e17f651dbe0f97554adfacbc2ccc5797ebd41d61e3174b7ab825d8d37a114397

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
27-09-2024 14:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Tool/Avatar Tools/Avatar PSN Tools.pdb
Size

13KB
MD5

e0f9f6448e157af083dc3debd03c068d
SHA1

6e602a4f2375586be7e00ee10f1a9a664224caa2
SHA256

aa4fb6b71d2d2c28e216631926a0f111623dff46dc41b094d7d50294816d9dc2
SHA512

0f73137b632e14068c14d1f66d7ab37ba3f32de6e8c49e4d62c6a80c4ec7123cd790b14f9a19dc6a0d37bc456ce7ea2f98c1fbe18acff470ddd822e47bc80c91
SSDEEP

384:bFixxaRlQlhav4rZ0k/A8QZ1kbPW7nXZ5HLM/YcU6apH2fCcI+H3ht4oxJFF0Uom:bFHV1kbgpVLcYchZ4SRJ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

RdrCEF.exeRdrCEF.exeRdrCEF.exeRdrCEF.exeAcroRd32.exeRdrCEF.exeRdrCEF.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AcroRd32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

AcroRd32.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133719214680426356"	chrome.exe

Modifies registry class 12 IoCs

Processes:

OpenWith.exechrome.execmd.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\pdb_auto_file	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\.pdb\ = "pdb_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\뺩ț	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\pdb_auto_file\shell\Read\command	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\pdb_auto_file\shell\Read	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\pdb_auto_file\shell	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\pdb_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\AcroRd32.exe\" \"%1\""	OpenWith.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2170637797-568393320-3232933035-1000\{D6C52D1F-C33B-412E-BD61-199A93E30100}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\.pdb	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\뺩ț\ = "pdb_auto_file"	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

4348 chrome.exe
4348 chrome.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

OpenWith.exe

pid process

3416 OpenWith.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

Processes:

chrome.exe

pid process

4348 chrome.exe
4348 chrome.exe
4348 chrome.exe
4348 chrome.exe
4348 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exeAUDIODG.EXE

description	pid	process
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: 33	4988	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4988	AUDIODG.EXE
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe
Token: SeShutdownPrivilege	4348	chrome.exe
Token: SeCreatePagefilePrivilege	4348	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

chrome.exe

pid	process
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe
4348	chrome.exe

Suspicious use of SetWindowsHookEx 20 IoCs

Processes:

OpenWith.exeAcroRd32.exe

pid	process
3416	OpenWith.exe
3416	OpenWith.exe
3416	OpenWith.exe
3416	OpenWith.exe
3416	OpenWith.exe
3416	OpenWith.exe
3416	OpenWith.exe
3416	OpenWith.exe
3416	OpenWith.exe
3416	OpenWith.exe
3416	OpenWith.exe
3416	OpenWith.exe
3416	OpenWith.exe
3416	OpenWith.exe
3416	OpenWith.exe
928	AcroRd32.exe
928	AcroRd32.exe
928	AcroRd32.exe
928	AcroRd32.exe
928	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

OpenWith.exeAcroRd32.exeRdrCEF.exe

description	pid	process	target process
PID 3416 wrote to memory of 928	3416	OpenWith.exe	AcroRd32.exe
PID 3416 wrote to memory of 928	3416	OpenWith.exe	AcroRd32.exe
PID 3416 wrote to memory of 928	3416	OpenWith.exe	AcroRd32.exe
PID 928 wrote to memory of 1148	928	AcroRd32.exe	RdrCEF.exe
PID 928 wrote to memory of 1148	928	AcroRd32.exe	RdrCEF.exe
PID 928 wrote to memory of 1148	928	AcroRd32.exe	RdrCEF.exe
PID 1148 wrote to memory of 3676	1148	RdrCEF.exe	RdrCEF.exe
PID 1148 wrote to memory of 3676	1148	RdrCEF.exe	RdrCEF.exe
PID 1148 wrote to memory of 3676	1148	RdrCEF.exe	RdrCEF.exe
PID 1148 wrote to memory of 3676	1148	RdrCEF.exe	RdrCEF.exe
PID 1148 wrote to memory of 3676	1148	RdrCEF.exe	RdrCEF.exe
PID 1148 wrote to memory of 3676	1148	RdrCEF.exe	RdrCEF.exe
PID 1148 wrote to memory of 3676	1148	RdrCEF.exe	RdrCEF.exe
PID 1148 wrote to memory of 3676	1148	RdrCEF.exe	RdrCEF.exe
PID 1148 wrote to memory of 3676	1148	RdrCEF.exe	RdrCEF.exe
PID 1148 wrote to memory of 3676	1148	RdrCEF.exe	RdrCEF.exe
PID 1148 wrote to memory of 3676	1148	RdrCEF.exe	RdrCEF.exe
PID 1148 wrote to memory of 3676	1148	RdrCEF.exe	RdrCEF.exe
PID 1148 wrote to memory of 3676	1148	RdrCEF.exe	RdrCEF.exe
PID 1148 wrote to memory of 3676	1148	RdrCEF.exe	RdrCEF.exe
PID 1148 wrote to memory of 3676	1148	RdrCEF.exe	RdrCEF.exe
PID 1148 wrote to memory of 3676	1148	RdrCEF.exe	RdrCEF.exe
PID 1148 wrote to memory of 3676	1148	RdrCEF.exe	RdrCEF.exe
PID 1148 wrote to memory of 3676	1148	RdrCEF.exe	RdrCEF.exe
PID 1148 wrote to memory of 3676	1148	RdrCEF.exe	RdrCEF.exe
PID 1148 wrote to memory of 3676	1148	RdrCEF.exe	RdrCEF.exe
PID 1148 wrote to memory of 3676	1148	RdrCEF.exe	RdrCEF.exe
PID 1148 wrote to memory of 3676	1148	RdrCEF.exe	RdrCEF.exe
PID 1148 wrote to memory of 3676	1148	RdrCEF.exe	RdrCEF.exe
PID 1148 wrote to memory of 3676	1148	RdrCEF.exe	RdrCEF.exe
PID 1148 wrote to memory of 3676	1148	RdrCEF.exe	RdrCEF.exe
PID 1148 wrote to memory of 3676	1148	RdrCEF.exe	RdrCEF.exe
PID 1148 wrote to memory of 3676	1148	RdrCEF.exe	RdrCEF.exe
PID 1148 wrote to memory of 3676	1148	RdrCEF.exe	RdrCEF.exe
PID 1148 wrote to memory of 3676	1148	RdrCEF.exe	RdrCEF.exe
PID 1148 wrote to memory of 3676	1148	RdrCEF.exe	RdrCEF.exe
PID 1148 wrote to memory of 3676	1148	RdrCEF.exe	RdrCEF.exe
PID 1148 wrote to memory of 3676	1148	RdrCEF.exe	RdrCEF.exe
PID 1148 wrote to memory of 3676	1148	RdrCEF.exe	RdrCEF.exe
PID 1148 wrote to memory of 3676	1148	RdrCEF.exe	RdrCEF.exe
PID 1148 wrote to memory of 3676	1148	RdrCEF.exe	RdrCEF.exe
PID 1148 wrote to memory of 3676	1148	RdrCEF.exe	RdrCEF.exe
PID 1148 wrote to memory of 3676	1148	RdrCEF.exe	RdrCEF.exe
PID 1148 wrote to memory of 3676	1148	RdrCEF.exe	RdrCEF.exe
PID 1148 wrote to memory of 3676	1148	RdrCEF.exe	RdrCEF.exe
PID 1148 wrote to memory of 3676	1148	RdrCEF.exe	RdrCEF.exe
PID 1148 wrote to memory of 3676	1148	RdrCEF.exe	RdrCEF.exe
PID 1148 wrote to memory of 4136	1148	RdrCEF.exe	RdrCEF.exe
PID 1148 wrote to memory of 4136	1148	RdrCEF.exe	RdrCEF.exe
PID 1148 wrote to memory of 4136	1148	RdrCEF.exe	RdrCEF.exe
PID 1148 wrote to memory of 4136	1148	RdrCEF.exe	RdrCEF.exe
PID 1148 wrote to memory of 4136	1148	RdrCEF.exe	RdrCEF.exe
PID 1148 wrote to memory of 4136	1148	RdrCEF.exe	RdrCEF.exe
PID 1148 wrote to memory of 4136	1148	RdrCEF.exe	RdrCEF.exe
PID 1148 wrote to memory of 4136	1148	RdrCEF.exe	RdrCEF.exe
PID 1148 wrote to memory of 4136	1148	RdrCEF.exe	RdrCEF.exe
PID 1148 wrote to memory of 4136	1148	RdrCEF.exe	RdrCEF.exe
PID 1148 wrote to memory of 4136	1148	RdrCEF.exe	RdrCEF.exe
PID 1148 wrote to memory of 4136	1148	RdrCEF.exe	RdrCEF.exe
PID 1148 wrote to memory of 4136	1148	RdrCEF.exe	RdrCEF.exe
PID 1148 wrote to memory of 4136	1148	RdrCEF.exe	RdrCEF.exe
PID 1148 wrote to memory of 4136	1148	RdrCEF.exe	RdrCEF.exe
PID 1148 wrote to memory of 4136	1148	RdrCEF.exe	RdrCEF.exe
PID 1148 wrote to memory of 4136	1148	RdrCEF.exe	RdrCEF.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Tool\Avatar Tools\Avatar PSN Tools.pdb"
1⤵
- Modifies registry class
PID:4888

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3416

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Tool\Avatar Tools\Avatar PSN Tools.pdb"
2⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:928

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1148

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=1A5F5B9B0D9F44C4B0E63897C27A8FBA --mojo-platform-channel-handle=1732 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
4⤵
- System Location Discovery: System Language Discovery
PID:3676

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=B5703EAFFF264AEABBB2422C775183F6 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=B5703EAFFF264AEABBB2422C775183F6 --renderer-client-id=2 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:1
4⤵
- System Location Discovery: System Language Discovery
PID:4136

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A8AB9400ECFA647CB11B25DA6B14EAAC --mojo-platform-channel-handle=2320 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
4⤵
- System Location Discovery: System Language Discovery
PID:2252

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F47C41F49C97B80B1DA4A33C8525A31C --mojo-platform-channel-handle=1852 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
4⤵
- System Location Discovery: System Language Discovery
PID:5016

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D3CBCF59B3EEA134AF1AC1B2438B76A5 --mojo-platform-channel-handle=1900 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
4⤵
- System Location Discovery: System Language Discovery
PID:4452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=2820,i,10369132178352108590,11047993562598554317,262144 --variations-seed-version --mojo-platform-channel-handle=3760 /prefetch:8
1⤵
PID:764

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4788

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fffad49cc40,0x7fffad49cc4c,0x7fffad49cc58
2⤵
PID:4440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1856,i,13922432414237994314,3505466971460263396,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1848 /prefetch:2
2⤵
PID:5080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1952,i,13922432414237994314,3505466971460263396,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2020 /prefetch:3
2⤵
PID:1792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2284,i,13922432414237994314,3505466971460263396,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2292 /prefetch:8
2⤵
PID:2184

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3168,i,13922432414237994314,3505466971460263396,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3176 /prefetch:1
2⤵
PID:216

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3204,i,13922432414237994314,3505466971460263396,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3344 /prefetch:1
2⤵
PID:2656

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4628,i,13922432414237994314,3505466971460263396,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4588 /prefetch:1
2⤵
PID:3104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4536,i,13922432414237994314,3505466971460263396,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4604 /prefetch:8
2⤵
PID:4700

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4560,i,13922432414237994314,3505466971460263396,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4856 /prefetch:8
2⤵
PID:3120

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4864,i,13922432414237994314,3505466971460263396,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4572 /prefetch:8
2⤵
PID:1636

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4520,i,13922432414237994314,3505466971460263396,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4764 /prefetch:8
2⤵
PID:708

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4640,i,13922432414237994314,3505466971460263396,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5128 /prefetch:1
2⤵
PID:3144

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3340,i,13922432414237994314,3505466971460263396,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3448 /prefetch:1
2⤵
PID:4316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4752,i,13922432414237994314,3505466971460263396,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4608 /prefetch:8
2⤵
PID:4632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5328,i,13922432414237994314,3505466971460263396,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5316 /prefetch:8
2⤵
- Modifies registry class
PID:2548

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3520,i,13922432414237994314,3505466971460263396,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3736 /prefetch:8
2⤵
PID:5540

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1120

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3928

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f8 0x2fc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
7afca66cb79448208c187ec0efd80944

SHA1
b65a95c014cd7d4f1c028e3fe543e763ec7ea185

SHA256
98d045f4e91f88b22f49706dbabb77be4114a951f382780312cdd3dc8cb2f75f

SHA512
3d97ed6d567049a170b9557be882c29de4d19ad605536c8b9f4a114fff1e9a18f525af1cf94f9cecc4c438a85e25fe3d5b21e842e3d71d576c016893bb524247

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
234KB

MD5
51679fb72aab06ddd5433d5dc42a8a0a

SHA1
e815f9499ba997a64d913a07622c4e47af3e7f06

SHA256
6da52508dc9819260f67bb68a72a087a64ef1cf0b18383ac0404381168d514e2

SHA512
c13cc3e359a6dfe9156fd46016a6a45fdb61424592a433cc7ff95c5122377e74ace9178348184a863c5692cdd01995e160862cf7050b4dd0f91ffd01fba1208b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
20KB

MD5
c81b620f62478ae71d3f19a691c3f7b3

SHA1
1e9b87e78c706b712cc6765288102d77e08b4927

SHA256
c10d789b9a08aebfbbcda53a5ac6ea4dd1adf5edc0afc0512f8b872946e4231d

SHA512
2cd4c0da0f9b466a83a16fd8a6ce0b8475fafb0fe7e3686e7091e67b6679950119eefd4abf27bdf8000fd2003cdb8e0420b5e1ad5064e1a204bdf8cbaa136fda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
47KB

MD5
02bac54636d00b4059602a7d04ee6d41

SHA1
181ea605fbf32bd2895a9170873b6356dc37748f

SHA256
28ba0b7e3fa6070799b7d8a5a166a1c05751948059604b835c7a9e53e5668fd6

SHA512
be83074f59ae14751cdca5ef08b5e4422754dd013a13f1071e4a58981d0accb17449f9764a0fc33577980b4f7ad67a8e6514162f761d91eafa5d17f22b27edfb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
5ff688085955048af9917e99b84d4071

SHA1
43139ab83455ca34af2ce47cc3da90134bd767a7

SHA256
f6d63fae7d01be8805e48621fa12d3718b7f01dd36c3a57e2afb60208750e0b4

SHA512
b120af0441bc33a506b0602eb4942b2993c138247f81eb8f06b53b3b66616072a9e98a0e9d9190d156e7722d8951116048e2cec03fa258642711bde604bd1441

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
685B

MD5
782d81517b7e32ed43caa5df00280be8

SHA1
5f3951c4f098e74a2de252d7270f887e7455f813

SHA256
c8c29452fcffaae98ae2be517b6e19120e96a8c422c98b30fad6f327f13f45dd

SHA512
a4337663400815b6a98001f1a9606750b237e66deca322752c43e4e7c735c09775b0cb9a8e227f9a34945f498440ce64c7773ccbc735d643b79a691d3fecce3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
849B

MD5
37c886f871dcbd0b3ebfcab10438762f

SHA1
d4cb344a6ff3de79f8d1a3c2c25a26659f8cac4a

SHA256
8964be7835853ed6671dd2a0868f4754b3cb71f7c06764f4e251d4503701f4a3

SHA512
365a6a83598ac2d9dd1fa4bcdd3ccaa14e566e42b1b166690c6d82365950f64cea9fd9d32962d1a495c7a6a9948ee6dbe2c51397a80f655eba2b1117e06ac3c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
849B

MD5
7fc3b4e3af7f5cde4545aa48724e3387

SHA1
758e8d227f7577b08b14852d6d38058c8845a56d

SHA256
fec3e041de5e53332dc885bcc872a5dd60a51510a2f3a039d7bd811f8ff1b19b

SHA512
386d7e4bd6cd69ed0273af92530ea0b1fb1e5e481a0e99563a17a00b39e1b998e94e316a609f89e2e0e55713d37c60f087915d408f7d8ba0cb5e4c5834638f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f8bf5ec8189d153d178ec9fdbf7514ed

SHA1
34a5a2bd34eb7017f603613f38debfb65e14e356

SHA256
33542cffa065a4fac146cdb3c93d442dabd6bed2e1f035c1bdaf6f7f385eef8b

SHA512
7c6c7bb81b1b8975371fc601d5f945760b1b1c934a55064a2a594538914b3e15432fbdd49abfeefc322eef880d9e4aba3be4a7e780323f51e865499e3c027354

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e613e9c3bce537b07dbd9864d07a2a2c

SHA1
61e93ae7ba46d373baaacdc96397bad78d6d56f6

SHA256
ef59fc1e31b49537ad589557df8f1ddb9e0c58c46ce3999cdfef37f0eaebeed4

SHA512
804b4ec00cdb4b6a1df5b0b9c74e93ac3ab73845b839ed9b13a2c7e5be9a262cc9b9e059052b4e167173de5d83d4e531b7d038648f890f4e173155698369c9e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c247ac46a3cc0513c958df59234261ad

SHA1
4058b1e37a456bf010e675942f2afef7a84c3ddf

SHA256
cf0e9e115d797fe8a296b10d96ead06d2c0b20a08454ac430345d8bccefb50c5

SHA512
73db6d792c8d5fb6e43fe455251102ee2f81cd8254f300e45f20fa624e8bc0feaaf0bdd2442f3304ce63862d328d637c1f76953ea25e4938260b07dc613ba367

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d68452b5cddea85bd6d309067b9ff160

SHA1
aa564b3274f86b83fc04289be05874d0124f7c69

SHA256
605ee0fb850aa0206329157098b8bf432aa89b3a2f1988f3c7e8a976c97ca8ac

SHA512
563990420f1dcdbdccb83eec53135c9ed4c50e85311167d34c37d6a3e298ee9abbd92ab607a7acdbfa48970d202f76ba456ff103d5b1407b323d5129a7e492e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
ef483ecd5f1160b3ea4267c3109ec196

SHA1
198b294383cf1c4e05f47edd37c0c6bafd611b1d

SHA256
27be1eb7f853fdc2f958f5818a3a6533541e9304e28dbf855dff187a58446b61

SHA512
2bcc7aebd42edfca2473490e1dc0da57c6acf0beccc14553543c91d5d7e47a333ae78abb869a8f07bff69e2b6107ddb2e7c829901f737004110b682a8749d6cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\00936355-e165-4bc2-84d4-7480a8c46b0e\index-dir\the-real-index

Filesize
2KB

MD5
ad22080def57307027ca7f79dd7ba691

SHA1
51fe04ef79e7e674b20917c04c941d905899f468

SHA256
96f5341958b73fa6da60c5ddfe128db948cec5315f15cb32bbbeb9cd1fc12a2d

SHA512
16ead66cbbfc6fe6bc99c9667ebf12938174ffe3535ee11ea95e6f40fe07a97944818edbf7caab2e6d56ae295dec34cfc55b1d9065a97c098a3adc7a71eec43d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\00936355-e165-4bc2-84d4-7480a8c46b0e\index-dir\the-real-index

Filesize
2KB

MD5
e75c034476303f20b203cd8b582d100c

SHA1
6e71919467cf8c58ec97eff154b85cfcdd920b02

SHA256
8ca31f23b4da23b3de88a510498757690c70a4fd7b6ecd765ce1eaa62a567f2d

SHA512
138c981d1ee8194fda5a1c02ef5061ea781d7eb187f70a313134552f3adad589d2f20c02531ac09002f63e36f39bbb144ae9bef5f04a81bf3ec8d18370e72a44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\00936355-e165-4bc2-84d4-7480a8c46b0e\index-dir\the-real-index~RFe5a012a.TMP

Filesize
48B

MD5
4b90446aacd5e227b5626a09de534ac0

SHA1
74c6cf357a5a7707350bf3206bce34baefcbd92a

SHA256
6377129a13ec20db09f43e978b9e4104d2a269bfe513c0ed70401cac035aebe7

SHA512
df8800275b25c6c31dade7c732a1433ca08a9e9d75e00d774b10962566a96fe1079f2d13b952701c774b3e9bc840943e7da2d5457bd699ea3534916510d67dce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\72f63f3b-4086-4c44-9ecd-d685ba76abdc\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\72f63f3b-4086-4c44-9ecd-d685ba76abdc\index-dir\the-real-index

Filesize
624B

MD5
39049a479dbab50532a6f5fd7c74fefe

SHA1
eecb397dcdb904951087ec99ff89f33dd8616cfa

SHA256
0d371bd0c6d4b85d8d65e65d94d4f5003012bdc103bb5fb5c2febe355890dab2

SHA512
222e792135346c0ccc5bcd09a057d8594831582fe710ddc27693ba192b8e340e6a268e74dceba46f68df56752ddda03e57b9102f562fda2e9ea2a3adcbf3bd3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\72f63f3b-4086-4c44-9ecd-d685ba76abdc\index-dir\the-real-index~RFe5a5c5a.TMP

Filesize
48B

MD5
c196e5180f2fab27a5cf2465565be912

SHA1
07c9d1b52d811f55b1bc8ecbc26f9f90e2987f8a

SHA256
80353a45a4df8ee0bbbc5bc95b364a83dc4443f4f678213583499715b9f8af9c

SHA512
ad435ee7538b6b23e72cc9c3cadbfa17bc9e2dd822c3004a2e6eb42282ebe48033abb031322bbb8236e6cd8325bd7ece7dfc88937e492b1b4ac85bf5e54d26ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
178B

MD5
2fe87fe5175ae5f4f2ae3261522fdb47

SHA1
fd66e513a18baaa0dda451520fede9b672e342fb

SHA256
f9352d97b108d665adad1795636e38fada3559bd1d69b66550d68449b21d3c35

SHA512
76d31eb4693581c12845297612e19319a5dc7d282515fe04354f382fc31b0b0234ea3818b67e2d5fa1ec53e624faf120dd71a2f551af0fde304146ff9d96258e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
505e61f4ca9ebb6a0005879840032c5f

SHA1
b52fe06d45f5bae2dde56414d909cfce1a6d0cd8

SHA256
2724cd6e66104461e11d66d008b40d88009068fa90b1967a0c35861c63986693

SHA512
d3dbff98a3072a3f9711b850b2d4124fa57ee50cb5c4201ff496e22d148744a919aa1eebfe4be85ca47f239875d03d8e3cfb5f7d8ebc52faea3f420597491457

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
183B

MD5
93d98a18d597b46ab193f046e6b397fb

SHA1
463e9907509287e6639581e6aad848dd59bf9f34

SHA256
cd2f53a002b26d870b299555d3b5e87f51691f9bb785885497f8ed4a99e6dcf9

SHA512
ab3fc927be878237c4f958eb56bd9bebeeefa344923f3b4b9b09c416e8800a1c86b5bded5e8577ada3ddcbac885ec7c04acbca43c25f9b9a70074018c200db8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
90908f1dadfcab5733141b3a493d0d2e

SHA1
d6fa5bcd60e902cf8506bb3b9139c5b33153e76a

SHA256
bc4d2e74a2c0645f944e403c610be566bafb6df1fc0c0ab317af14c1447358c0

SHA512
81793b4f5d826367b0c6fc82e74e58b99b298ea50ecf257a8c072c0c7b026ea2b0bfa24c7fd32a8063f879bb9345fbbbdcc01a9c3bcd6ddc1b937e47ba9c653b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
187B

MD5
cd5a8b95ca7d361f7c61494bfaaa6e61

SHA1
7726ef5f553db23a586d75654d55741b1f370059

SHA256
a6d459a32f74aa177de59fbd7362e7c728a6d20433593ed5de44590edb7f5b01

SHA512
5db2121e68d0abd8883ecaffd523b14fa3f6580b82fa7ba7304341a0fab2a75463948607a6e3ffa75b66994f48e73464a298c3d92a07612abb9432910e152b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
94ed125116a76900afa028216a7dfcca

SHA1
c38cc91888a6e20886465ecbf5c87d6deae9baa1

SHA256
61b36255e497920579f4b1d43009f233e9babd815957e83b08fd06d36611471c

SHA512
73970a3dd5e336a791118feff3063f6c9c197260b0cb7ab02fb2c54702cec4e2eac12ed4839ae0e5563b2cd8e71e60899fe7fd204b2d7f37192705f2ab49cc26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe59bde7.TMP

Filesize
119B

MD5
8ccf5b4b781b2706d7193df9ff7f14a0

SHA1
f8998f2ceafb8a3ba804ed938faa8a32058e2702

SHA256
ed0def149b64412a7e52b24d3ccabaeb251abf98b5bdfac1bf5197f198e38cdc

SHA512
eac75f344e66f4b490862aeec2c52af155c62a201c53f7e9d42733482f0dac8440392fd3cf825f144db5cb462f35faa334689491fc14e664b4b1b5f08a086776

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
c7d1ce961f4604175487f3ec9a450090

SHA1
1ca0759905b259eea437f50977fea2375eca5418

SHA256
9a7bf8e0485716800be5324796f54aa3e9f6bc3e414910d70cad49daf5b3a06f

SHA512
bb35f21d5d8f999951d2b6234b2100e716d63be17ba14d61d0338e1cfd471f3d9552f52bb09d4fdad931cff275988a61699d5baea5acfce13d3e6d52d5b0ff2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Shortcuts Menu Icons\Monochrome\1\512.png

Filesize
10KB

MD5
529a0ad2f85dff6370e98e206ecb6ef9

SHA1
7a4ff97f02962afeca94f1815168f41ba54b0691

SHA256
31db550eb9c0d9afd316dc85cdfd832510e2c48e7d37d4a610c175667a4599c6

SHA512
d00e2d741a0a6321c92a4aab632f8f3bafd33c0e2875f37868e195ed5e7200a647b4c83358edcef5fc7acbc5c57f70410903f39eac76e23e88a342ac5c9c21cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4348_192095512\Shortcuts Menu Icons\0\512.png

Filesize
2KB

MD5
206fd9669027c437a36fbf7d73657db7

SHA1
8dee68de4deac72e86bbb28b8e5a915df3b5f3a5

SHA256
0d17a989f42bc129aca8e755871a7025acb6292ce06ca2437e95bedbc328fa18

SHA512
2c89878ec8466edf1f214d918aefc6a9b3de46d06ffacff4fdb85566560e94068601b1e4377d9d2eabefdc1c7f09eb46b00cf4545e377cc84a69edf8e57e48b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
212KB

MD5
c341cf2417e16f90b82804f73af5b02a

SHA1
ebdb224e07fc4eba11f621afe2ae9d3790e0549f

SHA256
ef47bd35b21ff86479e478028a6e718816f134aa97226bf059723c2c26dd33e5

SHA512
ae1078ba89864d79aa6aaa7fe5a36e6245751514262b77823edd71f36a8b6a1f3fae25d3726325778a70aaf031cd860da893ecd4d58c6440325922f3ff459bbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
212KB

MD5
2a299f95b6a845909f12fc78ae287432

SHA1
8143423d62a19f23ae62ae7a8bbcb9d73b6c302c

SHA256
05d59b97b9825ff5c736819d90c8e8b3ee80170d63ce4404d0a62c32732e29e5

SHA512
b804bd9d4ca30ab811c98e4f1a168a1a97b37535ced547dbd23746c53b14c914144200044e6941d3600dba758db8e459a9bfb81070a80a9bcb8ab36becf56d8a

Download Submit
\??\pipe\crashpad_4348_FBKOFHWRSEIUYARK

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit