hxxps://drive[.]google[.]com/drive/folders/1Dm35BKs7mSwvdiKbSUdaTRgg2_wjrEm6?usp=drive_link

Analysis

max time kernel
228s
max time network
229s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21-08-2024 07:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1Dm35BKs7mSwvdiKbSUdaTRgg2_wjrEm6?usp=drive_link

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
7	drive.google.com
9	drive.google.com

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133687001513408809"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2828	chrome.exe
2828	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe
2896	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe
Token: SeShutdownPrivilege	2828	chrome.exe
Token: SeCreatePagefilePrivilege	2828	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2120	AcroRd32.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe
2828	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2120	AcroRd32.exe
2120	AcroRd32.exe
2120	AcroRd32.exe
2120	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2828 wrote to memory of 224	2828	chrome.exe	84
PID 2828 wrote to memory of 224	2828	chrome.exe	84
PID 2828 wrote to memory of 3464	2828	chrome.exe	85
PID 2828 wrote to memory of 3464	2828	chrome.exe	85
PID 2828 wrote to memory of 3464	2828	chrome.exe	85
PID 2828 wrote to memory of 3464	2828	chrome.exe	85
PID 2828 wrote to memory of 3464	2828	chrome.exe	85
PID 2828 wrote to memory of 3464	2828	chrome.exe	85
PID 2828 wrote to memory of 3464	2828	chrome.exe	85
PID 2828 wrote to memory of 3464	2828	chrome.exe	85
PID 2828 wrote to memory of 3464	2828	chrome.exe	85
PID 2828 wrote to memory of 3464	2828	chrome.exe	85
PID 2828 wrote to memory of 3464	2828	chrome.exe	85
PID 2828 wrote to memory of 3464	2828	chrome.exe	85
PID 2828 wrote to memory of 3464	2828	chrome.exe	85
PID 2828 wrote to memory of 3464	2828	chrome.exe	85
PID 2828 wrote to memory of 3464	2828	chrome.exe	85
PID 2828 wrote to memory of 3464	2828	chrome.exe	85
PID 2828 wrote to memory of 3464	2828	chrome.exe	85
PID 2828 wrote to memory of 3464	2828	chrome.exe	85
PID 2828 wrote to memory of 3464	2828	chrome.exe	85
PID 2828 wrote to memory of 3464	2828	chrome.exe	85
PID 2828 wrote to memory of 3464	2828	chrome.exe	85
PID 2828 wrote to memory of 3464	2828	chrome.exe	85
PID 2828 wrote to memory of 3464	2828	chrome.exe	85
PID 2828 wrote to memory of 3464	2828	chrome.exe	85
PID 2828 wrote to memory of 3464	2828	chrome.exe	85
PID 2828 wrote to memory of 3464	2828	chrome.exe	85
PID 2828 wrote to memory of 3464	2828	chrome.exe	85
PID 2828 wrote to memory of 3464	2828	chrome.exe	85
PID 2828 wrote to memory of 3464	2828	chrome.exe	85
PID 2828 wrote to memory of 3464	2828	chrome.exe	85
PID 2828 wrote to memory of 4800	2828	chrome.exe	86
PID 2828 wrote to memory of 4800	2828	chrome.exe	86
PID 2828 wrote to memory of 4044	2828	chrome.exe	87
PID 2828 wrote to memory of 4044	2828	chrome.exe	87
PID 2828 wrote to memory of 4044	2828	chrome.exe	87
PID 2828 wrote to memory of 4044	2828	chrome.exe	87
PID 2828 wrote to memory of 4044	2828	chrome.exe	87
PID 2828 wrote to memory of 4044	2828	chrome.exe	87
PID 2828 wrote to memory of 4044	2828	chrome.exe	87
PID 2828 wrote to memory of 4044	2828	chrome.exe	87
PID 2828 wrote to memory of 4044	2828	chrome.exe	87
PID 2828 wrote to memory of 4044	2828	chrome.exe	87
PID 2828 wrote to memory of 4044	2828	chrome.exe	87
PID 2828 wrote to memory of 4044	2828	chrome.exe	87
PID 2828 wrote to memory of 4044	2828	chrome.exe	87
PID 2828 wrote to memory of 4044	2828	chrome.exe	87
PID 2828 wrote to memory of 4044	2828	chrome.exe	87
PID 2828 wrote to memory of 4044	2828	chrome.exe	87
PID 2828 wrote to memory of 4044	2828	chrome.exe	87
PID 2828 wrote to memory of 4044	2828	chrome.exe	87
PID 2828 wrote to memory of 4044	2828	chrome.exe	87
PID 2828 wrote to memory of 4044	2828	chrome.exe	87
PID 2828 wrote to memory of 4044	2828	chrome.exe	87
PID 2828 wrote to memory of 4044	2828	chrome.exe	87
PID 2828 wrote to memory of 4044	2828	chrome.exe	87
PID 2828 wrote to memory of 4044	2828	chrome.exe	87
PID 2828 wrote to memory of 4044	2828	chrome.exe	87
PID 2828 wrote to memory of 4044	2828	chrome.exe	87
PID 2828 wrote to memory of 4044	2828	chrome.exe	87
PID 2828 wrote to memory of 4044	2828	chrome.exe	87
PID 2828 wrote to memory of 4044	2828	chrome.exe	87
PID 2828 wrote to memory of 4044	2828	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/drive/folders/1Dm35BKs7mSwvdiKbSUdaTRgg2_wjrEm6?usp=drive_link
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffbb500cc40,0x7ffbb500cc4c,0x7ffbb500cc58
  2⤵
  PID:224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1780,i,12450229880962633075,5076657322791252271,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1768 /prefetch:2
  2⤵
  PID:3464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2160,i,12450229880962633075,5076657322791252271,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2320 /prefetch:3
  2⤵
  PID:4800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2124,i,12450229880962633075,5076657322791252271,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2312 /prefetch:8
  2⤵
  PID:4044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,12450229880962633075,5076657322791252271,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3136,i,12450229880962633075,5076657322791252271,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:8
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4652,i,12450229880962633075,5076657322791252271,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4664 /prefetch:8
  2⤵
  PID:524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4876,i,12450229880962633075,5076657322791252271,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4896 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4880,i,12450229880962633075,5076657322791252271,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4948 /prefetch:8
  2⤵
  PID:2892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4984,i,12450229880962633075,5076657322791252271,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4964 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:2896

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2160

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:760

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3864

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Coinstore Docs-20240821T075003Z-001.zip\Coinstore Docs\ACRA - Vortexia.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:2120
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - System Location Discovery: System Language Discovery
  PID:628
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=07A336FE950EEE0D02D846B77D8FC124 --mojo-platform-channel-handle=1768 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2848
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=733105B1BD80C28E842E5055314A338C --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=733105B1BD80C28E842E5055314A338C --renderer-client-id=2 --mojo-platform-channel-handle=1776 --allow-no-sandbox-job /prefetch:1
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4956
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=7C88D5D9B4C22E86FAABE72C78B19C4F --mojo-platform-channel-handle=2368 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4328
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=0437DFB0F481516A24CB1D4789307CFC --mojo-platform-channel-handle=1796 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3364
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=88BE042D60F86EE013CEC4C80602D55C --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=88BE042D60F86EE013CEC4C80602D55C --renderer-client-id=6 --mojo-platform-channel-handle=1780 --allow-no-sandbox-job /prefetch:1
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3080
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=FCCDE0C32EF1E08CA041B27DAB98267C --mojo-platform-channel-handle=2416 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1184

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\21974d03-170a-4e1f-a103-ad1509d548ee.tmp

Filesize
10KB

MD5
73504ce25d5b45d40fa64e033f531e3e

SHA1
00b333e5185a0731f22351e83ec4fa4721433ab5

SHA256
86885bcace9c04da7781b7836d85339d90203e7b958c0ddb9c72dab88c7a0936

SHA512
63ca42e076ecffe0effdca7083cc0889fbcb4882bb3ab80ce07f472ab1ff8a4fda758fb59a576d385066fa819b26419de26dc00af69598b9d25d0e10d7cbc282

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
4b2d1f39cdfe4137ec60e96a1190fa3d

SHA1
16c0570951f8b86d2e62ab93552c48ad2c0e35f8

SHA256
94bbf4155b25b279d3b81eb67770afa3da4198ecf31bc8b0b546dddaac060856

SHA512
549f8aa4b62ec9a0ab9a053a14ce2f2c4cf71e3ddb1be8a02a75529d2816e9c8699af3973c224d565a450b18aae8f08a21ff29d791de9b5addf37888e6425a03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
38e9502bae0918daa7094e29ddb9b71a

SHA1
5d531df4735414e7088657ddaad232af7cabf585

SHA256
27a0cdc2cd8363bc9d9fd8fe590af272738be557fe86951cfb50de8915f7e9eb

SHA512
75d876d36f8c361bda541c589131f83429f3e8b5877332025c59037f775dfaf8405bf5ded4aba028291802ac9d3574b27387712ab65689971b4d95de6e1f07df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
e88b39827afd88163d7b6b3a3893d11c

SHA1
0dcbc60da5e46ef5a37e151df354b505f14f14c4

SHA256
998e4b35e067325ae9338c4ab3b37ef0c64b81232fd50cee3317e391b0922e78

SHA512
a0c1ddf3822f4d08f46b9507dfad6fae0940f072452bba7d4c9f88beece6b224f7453ec80b5a24e5424eff9bfff91b540fface759101c74a938d67da33c30d0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
fcd2ed922e1a3af07138d76d915b391c

SHA1
a16e01e1d984fc74be899f0008d7b908d4714c5f

SHA256
3139598a81ed1753f438bd50afda71893a699fb59dd2ffba704016834ff71004

SHA512
b51d82a4f252e9dc745a9ba06a75b4dbdf481d1093fadacd4d9e2d5f86c8fe52c625f7d4b14aba612bd5de0a6bfa0058447c6d64cd84d59f0014dc83e4c47521

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
9a4eff1477749cea4cbf1030be67b4f9

SHA1
7e1b54232160165f305f962abae9ea61197a4e56

SHA256
8392ceb6f658522edc3fa61abfe9718e664dc268e9dd59eb41669ffd2b96c674

SHA512
22b1370c270dffa3dfd3287375af3125f1e295c2ef1f4c33593d420326366151a9a1a210b004b6f1c6d42363691d476225d0ca65952e1fc77dfd0d6d1e1c4056

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
961973f167d79d8845245a2132b5f54b

SHA1
28a66e88dc24faa19d0566a19ae81e356eaf9c7c

SHA256
4fa7cafd073351dae4ec6bdcfc8441f5d41a481d5d2040c09febeb3f346eca45

SHA512
bac5d93c4960b989d4823a6f875c637e1f6fdfc5b109bc081c5c3de8b0c178849b6d5d8a4c6a4248236c7bbacf59657e36a3a0ee5eb453b46d41549b4c214809

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
378c8f94d74ce4be52bb146733442f37

SHA1
29cefc35b8be99fccc30ce16673750fe09235979

SHA256
9f12e1cf0ede01e1b8b487c5192504389773d264c7c81abffec19d50a6e7023b

SHA512
07541fc866860c9e9f9830a71632450ca3315e3b6f3180a60d67a079e620f5098b830879ae8f0af2a4c9d99b27fdbe7f7a281420709c673cd0b5bba409ca3631

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b9583d45c3954a4add55543a555aaa3d

SHA1
54886d4e74b0e1439090ee3125645950ad8b6b56

SHA256
baae78e1ea8118e1767747c8cb2f65037fb809140c5fe21219cb6df8d3742e27

SHA512
647e5751b40f40a483662ef8a429acc28272c6e73fff46575deb9a34165bf628096dde4ab1632a253777582157fcc23ae8b50abe3e59668f7ee7864c6973ae7d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e1b418cc103fdec8b9c35a0490058747

SHA1
c72464bada4a916177b77f0deb3aa66247f43996

SHA256
73d2a439df4ec054e52be226d668be370768b598fece3bcbb422653b82b0babe

SHA512
01641089d340aa45d011bae95d903f96deadb9675b0160cea03a1441720aa592503ea40a4ab13a991cabcc9f5c458e4c3e0f9c78925ec0bc71c11a912cd0199a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d707e63868f578401a9998a08fdaf8b7

SHA1
69edc83fda2fdfb831f3f87c7b6053167845e314

SHA256
7140beab91a8ba5e9ea193d3b85037ab6dbb4d2d05fd63993518c2843e049ce1

SHA512
7f2651582ce3fbe56f3c71ff0145b8eaeee3db7dd03702f33205798d25752ff9b2f6f8c8163a1aa979b9d1bc02fb3e54c64537c8b37d836bacd838ee20828a62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8224655a6fc2bd371252b3f96a8081c8

SHA1
31bcfa2d70b1481bb52a6bccec3880fd510a9516

SHA256
786fe79bafb244db4511700d2f485a1a180a156badece2b1eabc6611813b9d28

SHA512
1107b5f3c9841592a997cb76cec9b8c91acea7b08a314755e384c34907c19315c7a564d536ffa7a741bf89cd6856b054fbf1583a8bf6fab9a9ce46a0006d3ed7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c303e74fcb86612bfbaecbfc795c3815

SHA1
fd65347c6440ce38eb95b097c7d037b1b9b90793

SHA256
5a1e505c81aa86a69649a2069af74dc5749588b940888746cd5cece8738ffb5d

SHA512
1c2172af7bc13094abfb9ffc5bbbfba215ad902541691243cf4f26d0d07d8f71dedf0066067b38a7dc3fa90a846f08480bf66cb5e607ffa8e6f2d3e5dc04691a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
def7bd15f88d9741df9481117a5c9ba2

SHA1
627aeac49aaad1210b721a0079465c8bfd36df95

SHA256
95c18e97646b4750d39bae73aa9e02e402440066ae431c21e515a7eb75c4e6fd

SHA512
40fd05222ae2c170965a7498cccb823c4b28ee75c495bfceeeffbf357e161a904d66b9921cc9427f71f3ec2da77f53616d073676156d76d63390a8a29d5ed6ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8957fb811c8aad88e21b40c2b41b1a60

SHA1
7cdd75c8badc015a7474a58feb693a066058f0c6

SHA256
89b5bdba43e2e0279514bb01f6d20037927b00512eea5a65f69d603eed3bd687

SHA512
26178fb95b2b708b76bd06babe52f6eebfe13c2f85636db21aa43dfc1ad7f4e87800c8c06f3a94840280415a21ff74317a315aae5fb94f4d43cfbc2318dee8cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
dda35bd6c0ffe2a2d2ae071b364c46d6

SHA1
7d4cec6b323213a72dbe616fe5c943688147c680

SHA256
9604e63a1f0d7817c2bc188f5feb20d438c97bffd722abbef40d7351a7c00ce7

SHA512
8b228a496590cdf94985dc8452490283f3f10b1e2cd234d18ab1192346e37e51e7500af411bca14dd5858afcc72514b2cd6025e18ca53824b8ae57063236cc99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c49fc1ee4c28a16acabfb43f1d804c7d

SHA1
41a4f50e99ec662068db61cd9e3b16da80ad35ed

SHA256
d0013c443c53e04f59e98d90923442fb87d2a439415f483e4adf6f8e7908faf3

SHA512
4beab4653ff6cfdf3d74ad298218b8e0ee1dd3986ce536c97883b5f02c6a33804f1f22973d50c1e6f243993d5f68c0d077ee31335251040a6dc3542ee95ed4ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b1e3be1ae7a22e4de397c64d33bb46e2

SHA1
64d2fc5c112f776e3adda65123f92268f15d9db3

SHA256
f3f4bfe366eec0461f05a80ce92937e10cc8ecaf02beb4657600c494aed5cccd

SHA512
78af663ec696ac94da41f8a029676dc2a00cb0c88f5320cd995e0110f5246ac5a5555707b8917da107d5e77df1d94f8726ab79935e16e9c13972344b5c920298

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0b9c82eaa860a47d9b84f2c1d549e788

SHA1
cb9eb3f0e890e1eef6bf456ba5a880bc4ea30e21

SHA256
0ba47cd67fdceff8689c4c311401612d708bad5369615cec358c03ec0bd9751f

SHA512
d1cff5ff0cf8c8977a83919be598aaae812ce0fa8fd672ad6a2de997cd9ca533bbef967cfd991cdfe194b19680f73245cf8335d0fcaf3a33e4e1e009e540b7f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cac5079054be10a77c7b033e265f6cec

SHA1
0d3896aba9578d76841ba2b6c61046bd521dcc90

SHA256
e0be6e7c76702b3d45fc8eadee585dd1a0f893ab6fe7fb945a17ff80bbdd883e

SHA512
e3b45f3e6b65d6602a06f0ee3e2fca7318847fa3447cf1a3525f604963100cb64154f1e1064519988aa114d9f75b3f5bffcda5f222642be37e3ebd4f1bdf03df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
dfbc59c64706553f3de03bdd8938bbd9

SHA1
e12f806ec76d34609b3628274ff5d66b9c980b25

SHA256
8d2c994756b4196a593aa3ad806bc549970108240b3076ecf2fc1874b3c25d45

SHA512
c178a95df35a5b2dd580eab57e62b49ddba13ed3e41368403eee88e47e17821f756bbc71539eba5a7eb976e7cedd5042aeee22ea988dd603223dcaf1562416b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
068d892167c6355e1c54291729e48ea3

SHA1
35bf343a39081dfb9ba5eb0c346eb8ab0314f169

SHA256
fbd1390618c5ad91640a06ae34be7136a2f4bfd8e20fcd282061897d77513e3a

SHA512
fab9616efb605732d01b85dfad0df05ea45350fff1aa0c2e0762933d2aa6ab33d1ff347006a8828d7b0768bf397f5b94fb5813f507490bffbf04cf993ecc8f26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
79f31e264c033b402bfd2163e2030def

SHA1
0ee59039d82dfce0af1fa6f52f51859301455659

SHA256
91aef22c972d5e06d364618a1cbd6a582060e06da58815a8b9a8326f1fd8f7da

SHA512
c4004c7c6413cfa34fdbb11770c8d0a5728fd16f385d058fa305bd700b665e2ddb8fdc03f5a29fb8d2ad918f98b66f4d857efdf1412be002e798950b656377bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
713a17a87a7ea9699a83c859e0ed132b

SHA1
4a3677672729b1c0db9dd0f727139f3d995d9856

SHA256
7a390f6464f274a6bda4d17dc07f966558ad6e251edeaa23350f8215279e6675

SHA512
214fb91bfe44b0d1a3e39680f1eea5954cd947d6db0667ee54107b9af4c426a092387bc41e892f2588a5c8e2f46337f98eea9314edcef2263cfb9c92fb439b5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c706fa1b9e1bb5310180f33f18e3022d

SHA1
2019bb6b3c1234c1a424b8f670b702d9a602c575

SHA256
dae8ee96489435af51aa0b717f2435dab9ae9dad1e02b6e9f269d24760617cd2

SHA512
a5c2ced8df7c63a0e1c696ad7147add03a3b4c3f1b42d6e370ae07adc9dbd3f7c37fa8e57be84a8dbbde113be8b3836953a82c5b5d8c92bb2151bdf092f17186

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3279ccb666337fbc3cec1ce8a0413784

SHA1
4881d28ea99c30aa81fd556c6fe13a7a16af683a

SHA256
662d3a9b85caa235ec7677429742ec4ad8f10317bbe8384ead0e2bb4efcee9c3

SHA512
48768c1237ebaa5b1b5bfc62ba05f00391442865926633cee852020a8ae10901cdca0a249817148d2733cafefabb6e0a5e1869addf5f98c6bdd56cfd156e7bf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\aghbiahbpaijignceidepookljebhfak\Icons\16.png

Filesize
566B

MD5
b3b099003f605d552145790cf1b71e00

SHA1
6dc54b1268536935e9ac96a27c34c03aa1a1eccb

SHA256
1d1113f78a60a4702db32f106598883cb864cd273a708ee292dd6003e3cc8d4b

SHA512
d078de028160ea917c24ccbda0b74a8374a2153c7bd1f5a108710b102d64f0ffdc57caefe2979153a8d42d2e8d7a85089680bfae9f4facaaf048d8d93494d5f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2828_1601661460\Icons\128.png

Filesize
7KB

MD5
8eec20e27dd654525e8f611ffcab2802

SHA1
557ba23b84213121f7746d013b91fe6c1fc0d52a

SHA256
dc4598a0e6de95fae32161fd8d4794d8ee3233ab31ba5818dfbe57f4f2253103

SHA512
b19d628a7d92a6ec026e972f690bf60f45cbab18fc3e6ab54a379d8f338da95e2964ecdc5e2bb76713f5d3ab2ced96766921e3b517036e832148d1fe5fe8aa6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
1a1684702c3df4d3dc62b1100231c4a2

SHA1
092d92faca4d55c0894a24f708c57ec44f4b0ccc

SHA256
3e34cf07bb95414c869807d62124b681421b980355b0d667fdddb97673ccd4e0

SHA512
06491e7923642242f78edee899167e6d6e8f7c78f415e2ddf757216ef2ba8c50e847a81b48ab88127c182fbe1c49212e1d633a994ad22b6a6e00f93cc74730f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
0ce1eba15dbf14f944a907e290616eef

SHA1
e7a1f8e9ced4e9f7e5ec75f549d7826e95abbfa8

SHA256
4f98856c2906d00b57df389681070d546d6666f1066b6c66423b7f248d509f55

SHA512
c27eec656646313668272ffd35106f41e23460df4c1e4c2f980f67bb779f1680457efbc1ecccd80002edcbfc9ed910fc95f556de9cd75340a1a0c4db6e079812

Download Submit
C:\Users\Admin\Downloads\Coinstore Docs-20240821T075003Z-001.zip

Filesize
22B

MD5
76cdb2bad9582d23c1f6f4d868218d6c

SHA1
b04f3ee8f5e43fa3b162981b50bb72fe1acabb33

SHA256
8739c76e681f900923b900c9df0ef75cf421d39cabb54650c4b9ad19b6a76d85

SHA512
5e2f959f36b66df0580a94f384c5fc1ceeec4b2a3925f062d7b68f21758b86581ac2adcfdde73a171a28496e758ef1b23ca4951c05455cdae9357cc3b5a5825f

Download Submit
C:\Users\Admin\Downloads\Coinstore Docs-20240821T075003Z-001.zip.crdownload

Filesize
4.1MB

MD5
cfe562bb9a6c27677c48c25f7fa5d449

SHA1
b2978b5ad47dc66779dea53551bdeadfb3fa1d93

SHA256
99b6db3159eb61484fbac9df25370ac551becb40b3e0a36b5b803433e6b11ad6

SHA512
d1ce5015cd77bb8e7b8f588e9d61fd95d1dca1c64814787f208b1f9a869214fb4118c167cc8ef63925d0a382f170fc868413a7a9d983cfaa024a08c68468f524

Download Submit