hxxp://manualzpdf[.]com/manualzPdf[.]html?campaign_id\=21191294521&adgroup_id\=160936697173&placement_id\=schoolsinformer[.]com&creative_id\=696990639001&gclid\=EAIaIQobChMI6-GOsY__hQMVWg6DAx38wAgeEAEYASAAEgLsDfD_BwE

Analysis

max time kernel
82s
max time network
78s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
30/05/2024, 00:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://manualzpdf.com/manualzPdf.html?campaign_id\=21191294521&adgroup_id\=160936697173&placement_id\=schoolsinformer.com&creative_id\=696990639001&gclid\=EAIaIQobChMI6-GOsY__hQMVWg6DAx38wAgeEAEYASAAEgLsDfD_BwE

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
3188	ManualzPDF.exe
4552	ManualzPDF.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133615041782040113"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3936	chrome.exe
3936	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe
Token: SeShutdownPrivilege	3936	chrome.exe
Token: SeCreatePagefilePrivilege	3936	chrome.exe

Suspicious use of FindShellTrayWindow 38 IoCs

pid	Process
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe
3936	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3188	ManualzPDF.exe
3188	ManualzPDF.exe
4552	ManualzPDF.exe
4552	ManualzPDF.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3936 wrote to memory of 2892	3936	chrome.exe	82
PID 3936 wrote to memory of 2892	3936	chrome.exe	82
PID 3936 wrote to memory of 2536	3936	chrome.exe	83
PID 3936 wrote to memory of 2536	3936	chrome.exe	83
PID 3936 wrote to memory of 2536	3936	chrome.exe	83
PID 3936 wrote to memory of 2536	3936	chrome.exe	83
PID 3936 wrote to memory of 2536	3936	chrome.exe	83
PID 3936 wrote to memory of 2536	3936	chrome.exe	83
PID 3936 wrote to memory of 2536	3936	chrome.exe	83
PID 3936 wrote to memory of 2536	3936	chrome.exe	83
PID 3936 wrote to memory of 2536	3936	chrome.exe	83
PID 3936 wrote to memory of 2536	3936	chrome.exe	83
PID 3936 wrote to memory of 2536	3936	chrome.exe	83
PID 3936 wrote to memory of 2536	3936	chrome.exe	83
PID 3936 wrote to memory of 2536	3936	chrome.exe	83
PID 3936 wrote to memory of 2536	3936	chrome.exe	83
PID 3936 wrote to memory of 2536	3936	chrome.exe	83
PID 3936 wrote to memory of 2536	3936	chrome.exe	83
PID 3936 wrote to memory of 2536	3936	chrome.exe	83
PID 3936 wrote to memory of 2536	3936	chrome.exe	83
PID 3936 wrote to memory of 2536	3936	chrome.exe	83
PID 3936 wrote to memory of 2536	3936	chrome.exe	83
PID 3936 wrote to memory of 2536	3936	chrome.exe	83
PID 3936 wrote to memory of 2536	3936	chrome.exe	83
PID 3936 wrote to memory of 2536	3936	chrome.exe	83
PID 3936 wrote to memory of 2536	3936	chrome.exe	83
PID 3936 wrote to memory of 2536	3936	chrome.exe	83
PID 3936 wrote to memory of 2536	3936	chrome.exe	83
PID 3936 wrote to memory of 2536	3936	chrome.exe	83
PID 3936 wrote to memory of 2536	3936	chrome.exe	83
PID 3936 wrote to memory of 2536	3936	chrome.exe	83
PID 3936 wrote to memory of 2536	3936	chrome.exe	83
PID 3936 wrote to memory of 2536	3936	chrome.exe	83
PID 3936 wrote to memory of 3916	3936	chrome.exe	84
PID 3936 wrote to memory of 3916	3936	chrome.exe	84
PID 3936 wrote to memory of 3052	3936	chrome.exe	85
PID 3936 wrote to memory of 3052	3936	chrome.exe	85
PID 3936 wrote to memory of 3052	3936	chrome.exe	85
PID 3936 wrote to memory of 3052	3936	chrome.exe	85
PID 3936 wrote to memory of 3052	3936	chrome.exe	85
PID 3936 wrote to memory of 3052	3936	chrome.exe	85
PID 3936 wrote to memory of 3052	3936	chrome.exe	85
PID 3936 wrote to memory of 3052	3936	chrome.exe	85
PID 3936 wrote to memory of 3052	3936	chrome.exe	85
PID 3936 wrote to memory of 3052	3936	chrome.exe	85
PID 3936 wrote to memory of 3052	3936	chrome.exe	85
PID 3936 wrote to memory of 3052	3936	chrome.exe	85
PID 3936 wrote to memory of 3052	3936	chrome.exe	85
PID 3936 wrote to memory of 3052	3936	chrome.exe	85
PID 3936 wrote to memory of 3052	3936	chrome.exe	85
PID 3936 wrote to memory of 3052	3936	chrome.exe	85
PID 3936 wrote to memory of 3052	3936	chrome.exe	85
PID 3936 wrote to memory of 3052	3936	chrome.exe	85
PID 3936 wrote to memory of 3052	3936	chrome.exe	85
PID 3936 wrote to memory of 3052	3936	chrome.exe	85
PID 3936 wrote to memory of 3052	3936	chrome.exe	85
PID 3936 wrote to memory of 3052	3936	chrome.exe	85
PID 3936 wrote to memory of 3052	3936	chrome.exe	85
PID 3936 wrote to memory of 3052	3936	chrome.exe	85
PID 3936 wrote to memory of 3052	3936	chrome.exe	85
PID 3936 wrote to memory of 3052	3936	chrome.exe	85
PID 3936 wrote to memory of 3052	3936	chrome.exe	85
PID 3936 wrote to memory of 3052	3936	chrome.exe	85
PID 3936 wrote to memory of 3052	3936	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://manualzpdf.com/manualzPdf.html?campaign_id\=21191294521&adgroup_id\=160936697173&placement_id\=schoolsinformer.com&creative_id\=696990639001&gclid\=EAIaIQobChMI6-GOsY__hQMVWg6DAx38wAgeEAEYASAAEgLsDfD_BwE
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff968c9ab58,0x7ff968c9ab68,0x7ff968c9ab78
  2⤵
  PID:2892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 --field-trial-handle=1672,i,6912340226063604454,5496816780270296186,131072 /prefetch:2
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1672,i,6912340226063604454,5496816780270296186,131072 /prefetch:8
  2⤵
  PID:3916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2216 --field-trial-handle=1672,i,6912340226063604454,5496816780270296186,131072 /prefetch:8
  2⤵
  PID:3052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2948 --field-trial-handle=1672,i,6912340226063604454,5496816780270296186,131072 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2952 --field-trial-handle=1672,i,6912340226063604454,5496816780270296186,131072 /prefetch:1
  2⤵
  PID:1020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3900 --field-trial-handle=1672,i,6912340226063604454,5496816780270296186,131072 /prefetch:1
  2⤵
  PID:756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2976 --field-trial-handle=1672,i,6912340226063604454,5496816780270296186,131072 /prefetch:8
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4552 --field-trial-handle=1672,i,6912340226063604454,5496816780270296186,131072 /prefetch:8
  2⤵
  PID:3716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4872 --field-trial-handle=1672,i,6912340226063604454,5496816780270296186,131072 /prefetch:8
  2⤵
  PID:3012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5020 --field-trial-handle=1672,i,6912340226063604454,5496816780270296186,131072 /prefetch:8
  2⤵
  PID:220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4636 --field-trial-handle=1672,i,6912340226063604454,5496816780270296186,131072 /prefetch:8
  2⤵
  PID:1956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5060 --field-trial-handle=1672,i,6912340226063604454,5496816780270296186,131072 /prefetch:8
  2⤵
  PID:3612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5028 --field-trial-handle=1672,i,6912340226063604454,5496816780270296186,131072 /prefetch:8
  2⤵
  PID:636
- C:\Users\Admin\Downloads\ManualzPDF.exe
  "C:\Users\Admin\Downloads\ManualzPDF.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3188

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4372

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\cf33e1b525954128b52e769c4c50a415 /t 4792 /p 3188
1⤵
PID:3840

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3380

C:\Users\Admin\Downloads\ManualzPDF.exe
"C:\Users\Admin\Downloads\ManualzPDF.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
6b5dad23fd7edd2c9daf944abc5d5341

SHA1
63a720a1bd0d9e2ecf288f11529f00256970577d

SHA256
e398b27255350eb1740b6851d4ca1faabc2b8c5ddd8caa791a47fc15af730060

SHA512
870f71e1f8724c984d51600080c43562303263c5ae4b9bf648fcf28909a88141a00db0e88b5ec52fc938c81ba78cb31a92a60792ff74b2369fdf10932d7e540c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
724B

MD5
8202a1cd02e7d69597995cabbe881a12

SHA1
8858d9d934b7aa9330ee73de6c476acf19929ff6

SHA256
58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5

SHA512
97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
b8002ad9ef6a146e8307e744f47cc9cf

SHA1
814c4583f3f8758c55672219cf838f0dc102f782

SHA256
2f39ccb7208823e4f29cdbb8483787ccb99970f1234e31cbd1fac400c9da2cdc

SHA512
3ba92d36b49a4c220047b39c7599947cbbb17b49ea9c89aefbf6086583838227cf996296d091714017d6bfdf528587f0c7835cc7665e6759d59237a8c43b052d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
392B

MD5
ee959fa4c06a47ab70a5a9b226198167

SHA1
348ebf9772ca91cafe76aaad808d63e2a5f75239

SHA256
94d177e346fc447057a407c72c3c21fb2b1ecf4caa3ec3a1c85a720f85d8c1a2

SHA512
555c03407ae840f6de8c52364294b1116e3f55691b6647e488cd2695e689f9eac7426fb2f924fcf05673602151e46fe5dc306af93f0ada3fed7aaa3cc068f50d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
6c7f9c98e4c3ea081868b477a1c3d241

SHA1
bcff9efb79d2d8774fcb9c6f404a3d2a9cb11972

SHA256
de56637cc981567262d0987700c22c61d8c971da62730594f35fef20982f137f

SHA512
3d90fbdf092ce7f800264b7be99553c28012e2d44ddc69522d096f3ab39f7f044249aeb0e3d67dc8949049719bf94fda0b160abc987939457c2cf05284785f1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
79812c9dc5c1ef3d85cacaa57d251dac

SHA1
a19062b62c0154f82c782b4c163d5e7f46ac8981

SHA256
4ef15be6aa0e4b901225ccfaf12b1f744ff0b732a7e6099b371617a454096ce1

SHA512
98c10cdb216b033c3fda41452a0e447aa6ba5bd3a09e31609db760abc6899f3bc3d1614ef5deb541a7a24d767dbe5eda4b09cdb09dc17bc3c4090c388a378821

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
685f70215c4c0160f7e70cd69c157102

SHA1
ca35cb83c905496c86f6e0aef08db1c970ba2ad4

SHA256
bbbda8ced8e5bc20d53bcd7412db3074a1a61e8fe4d294e06c7469e8b341a444

SHA512
2b1c716e08e44130768e3c8144313abf0cb37a11ba7d423f2f7f12a4065d2af9983a37aecf4f92f28a6faddd9d748edb50865fe5ece49fe7b5fb1db2b4cd6a0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9f3b3b7a976c6ad150802ee50480c630

SHA1
cd7581f81d1625c7f6873f86a9c7693a77c7bdf7

SHA256
00ae1f1f83ea089ceca2485914c1be18c3226d45cb339a7f8ad10c86f877cde4

SHA512
c32278bfeecca600d0dfdce99fc96d6637a1e36ce798990ff1511fec05a6b291d1f547da28feb847938cb1646084e2cf5c5399ff278c3ffe688e660a4fd91c04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
aab47e7f320fda9646b24881e956e04b

SHA1
136ad6024ec25f6732578b4e2d16486c4ff23628

SHA256
2a738cbc414f45db6e9d5ebe3489118a358e19e3d6c0a730a999846b047ff74a

SHA512
f5a7e8d4cbeb0b6e75b6b66fac70a603eec6a4d498170f3ea36441b27ea433a1de0b5214308cf8c281c34844c219fffd8d9118d30fc08aad01189e7acef4236f

Download Submit
C:\Users\Admin\Downloads\ManualzPDF.exe

Filesize
8.0MB

MD5
89b3b8ebb373e4a539d7bf2125e74844

SHA1
4961753e2587cade2286584ce3046c16c381d01c

SHA256
3bf136825e2473553ec05e579dab5bba778395c3be03e9b9f57df8e7c22f294a

SHA512
c1bef035e1cb185d9f318ff11befc9f7db72cac9d85d43b858770817bd50d628ed27f57bf71190e8d0dd02909f1212088b1e9393c8a02d8309cff35c0bc97865

Download Submit
memory/3188-85-0x000002BA806A0000-0x000002BA80E46000-memory.dmp

Filesize
7.6MB

Download
memory/3188-84-0x00007FF956760000-0x00007FF957221000-memory.dmp

Filesize
10.8MB

Download
memory/3188-82-0x00007FF956760000-0x00007FF957221000-memory.dmp

Filesize
10.8MB

Download
memory/3188-116-0x00007FF956760000-0x00007FF957221000-memory.dmp

Filesize
10.8MB

Download
memory/3188-81-0x00007FF956760000-0x00007FF957221000-memory.dmp

Filesize
10.8MB

Download
memory/3188-80-0x000002B264EF0000-0x000002B2656F2000-memory.dmp

Filesize
8.0MB

Download
memory/3188-69-0x00007FF956763000-0x00007FF956765000-memory.dmp

Filesize
8KB

Download