaed8b0efab33bf4f9ea2746a10eb751f6383c8826577488dd03cbc1878be0b1da78c1c3b54be4a1138dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019
Filesize
29KB

MD5
d940ea16273447cce854f545842768fe

SHA1
bb924c332f490e95ff9fe10a793b2308e7568a6e

SHA256
087ad01ffaf62e7b8ecee1bd1e1ea770399c8fc82900d1e7db134e5baf825c0f

SHA512
7ba1582c02061e3d13414a464c1e60a2793570e6a5125eda8e9854385403f197f507f826b5ae6d20d024c39a231a656b69a3e6b46c4e02b142ae368de91ddc21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a
Filesize
29KB

MD5
7795a419ed60bbfac7070ea410eeae6a

SHA1
4010efc323bdcf584969cc17f8ddae2ce3dd14ea

SHA256
86026c4396c7a5c7f080d806078c5359fb22c7a52f321cb17efdbac4a8302308

SHA512
6476286ca2b48731d55b97d871dc306f2ebd190ccc876ea6cc072aa2cc27c209f090b96a96abc0c962205d5586b0bd8445873d7bb07378dada976c6d79703ece

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b
Filesize
29KB

MD5
b316fb907e868e12a20113ac1e81a214

SHA1
66fc0eb284a7cc3ffce5b6284b660f287180b335

SHA256
b81a9ab90db88af2647d2f7d87388f53434df33b4bc7216016489b9f79e41474

SHA512
829b2783406ac9ff75a52f96f8708b17770bf767294cc0ce7f29ef3d59f95902b07d597b8d4027381e5a897d2390762ec895b89e13843a126422043fef212d0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
a3cd1b3e14841f332771d32a7de324ca

SHA1
ad0774f1c4063aeae7e78855e04453302e0b0b21

SHA256
d98e2619c6efc1caaf8d021e8b91dedfe661e54ab98ada167997ab1dcb259588

SHA512
003ee792a2e92a4a3040a485902d704c3f366b6cbb3c6a0368bd93cb99b179c2ea12170315dd452d05c93b953320c018e8c4138c25ee1868f5c9d8a5d693798b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
20f8eb932db7176ca9abcfec877b85e6

SHA1
bce331ae923f1328ef98cd627c09c039fa54f9e1

SHA256
27ad66cf83ffa249c92b97486f1cbabd5aa2673972cac07f8e5a2a117f97d215

SHA512
9faa542345a8ca252ea616e9214e334d048e678ba293bba05dfdbc1aca90d859da9ef77fd8c41d5be1a51289bab17f0b2746caba90c53a21af59df56ebbed001

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG
Filesize
317B

MD5
ec4bcd9dbe4ffa6259cc484379ecdfca

SHA1
b31f516e68d47eb7f7dba2d6dc93e384cf9ae97a

SHA256
2f17140c1e4b9bf2490bfc9854f56be174888b3b001522ea7f6d0b90c61e69bb

SHA512
7329fedec3e145dd767c4bcd7df512b797e69795a5c13db2b82e998df144501ca194f8b558caa8d1c4fe55a6e420e4a734157648caba8c5ac9b3afc8bd4af23e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG
Filesize
327B

MD5
c41741759e0b560585f5eab6e944a8d4

SHA1
ccdbba470a462e23b1b134549411b661aae43371

SHA256
678ff3cf24574c4c2ef51b3b1fb5edc79ee5cba69def1ceeab660429bfd71117

SHA512
f9d4692848097f4912efa2c489e97321505ac62550a51df3ef0200c026dd208584409c3e9707ba1b1905c019eb619f798466a586bb5bca892aad2740cbf36a62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG
Filesize
332B

MD5
b27c3fed5395cf84be4c7c426af700cc

SHA1
53b00b50b80a3fa2e37d4bc6972c24ebe9414015

SHA256
7a416c0644fed10e283fc859ecedc1fa9749597358f999e38103615d66623c5e

SHA512
8ffb2f962314795d8244559fb2aef1c611f813f072bb3a80ab83d0b402c7d7cb862c0e4f41c92ecd39dd41fc9b94eb24db4cee4141e0a57f321d24bd025165b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\230ede36-d413-40a5-9fe9-0b2985b78b20.tmp
Filesize
367B

MD5
6423d0f620af72987bbea58071ae5140

SHA1
0b82bf2b8ae06ba367acec5f9c141491c9ea83f9

SHA256
e2420b69f01531b72ff2119f29bde068dbf1b12f73555eacbac8ac4a9d0f111d

SHA512
e567d155d3a81fbc31ea4fe1b950f1e5ecc994d384be01d46973a1c8f9e0ef0388a34c03b55544a2d85e79f556650049a780f0ce89024fbc72a5475c9acdbfca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
223caf6c913c7267798fd285e8b3085d

SHA1
b07d5611489c639bc36c0b31d1bcc15e69cec6f6

SHA256
860bd1f37edd4ab6046dcf1a6a73c3bdd9d595878b0484178328f98b9a38d05c

SHA512
6e349010bf1ecf2cf593a5c7e38d1663f14f577d7958f8fddca1bb47e975ff510958b3e73fad9123664dcd67cbd933bcecf36c4ad0fd649186e432f6430431ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
5872f06d0d417dbdf51e76db8643a0ae

SHA1
f55ae67a3b1ebb1e2331db36021ff74e6c43707a

SHA256
aa1017146c836c68fb197679eebb50e618553eac056b770cd3cafa659405bb63

SHA512
c40dbd80d7f3e8f3df8d1c6258cf252e89597486f5b483b2b960f8389a16fbeaa58ed477e73b8c23fd4e28893956cfee2c28bfda90ff7fce46b1896c1c1a1841

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
369B

MD5
1afbd669ed0e9cbbc7f08714c540596c

SHA1
ea0bf459a7c59853cfd12a25510d936d5a23b4b5

SHA256
db376b5ed949570dc308de0c0c89ca8a0a6f37674a6415f72142fb7742ae5b47

SHA512
72e7a6fc7b90be986eef1962020adf8ade8d7c7dffd8f66404331ddce68fdb4e773e330be594493e42586218909cf3f58a270b94f39935df23fe680c487579aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
369B

MD5
e59ca39958972367dd544028756fd5cd

SHA1
6b532d8443f70c7061e802c2658e7b0ac18da8ae

SHA256
394a5a157d16800fdcee61772553743eada8f173e92f659bd1ef0d80b545be88

SHA512
8dd9509871ae742f02050e4545d4d40f9c5be04579b9e1c98d666bb7cc7be3e0de9c88effba5126c43a301635b17df5299504bce5dcbe8b1d48d9306ae4f61e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
369B

MD5
f10d6b5884bfa7f35b86ebe604c21eb1

SHA1
4a438bf5127849ec973b13fd45c3121c8487ac9a

SHA256
af89e8331b8b3301a4ad443426d142660b7e779a980e3d57c422743b725a251a

SHA512
46cc425b4f58dc3783157a567bed282c7722ce979767f0fdc8d6b1c02bcc24ec627879fc8e91873711135e1996bcd8c53658ee7835b6510326d4dad8a1bfdc75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
369B

MD5
991946984cc221ba5c4ff8daa3949b75

SHA1
beda0e21f12b5f37b0fc43c42dc44964ebcf470d

SHA256
8f4deefbdc5a6271ee99a3cfb0c006cca1014ba24a5d919c748c10e01e5451ee

SHA512
4df31ddd4a84959f29b76c22f6108721f0f6e0a7c63f4ca16e31f3aafcc7345df02529f1dc9b651a6bcb95cbc5d7cab00342da1e08ad515c151689e0ed223b47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
369B

MD5
dccae1232203aa519a07ef2477b856d3

SHA1
a15cc5f92df0ca0f8474544737bdcecd2e3b459c

SHA256
fcd6a88273f4ea111a8ed2e9391c0d74adc32c539f56fd76e148af53caf54bbd

SHA512
caf1be9040f0e8aa72b1f07d57eecccfc4e7e687af7ef631c6a211dd605ab006b6f1b5dd65d14aac592e3ea80b9a40476969adb6b4a5af624e761fb0605fc179

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
369B

MD5
1b80e0a8ca30e6fb88bf2ef2c44a6722

SHA1
199098e9e62f74e5cd344a88123556b54ff39db0

SHA256
a3dc743c427a11de976b76cb24f53b0c5ab42c6e05891c925ffd70bee8357f0d

SHA512
7e02e00fdc940d7c5cd57c6b4f11042b39f163caf94224494568fcb38369b3e4505b8a1948aa43c104b079974648cafac9bac8a7d2a914a0a11a84e0cbcc8c16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
18f83157b3da4ed17329884b78dd7d96

SHA1
5d5f7b89c23c2304dc1d38960846eb78a0b729db

SHA256
0c1ae976052357ae4242add90ece9b60a8e82d7928f37a1076978af83269d505

SHA512
cd2fc3e65237d6d43d8b32bb9e35f80c8015c361ce11bb187b438bc6eb8f883154aa14939093838a249a11198b0eac3ad279df1a2a3c20ff42c4048c401b7c6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
e83153acc837b5122d48f760d48278d5

SHA1
d68d6ae13197c4e06d93623390b390357dbb46ea

SHA256
6b3678cc5079fc434e67e0200b7c9eb9af7b400fb45a6a704707b12ff0014f21

SHA512
a01d30f0e3fd1d870e7bdf486b217364aeabe3d2d7bec116b428de059294731d9302123530044580a69981dce922a87c2614b448a4062b024029496af48aa20e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
662479c364e2128261bb6b8a095c4ab0

SHA1
1ba3b96884e09b68023dcad1c744f53225af6c07

SHA256
86cc80afbf2e77a8c3bffc327050873c737a288449a32e369835c19ccd67da32

SHA512
49067c4278e8980bb117a894342ddf978c44801470b13b1bd29aaea5e429fb25c6938087a6bffc74bdac7048375aa36e50baec8e981d6339f8cddfa2298e3870

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
23ba6f9da810a1cbaaf04782e9e033fd

SHA1
1f64e9376d81fc4eb9e5626987a257f9d6cb4b11

SHA256
55ad4e742778086256c4f7fe312bde4ce80c7dad6350b1251b11b87b274f9477

SHA512
d863a3e5184e3b3f016dd4004f1d94efd5057ada17a333ee4214ef898b03bc973350c075d53c93c4aac171b08b00b46263ab98586ce617534e8c08c4a8097fe7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
1c537ad177a696c59fd9037b1096baaf

SHA1
d94111fa22e80a723d34b129119a6607d9f3ffb3

SHA256
e171deb41ad09d97b60ce7e26e4bbf1801ebe64a7792dd42cafcb9004310f239

SHA512
31e039cb0f0d8b129e881693dc00b2ec3ff58a0b391a715bb42b750fcd903a9be8275d4486e14b073d65abeebb67e3e0aec676c276fbea67bcc94b8016715c42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
d1b9d6be197688bc522e847d22104bb6

SHA1
520e52cba9b5522e3a7c4b8590f05a9ac0159678

SHA256
30e597d2caaf9406844dd9dc847683aa35c68d9ae9ca9c1f7ed10ec8477f3836

SHA512
d9aa4f0d80876308f401239fb289f21682192dcf8407bd180340606154a81dbd856bf8e8e4ed960f9a005b428f29a8b5724804780172cd66bd515e9ec2f9738f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
12KB

MD5
a2581e9d8f0ea287285f714e9273cb8e

SHA1
9d892994aab76c810d6f7a21ea6d967dcdbb4c23

SHA256
bf0adeed67a61f09bee782f7cd8e4d512d7f8549e5e5ad559f136101d225a27e

SHA512
668feeacb9e6bd85dfeeab98a21f3d1bdaa038b24086a92f3851daccaafca5c62272dd0d8e8834305ef4d8b22eee0d9dc87a81013dbb8aa58e3b0cf8d885ade4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log
Filesize
194B

MD5
d7d9437445aa960dcea52ffe772822dc

SHA1
c2bbf4ac0732d905d998c4f645fd60f95a675d02

SHA256
4ff49903bec1197017a35995d5c5fc703caf9d496467345d783f754b723d21c1

SHA512
335eb1ba85670550ed1e1e4e14ea4b5d14f8306125bf147a42de4def5e5f75f14c422b014414030cf30378c04f748ac875cf056adda196511a0b057b3598fe9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG
Filesize
317B

MD5
fddea0bcba11ff43f67548308dc32619

SHA1
3d59b07c32e15f48e469fc75f120ddbd39bae0ae

SHA256
307a3435f36298cdec8ac427fa12e1393949177486508fd08abd51103c24f3ad

SHA512
bde8d98169d3e17896e0ca430a272a4a37fff2037c3e9b1b82b0d0f67c512e8a9c046cc03a5a772ce83bd32f237c58cd777ec032dc4cfedb152d07fcfcb6f8c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13358730197567984
Filesize
2KB

MD5
25ab12c2dda7dd34edcbf10d0038b7dc

SHA1
abfc2ef4f3594347c63d9e9a942ec667151b1cbb

SHA256
f72c1c603cfcfbbbfc0e8a3348d24aa5e423342dd2edb9136bd1039d5882d44a

SHA512
8b4ef6e82ebb2cf9c0c60bcac6479ca95f01dfb029f6b3b583349fd5c1c1ed0d8fcd15909934eeb6658036793683b835527b3ac9be8a7c6b8b586215e9dc05af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG
Filesize
345B

MD5
358e673e4669c941b6dcea704e8e5a62

SHA1
acb87661fbe752e3075baadda29a85a51fc62761

SHA256
a0ca2874d5d85e2ab21b283221652bce435f0518fcad23758f745894c47f412b

SHA512
203d88c735b095ad9b63d502f581d5cde1536dcd960ab5fa9c01a9e6385e1d8959e00b37759ac17d781ff55202a0d36d7fb00904dcd823bff94168e9583b21d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log
Filesize
8KB

MD5
ad3276982e5be1e8f555d28af38a9911

SHA1
6fff520e7cba1728275cfc0e85f1881b904dd418

SHA256
28f9e207ab2bb36f72e3d9dce6b2aba62b69eb782afe7f06f2ce8fd5a491ba85

SHA512
9fdf5c94763d05d264216dfa5fd6f48ab1ecd8b39a1f499294c44d32cfb1fdf71959a92bd6d5cf5f4a1eb3ac22d562f817964ce296447ee028252b8204f7353d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
Filesize
321B

MD5
c7ca1656279df6fe0d9196999dd1592f

SHA1
d7ac00b0fdf3e12774cad88e06051c3995ae1d95

SHA256
81e457759eb850a3fe7f39676e67b934e462475b0f1e85bd3ec113c86dbc2e3c

SHA512
342ea51f675481b40afeb23fa7500b94f156e741dca457aa9c236915d97d1e87cb538ffd806266a7ca2a1528aca25b7fad8d4d905537d16f4c6d1c2240f16689

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log
Filesize
874B

MD5
2962d27d88d565e001a3661a70a730fd

SHA1
4b09712a715916d7679cb8e7a5d442da5a1e4b93

SHA256
520fde53f68ca4cdfa04cf67a0e7e731ba6d23547545401279645f7dd521e740

SHA512
de2ad4c9b30c1713ad4431aa3b455b9117da2e6e56fe7ebd4f79576dd3f06c92c0e7726f5530208447e30372be33065f37b8dc3854e18484b624d7b8c3ffc748

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG
Filesize
317B

MD5
e59585939b429a92782a1098c0b28707

SHA1
a26af8e33713a428141d164bd3bcd10c5bb3a114

SHA256
38619ca9e577370640601c1fea36343932e3313edcf6647af57068852bd87c25

SHA512
e92859aa159f4e27fb99f3a028b28dbfeb271e6da868f8405af22fab7c35dc2fe92c227db8311186a4641d53ccef39f0d76795e88fb84833e5b932f5d8365bb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log
Filesize
918B

MD5
095c9439e0740739897eb4f9c0fddb21

SHA1
93e1dbdd7eaaf18d266841c6c299690032e445ec

SHA256
7e4396671cf0980540ebacb64f0ef0e03dd72c9590301013344612c3499037df

SHA512
097843e79b27f173e4fffde8521cdd2368c5ed90adecf046a64e36d014311ddb486b0ca74a62f4925b409cc6d1d8aec01011df5791bac742d8eb2a48f9047ce7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG
Filesize
335B

MD5
869467f5b43f1eb6a017fb3284a3cc58

SHA1
67419eeffb5b9c688359f9a1465b925b31c8ee8f

SHA256
3391a3f161998714e6e8c13114296ef1214fce20e1bfc6eb4796b38f6f566d68

SHA512
467c2a5da42e0120cb670694693c4d9bca2f2bc7b5935a06d5493c1cbe54ad6072bcbbdd44500a1cb8a600fc8615c88035b8e816e38c164f38ac4b8185f1a090

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0
Filesize
44KB

MD5
ab72573b5ab1f4bdf97d152b83c87803

SHA1
9fe267a14621c2b50dc66a669135349ceea0de59

SHA256
bf7a665894bb0fc342e7950aa4fd7ca2948c48976f6e95eca7498ed68564e2ae

SHA512
7cd2ba763d29b3000f7313d1983538bc5e4f3d8e31c35bb0bd282660a5207794d22e9fed18a25fa003f8b684b1ef2fa772015c8af95efe8e315f35d58dd71b87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1
Filesize
264KB

MD5
63ab7fa4e5532aa30042f94e876a1a82

SHA1
dd8dc6ac83298655cc899b2831002c33aaf56529

SHA256
bee38e6b5195768f2557dc87ac0ae9397c0b85dd1b715ba27d4c0226f4897758

SHA512
d2269751f5ce87047e30fffdfa419c122e7479ca0a87de7f55735ee38b022f0fde238dc8d2de760510e5c185caa4740292714b960847029d445bb294f617273e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3
Filesize
4.0MB

MD5
9a494faebe3cf16165cb0196786d4104

SHA1
f430b59f79729dfbe0898a359a1bc8876f4b7cc0

SHA256
2530e57a70329f84aaff5d2b70443f5044baee7404589094fa9496d0d13d1db8

SHA512
8c74d985a83e1b37431244be7f2fe9c1a68d7a2c9d1daca4047ee0ae3b256d9c898d5768fa39e70a1ef1494bb62af546e74aefb27f05aa68ce2141fa77dea162

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Browser
Filesize
106B

MD5
de9ef0c5bcc012a3a1131988dee272d8

SHA1
fa9ccbdc969ac9e1474fce773234b28d50951cd8

SHA256
3615498fbef408a96bf30e01c318dac2d5451b054998119080e7faac5995f590

SHA512
cea946ebeadfe6be65e33edff6c68953a84ec2e2410884e12f406cac1e6c8a0793180433a7ef7ce097b24ea78a1fdbb4e3b3d9cdf1a827ab6ff5605da3691724

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version
Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
273KB

MD5
28c025494a5be03f16cc6fe8c0ed024d

SHA1
cff0bdcc48e0cc923c33d472b755a9b531795ed3

SHA256
589be16ed9aaec03eae7c1e2c0e8afb01b280e7d229a473327552794d6cefbf5

SHA512
a0c477c53ed7edc30596cb32645811daa1b79464ad87bce99c9c731e11bb43ac1bfe844c04c3412a9622824e70bb22bb411910e06a57f6f275982b66b0173e0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
273KB

MD5
e85e3a88d2d374280d98dbcf7d945802

SHA1
23490fe555af03c77713c09f25511550ef587ab0

SHA256
3cf6a9e1cbd65714579ba77bf3d6fc37b45c78b76672116614632ca570d19395

SHA512
62ac1b0cb91f29fb9278bb05dedaa784705f74cc5888474754e7066af547eb74f2f40eaeabb4afb07b169d0d67aabf0f2932edf4c17713a90d1d61ec28eba8ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
101KB

MD5
231ad615fff29bdbe349f8cdf8e1ff90

SHA1
908b77bed49e3f06077d90e2b5fa751c6e1ec406

SHA256
98d94fba0bc1f8270106ff1dec503ef364827c7c63ac3f3862bd19dbbbd06d74

SHA512
8e1001ffa7288ec4e084112871a733488621e171bac848d055d36bc743905d7f0faac82e1fd707a2f99cfbd143a04ab7772492a6fbf3b941c88158a842a0ecb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58b3ea.TMP
Filesize
101KB

MD5
22a9ec84b2b0ef5ce9048e42aababe50

SHA1
b1021ad10bbd4df8c8b635b756c588f20c7c5f11

SHA256
a2deff3f00ec51e15d283dcbee2221a71c6af29143cbb4f624b74ed663d8e2f1

SHA512
9f822c9c9588dc9bdc05f749abce814c2be177089f6ed5436edef6c3bddfcba8da2df9fe5f068d32cd5676a35790c0c25b3fd1354e96070b29fcc26d48e90beb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
Filesize
264KB

MD5
4642a6c68d66d33b842a85d19a627b37

SHA1
57cc1e09231db058129c9fa5973885c7fc5caf99

SHA256
74a1f62db1fb66214a141f9b552a258991aa712794b4fbafb04b7ddf77c11828

SHA512
514d93690257bcbb6a32556d043d20c8ca35ddee517c14a242480831dc8101d75ea0e36eaaf8166b75bc6f1f6001f0eaeeef7844104f8c437fc2674e48b1a3c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
\??\pipe\crashpad_2532_RTCIPTPFGRNPAUQH
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit