88019645c39dbd895dbdf510bf553b841859537a173df4c1bd8dc5e154cc267a

Analysis

max time kernel
269s
max time network
263s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
02/06/2024, 19:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

orthodox.exe
Size

1.8MB
MD5

15c7b84efb6e1185cbb8f68898b3d2cf
SHA1

153b7ec96bf2997205c28de525de658dddc49232
SHA256

88019645c39dbd895dbdf510bf553b841859537a173df4c1bd8dc5e154cc267a
SHA512

3429192e7bbf5e0ce657eef59551652081c64485a3eadaf9d9ac810184334b8ea0a128f150778c1e4f9605c4df8e14763c7a26233f83d90f4dfae816f590655a
SSDEEP

49152:1cmEHl5+VvoeFMIpRnCsOTVE6iBunMODY:OmuIoeFLiTIODY

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
2748	winrar-x64-701.exe
5028	orthodox.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133618298603946837"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 24 IoCs

pid	Process
2792	chrome.exe
2792	chrome.exe
1872	AcroRd32.exe
1872	AcroRd32.exe
1872	AcroRd32.exe
1872	AcroRd32.exe
1872	AcroRd32.exe
1872	AcroRd32.exe
1872	AcroRd32.exe
1872	AcroRd32.exe
1872	AcroRd32.exe
1872	AcroRd32.exe
1872	AcroRd32.exe
1872	AcroRd32.exe
1872	AcroRd32.exe
1872	AcroRd32.exe
1872	AcroRd32.exe
1872	AcroRd32.exe
1872	AcroRd32.exe
1872	AcroRd32.exe
1872	AcroRd32.exe
1872	AcroRd32.exe
2980	chrome.exe
2980	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3600	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe
Token: SeShutdownPrivilege	2792	chrome.exe
Token: SeCreatePagefilePrivilege	2792	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe
2792	chrome.exe

Suspicious use of SetWindowsHookEx 20 IoCs

pid	Process
3600	OpenWith.exe
3600	OpenWith.exe
3600	OpenWith.exe
3600	OpenWith.exe
3600	OpenWith.exe
3600	OpenWith.exe
3600	OpenWith.exe
3600	OpenWith.exe
3600	OpenWith.exe
3600	OpenWith.exe
3600	OpenWith.exe
3600	OpenWith.exe
3600	OpenWith.exe
1872	AcroRd32.exe
1872	AcroRd32.exe
1872	AcroRd32.exe
1872	AcroRd32.exe
1872	AcroRd32.exe
2748	winrar-x64-701.exe
2748	winrar-x64-701.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2792 wrote to memory of 4976	2792	chrome.exe	79
PID 2792 wrote to memory of 4976	2792	chrome.exe	79
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 5116	2792	chrome.exe	81
PID 2792 wrote to memory of 3792	2792	chrome.exe	82
PID 2792 wrote to memory of 3792	2792	chrome.exe	82
PID 2792 wrote to memory of 4468	2792	chrome.exe	83
PID 2792 wrote to memory of 4468	2792	chrome.exe	83
PID 2792 wrote to memory of 4468	2792	chrome.exe	83
PID 2792 wrote to memory of 4468	2792	chrome.exe	83
PID 2792 wrote to memory of 4468	2792	chrome.exe	83
PID 2792 wrote to memory of 4468	2792	chrome.exe	83
PID 2792 wrote to memory of 4468	2792	chrome.exe	83
PID 2792 wrote to memory of 4468	2792	chrome.exe	83
PID 2792 wrote to memory of 4468	2792	chrome.exe	83
PID 2792 wrote to memory of 4468	2792	chrome.exe	83
PID 2792 wrote to memory of 4468	2792	chrome.exe	83
PID 2792 wrote to memory of 4468	2792	chrome.exe	83
PID 2792 wrote to memory of 4468	2792	chrome.exe	83
PID 2792 wrote to memory of 4468	2792	chrome.exe	83
PID 2792 wrote to memory of 4468	2792	chrome.exe	83
PID 2792 wrote to memory of 4468	2792	chrome.exe	83
PID 2792 wrote to memory of 4468	2792	chrome.exe	83
PID 2792 wrote to memory of 4468	2792	chrome.exe	83
PID 2792 wrote to memory of 4468	2792	chrome.exe	83
PID 2792 wrote to memory of 4468	2792	chrome.exe	83
PID 2792 wrote to memory of 4468	2792	chrome.exe	83
PID 2792 wrote to memory of 4468	2792	chrome.exe	83

C:\Users\Admin\AppData\Local\Temp\orthodox.exe
"C:\Users\Admin\AppData\Local\Temp\orthodox.exe"
1⤵
PID:3400

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff9d0fc9758,0x7ff9d0fc9768,0x7ff9d0fc9778
  2⤵
  PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:2
  2⤵
  PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1868 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:8
  2⤵
  PID:3792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2120 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:8
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2904 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:1
  2⤵
  PID:2948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2912 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:1
  2⤵
  PID:2360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4484 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4656 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:8
  2⤵
  PID:1136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4764 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:8
  2⤵
  PID:1544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:8
  2⤵
  PID:868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:8
  2⤵
  PID:2644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4840 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:8
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4812 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:1
  2⤵
  PID:3516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4884 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:1
  2⤵
  PID:664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2228 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2972 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:8
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3232 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:1
  2⤵
  PID:2732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5712 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:8
  2⤵
  PID:4464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6036 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6140 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5716 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:8
  2⤵
  PID:1592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5156 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:8
  2⤵
  PID:196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=3392 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:1
  2⤵
  PID:508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6196 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:1
  2⤵
  PID:372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6284 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3392 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:8
  2⤵
  PID:2980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5384 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:8
  2⤵
  PID:3556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6428 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:8
  2⤵
  PID:4796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6640 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:8
  2⤵
  PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6704 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:8
  2⤵
  PID:4228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4016 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:8
  2⤵
  PID:992
- C:\Users\Admin\Downloads\winrar-x64-701.exe
  "C:\Users\Admin\Downloads\winrar-x64-701.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6632 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:8
  2⤵
  PID:60
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1544 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=2276 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=6304 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:1
  2⤵
  PID:3432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3008 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:8
  2⤵
  PID:2740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4608 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:8
  2⤵
  PID:3556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6772 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:8
  2⤵
  PID:3040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6328 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:8
  2⤵
  PID:1648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3008 --field-trial-handle=1812,i,8491422132757715025,9934606219991017984,131072 /prefetch:8
  2⤵
  PID:2148

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4688

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3600
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\orthodox.rar"
  2⤵
  - Checks processor information in registry
  - Modifies Internet Explorer settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:1872
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
    3⤵
    PID:2164
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=879D474BAFBF5A2BB12932FA4A556D24 --mojo-platform-channel-handle=1620 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:3472
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=11FD296FA3B02678E6E5AD0E79131605 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=11FD296FA3B02678E6E5AD0E79131605 --renderer-client-id=2 --mojo-platform-channel-handle=1612 --allow-no-sandbox-job /prefetch:1
      4⤵
      PID:984

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\cf82bbe003d64bb5b7d248a997a14a07 /t 2220 /p 2748
1⤵
PID:4980

C:\Users\Admin\Downloads\orthodox.exe
"C:\Users\Admin\Downloads\orthodox.exe"
1⤵
- Executes dropped EXE
PID:5028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
888B

MD5
a144a86395cac2adda5859e9e6242892

SHA1
e177ed1a0421a5bedd09a342a6db4cddca84ea89

SHA256
9fd522b6ae47edb1daa9257a319a067ed1ca1e8dc06584a2f6b438b46224cc4c

SHA512
edcb3b37458d4879e39f11acc575073ed9fc29ae5fb157c65dffee286866aa02b982b62169cd3af0a5c4b25bb9387c6f7cc79ed5d3ae4b487b9334b163e88367

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
1fa9d708351a67bcb67fd2f19db98f95

SHA1
5e8448bf03b0d4caa78830c17db7dd3174e304b6

SHA256
272acf860323cfb0acc2cc44dacb1b34085d7a2105396c799b13f8f923293069

SHA512
e854d9c57d58285b799bbd010dc01c94b9d8595e2e0dc12c149107e94ab628d7230bfad333fa05f131628de77e69e51c7e97b06d8d19ad98fbd7b061be938f09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
920e49939af189a38610a7279b95e266

SHA1
1173d794c5007410661be2a43e681e9b14dd8523

SHA256
53d27302b96703ad5016da40d6bf1aa97824d9eeb9029b7c267b71730522fb85

SHA512
08559caebd2246e5a6af2e593ae93d82f02eee3f5978ea53a03505bc439758cc0f77dbb7c42b89a968c4f3d1a35bc7d711286bd3f76b2270d3eb0b51df1cb39b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
fdc7b711046f39b66be62119ef8cfcf6

SHA1
fa0a8707db6fba8f76f0f7f0692efffae044030b

SHA256
d30c587ef8a473dc06024a3a5a99440561dc0f5a7a3958211e5a671a3680a962

SHA512
8e86d137daba651816ceed6c0457e6f809b76c0d601cccb556ce814fc6fd64995518fea6cf65b4133ab945f79e09fef460f5a9dc9e4356ec230b1670ebc33402

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
56c5f9f02abf44f76cfd2c7c18eaa4f5

SHA1
4ef5b2e9094ddb12c2435e812c3e59d340ed6aed

SHA256
ca9c87e11cbd2b3bd0d4ab7ff119cedac40807fc6dfab174052532a3e519f4bf

SHA512
8ba6b5201390f805e7051afaadd32794169ebbb2fb9140421bb31f81b4650bb836aa8a18325cc1fc7b40e7fca880f8bd0fd3d599c41bde6384c64ebca0a8bdd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
a6f82b79bff5bd5e6a026a37c64fe5bc

SHA1
df3b7533929aca5de18904644b3ae9550a96b1fa

SHA256
7aa1a32f59ceaacfd4ffb2701c82daa9ec96931cc6686c06c5f43c6ecf57bc55

SHA512
c2b5afd9230a95b08793ee1f1c5e9d3e03574441d74a7c081d0f7ff14a999bfc437f8b2076b1ea1ba64c1b432be26dd064f74c1c8c72ee0c2249a74b2fe520c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
b2c2ffb9cae4b8045519f5200cc16909

SHA1
ffdb4ed315482ac0fabc8138a6891eaee1c7d384

SHA256
bb9acb05549f05aa38b93d2d635a0707ffd2a9b68a69131df1ca3e9372348898

SHA512
286809216ae9825431b9e8ef2e2831bbf379e6f60129a770b867c7fa8a75f9d5e657052e36eb89d8ba83b4d49644579db269df9b7e1772e0c865a6c09675b149

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d00e01baae5ce845ea1b741cd030de83

SHA1
fb405260497b1d08a7c32da6bc223005c3390dec

SHA256
d7a4ef911c99863d01ec876f72b651cd6b7846a78252179e4eae8ac36596cca2

SHA512
ef7ce8782d61ce9e53279641f3c943c64922fb330fcd57194bacfde662c312b4e28bd744d24c3878be4ad2dc4b36b6e2efad3730476ec00902d244d72ceec9a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
40be152224fc1eac06002e8a78c4fac6

SHA1
85a14be41e73a49ad8fa15c335b506bc0acfd0c6

SHA256
0c663ec47625ef30fe6917b92fa38afcef5703ac8aa57797dd070a32a38e2efe

SHA512
9eedab1bf48155867140388cacc20180634c2702f530027a4c3fa4f970099ad5179cc2b253c943533d1a2fd93d214f541a7f46e278cd3891aabdb0e0e3ce94e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
db46ed7a3858cb94fbb7d46e793d3573

SHA1
703740d39590ffe9c9606317879f63241dd18186

SHA256
c3a3c1908b23ec3b06a559ce37099741005bb526d2067b3e28a315bf51dea34f

SHA512
f97f07a6f0434b708fc2e2c347e897f55e7a4a2380d4d0979033fc8b0eb65be5138260e1842b6858b7960fabf55e429535e2dfdf342742f04f844533316eac4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f9606de57e58c99dfb16c70520803f91

SHA1
d8701374c38468476e3d292e1d750c84c848c0e9

SHA256
e8c1d86d535a2f2b79701d8e0c72b7006c6eb1eee737e6b166872169004d77a4

SHA512
92f0912a95a065e9cde454dcae90ada271c4c731d148cfdc2f7faeb8fd6fcb74bf830c2a88e28da7064f9f78b44ec0835cf94d37aff049936f2398385fbbf374

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ff5ad2210de768210fa572534e3eda14

SHA1
02e7042c7a1f86fa1158068991bd88de2db31b5b

SHA256
bfc71feb2821e6804a279f93c9619a8b807694a69f99b3dccc9cad150f98c843

SHA512
45b82f82ac24119157d6bc9577db87744e3e1dda13677812cfd61f422150f2df06bbbe859e587482ac6f22073edb0caa693fd086c35dc496627aa5d74c40495d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e4ba37af3a5e85c56970641a07a3afe8

SHA1
6aa88944a24e26ccf7db0848105cca65038b583d

SHA256
ed27278bad0c5b5ae72e02659fd62cd7e6e32702a0f33360190cb41a2a8983bf

SHA512
8e38190d9c4a154b300cfa812f1b0907a7c9f54929efe2069ba31b56417cbe90ff5ab1c6f5a4d70ac5b70fffc4f2a5be185110b12ed99e0584a63b389e7923e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
20cb66a558145f824102b0581e7cc1b4

SHA1
e177527ce00394d72f588c4a19ef884de83a3608

SHA256
a3565bf0bc2435279b4037fe7602d7b9cc688f88a5b7a8093833afb7410eb96f

SHA512
e6249e05d673e4e3096b835feddca8fd7d2b612d643bca376c5abd9bb22a8c0e51de61ad66bfe6a7413a871b60bc95439c1fd6eabef4336e88d26c6966afe076

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
76c55f82004b60836dbc465b5fcc3055

SHA1
983f4b7d45ea28ce387e399a396567a2f5587a92

SHA256
8c516dcd0eb33acf1125cea45678caf06cb60abf7bc4181726aee96b353dfe00

SHA512
28e1bbe45f80c328508a75d1faac78ac47246d2f5e0de40c494aec1dc160025e8d30ec756f456fdeeba42ae34df809ea88fc8406db5150758eb6835a99695e67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c2b5b579c8317dae52beb91485056848

SHA1
59e5111ad5310638cb88aa989c9f2a47368a53ee

SHA256
918f513b93c0230588af780731a3e0ea3d2349a84a48aa585f6681b2a967a242

SHA512
b5619277e93b3b26e91151a322af22ab0d713cabac292a16f256c34e29e26709dd927e24b3edd433a8740c842478d9e861541a936944b9d04e21912893869f01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e13bc36133a73263681f5c8fc6233338

SHA1
52e23fe1e15691d280e00b1e100be12b94f79a48

SHA256
7b0578f7ceebca3d5a9daff17946de9ca423d2f4025abbd010eeabbc92d17d0b

SHA512
5bd7812c56d9139ecc4a56a8ce307e377c834d7f0c25b8c025e64f66331267d18ce4fb81c818c750315bec337e6e65d8ab9d2aa7adf699a955dcbf1cfb8a8bbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
17dfcd0d9195f376c8211000ceef870c

SHA1
22d07e8ffc72b0db594c223b1bd9d17aa648402e

SHA256
2b7291d4b1a46d6cbbcd028634ea7e0abc89e21238c5b196e88abcaf7df81e6a

SHA512
be2a53428704da3dab00789a0462bbcea168882d2d0b71c01f50f454445ee91f8abc037cf2819d401ceb250e37591df05bfe84df881996d1cce83ecb0d70085a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
278KB

MD5
cb2b402cc150750137bcdfcaed6e2f11

SHA1
72ed8196f96618f990c21702fdc54f241286e030

SHA256
b9a896f149a13648bbb83788e4248c93738974570711bb716b8cf4aad48f1c2a

SHA512
84bda67685e9c5ea8d61870d269ee982e2ed0ac6d80a86042cfbce1814dc231b15f0d9fa00c440b13a8d9a35bc2ef64a517973be64b6b01baaf7e7a17a371e68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
278KB

MD5
a43f159f77e5de5aec60bfc74fbfcb72

SHA1
a4dfbe8dcafca74b7d12f87a84036e12e225d662

SHA256
4dbc307b82e7a89bd0d3513d724b6e74a58c4abd7f78326f896c5def99fd6d0d

SHA512
8db581e8b9bf2396d9cecff1be65bf61329ef16920189cb748016f7be4bfbfc9e8bd9a80e5f7b489a3519e5c28baae4f29a2e54fa71bcee8761cb0fe897e5678

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
278KB

MD5
5ccdafba9a3339719f1e63292709c8bd

SHA1
ffa295e7d72b822b951cf518ddb438f6ce4aba2e

SHA256
f07881d6690fd978b62b9806d883e3b1c97cd10c68d45dc0a19053d442722726

SHA512
289f171e03a33edbd28c5f00696b22964bc55d161ba6854577c173768cdaa6f4eeb7999b3ba47a441fac734325a2ccb265447eca3238e0d2212c3d9ab09ddac0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
112KB

MD5
8888efb381ca5b8a2981b71da9bdfc24

SHA1
f2c3ecf6a28f4c84681fc082b7bba5d8323866b5

SHA256
f26802ddfb747bebfd2c8a43cd9a91466f6edb92e4684ce981ea7e8654d7ad05

SHA512
73692377e98afd05c67406d826bf02fa3c36d451ef547ce9899c6452dd7b2b8e32fc99938fcbc6fe2069c57f3f5e21da1c1c7bfb5739d620e05a613e8c583c6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
107KB

MD5
13f73871794886f3d3d28eba0bfb09f8

SHA1
d2bccda2cbaf1fc477f89b7974730ab59adf746f

SHA256
deb9190adbd7b25265270a8fe3a4726917e37e053a0d55cd836edfe49336f7ea

SHA512
da432ee73bc04de7985165199aebcb321cba098c6f0f3b7dd85bcf2c9bc0a4091ae1aba86916dac8fb507633660a69f97b6cfb786b938e5eb065d9912fe10fb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58cf13.TMP

Filesize
92KB

MD5
5bbfba6c30f8a1720d821dc6a193e010

SHA1
bb547e9c14487239fe2314ab4f8a96518af5a65f

SHA256
5946202b5bf61004843483761848f9eedf53bb813cb56bfbc89b3cd1f26961c4

SHA512
6028c10041464719aa0b80ae7b5214f66a08e07b77a2dff40d06f72664ddfb94bc80ce74265800283ff1b413d1ecedb3a9a699ffd177748c51aa31ce8337b476

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\orthodox.exe

Filesize
1.8MB

MD5
15c7b84efb6e1185cbb8f68898b3d2cf

SHA1
153b7ec96bf2997205c28de525de658dddc49232

SHA256
88019645c39dbd895dbdf510bf553b841859537a173df4c1bd8dc5e154cc267a

SHA512
3429192e7bbf5e0ce657eef59551652081c64485a3eadaf9d9ac810184334b8ea0a128f150778c1e4f9605c4df8e14763c7a26233f83d90f4dfae816f590655a

Download Submit
C:\Users\Admin\Downloads\orthodox.rar.crdownload

Filesize
774KB

MD5
509113a1193b13cb166112d88d719cc8

SHA1
68f6a0b81f486c306870177d934c09fcf23a5085

SHA256
c2aaf9dc572aa82c7210847c8172f5843dbde86b4c1f57237361ddb19ebc570c

SHA512
d3747daba370d62d2332b3aab2954734672a379a2f2b7fc3c77f25ea5f7b7a8c92280c8d7b85f687645fb98745f27e06e998356579fe399c65af0c7f65ed6940

Download Submit
C:\Users\Admin\Downloads\winrar-x64-701.exe

Filesize
3.8MB

MD5
46c17c999744470b689331f41eab7df1

SHA1
b8a63127df6a87d333061c622220d6d70ed80f7c

SHA256
c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a

SHA512
4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6

Download Submit