hxxps://drive[.]google[.]com/file/d/1Z58H69zc1RMfl00Mny4UTpyy26XCzqOo/view?usp=sharing

Analysis

max time kernel
45s
max time network
47s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13-11-2024 15:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1Z58H69zc1RMfl00Mny4UTpyy26XCzqOo/view?usp=sharing

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
6	drive.google.com
8	drive.google.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133759854834347016"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1716	chrome.exe
1716	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe
Token: SeShutdownPrivilege	1716	chrome.exe
Token: SeCreatePagefilePrivilege	1716	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
5068	AcroRd32.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe
1716	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
5068	AcroRd32.exe
5068	AcroRd32.exe
5068	AcroRd32.exe
5068	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1716 wrote to memory of 4268	1716	chrome.exe	83
PID 1716 wrote to memory of 4268	1716	chrome.exe	83
PID 1716 wrote to memory of 2888	1716	chrome.exe	84
PID 1716 wrote to memory of 2888	1716	chrome.exe	84
PID 1716 wrote to memory of 2888	1716	chrome.exe	84
PID 1716 wrote to memory of 2888	1716	chrome.exe	84
PID 1716 wrote to memory of 2888	1716	chrome.exe	84
PID 1716 wrote to memory of 2888	1716	chrome.exe	84
PID 1716 wrote to memory of 2888	1716	chrome.exe	84
PID 1716 wrote to memory of 2888	1716	chrome.exe	84
PID 1716 wrote to memory of 2888	1716	chrome.exe	84
PID 1716 wrote to memory of 2888	1716	chrome.exe	84
PID 1716 wrote to memory of 2888	1716	chrome.exe	84
PID 1716 wrote to memory of 2888	1716	chrome.exe	84
PID 1716 wrote to memory of 2888	1716	chrome.exe	84
PID 1716 wrote to memory of 2888	1716	chrome.exe	84
PID 1716 wrote to memory of 2888	1716	chrome.exe	84
PID 1716 wrote to memory of 2888	1716	chrome.exe	84
PID 1716 wrote to memory of 2888	1716	chrome.exe	84
PID 1716 wrote to memory of 2888	1716	chrome.exe	84
PID 1716 wrote to memory of 2888	1716	chrome.exe	84
PID 1716 wrote to memory of 2888	1716	chrome.exe	84
PID 1716 wrote to memory of 2888	1716	chrome.exe	84
PID 1716 wrote to memory of 2888	1716	chrome.exe	84
PID 1716 wrote to memory of 2888	1716	chrome.exe	84
PID 1716 wrote to memory of 2888	1716	chrome.exe	84
PID 1716 wrote to memory of 2888	1716	chrome.exe	84
PID 1716 wrote to memory of 2888	1716	chrome.exe	84
PID 1716 wrote to memory of 2888	1716	chrome.exe	84
PID 1716 wrote to memory of 2888	1716	chrome.exe	84
PID 1716 wrote to memory of 2888	1716	chrome.exe	84
PID 1716 wrote to memory of 2888	1716	chrome.exe	84
PID 1716 wrote to memory of 2808	1716	chrome.exe	85
PID 1716 wrote to memory of 2808	1716	chrome.exe	85
PID 1716 wrote to memory of 1040	1716	chrome.exe	86
PID 1716 wrote to memory of 1040	1716	chrome.exe	86
PID 1716 wrote to memory of 1040	1716	chrome.exe	86
PID 1716 wrote to memory of 1040	1716	chrome.exe	86
PID 1716 wrote to memory of 1040	1716	chrome.exe	86
PID 1716 wrote to memory of 1040	1716	chrome.exe	86
PID 1716 wrote to memory of 1040	1716	chrome.exe	86
PID 1716 wrote to memory of 1040	1716	chrome.exe	86
PID 1716 wrote to memory of 1040	1716	chrome.exe	86
PID 1716 wrote to memory of 1040	1716	chrome.exe	86
PID 1716 wrote to memory of 1040	1716	chrome.exe	86
PID 1716 wrote to memory of 1040	1716	chrome.exe	86
PID 1716 wrote to memory of 1040	1716	chrome.exe	86
PID 1716 wrote to memory of 1040	1716	chrome.exe	86
PID 1716 wrote to memory of 1040	1716	chrome.exe	86
PID 1716 wrote to memory of 1040	1716	chrome.exe	86
PID 1716 wrote to memory of 1040	1716	chrome.exe	86
PID 1716 wrote to memory of 1040	1716	chrome.exe	86
PID 1716 wrote to memory of 1040	1716	chrome.exe	86
PID 1716 wrote to memory of 1040	1716	chrome.exe	86
PID 1716 wrote to memory of 1040	1716	chrome.exe	86
PID 1716 wrote to memory of 1040	1716	chrome.exe	86
PID 1716 wrote to memory of 1040	1716	chrome.exe	86
PID 1716 wrote to memory of 1040	1716	chrome.exe	86
PID 1716 wrote to memory of 1040	1716	chrome.exe	86
PID 1716 wrote to memory of 1040	1716	chrome.exe	86
PID 1716 wrote to memory of 1040	1716	chrome.exe	86
PID 1716 wrote to memory of 1040	1716	chrome.exe	86
PID 1716 wrote to memory of 1040	1716	chrome.exe	86
PID 1716 wrote to memory of 1040	1716	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/1Z58H69zc1RMfl00Mny4UTpyy26XCzqOo/view?usp=sharing
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff99bafcc40,0x7ff99bafcc4c,0x7ff99bafcc58
  2⤵
  PID:4268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1972,i,14343005700583411563,11719310082255524375,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1968 /prefetch:2
  2⤵
  PID:2888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1796,i,14343005700583411563,11719310082255524375,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2584 /prefetch:3
  2⤵
  PID:2808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2148,i,14343005700583411563,11719310082255524375,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2620 /prefetch:8
  2⤵
  PID:1040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,14343005700583411563,11719310082255524375,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3132 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3136,i,14343005700583411563,11719310082255524375,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:2728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4536,i,14343005700583411563,11719310082255524375,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4516 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4860,i,14343005700583411563,11719310082255524375,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4872 /prefetch:8
  2⤵
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4808,i,14343005700583411563,11719310082255524375,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4812 /prefetch:8
  2⤵
  PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4360,i,14343005700583411563,11719310082255524375,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3840 /prefetch:1
  2⤵
  PID:1740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5456,i,14343005700583411563,11719310082255524375,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5472 /prefetch:2
  2⤵
  PID:2176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --pdf-renderer --lang=en-US --js-flags=--jitless --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5156,i,14343005700583411563,11719310082255524375,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:2796

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:696

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1348

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4116

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\Cover letter for Doctorate MhD Raaf Anwa MBA Engg Aus.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:5068
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3108
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=BD76B779EAFB419D675588145E9455FD --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=BD76B779EAFB419D675588145E9455FD --renderer-client-id=2 --mojo-platform-channel-handle=1768 --allow-no-sandbox-job /prefetch:1
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2256
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=1D61E7C6028DF02B22D96D9438780868 --mojo-platform-channel-handle=1776 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1648
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=6E59CD1539EF0822D2156AD531FD876C --mojo-platform-channel-handle=2328 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5212
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=4EE156EF488F4DC14B0E27E7C7070ADA --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=4EE156EF488F4DC14B0E27E7C7070ADA --renderer-client-id=5 --mojo-platform-channel-handle=2352 --allow-no-sandbox-job /prefetch:1
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5228
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=22537FD1EEA75C5ACE88A9BB13DA73D5 --mojo-platform-channel-handle=2688 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5400
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C35F86F94E32C5B9A065166AE3F9C12D --mojo-platform-channel-handle=1780 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
30798d5c4d0e0a924ff249b87fbd4c1b

SHA1
d2c83dfb6c95a3f393263267befcfa70d65b0335

SHA256
eb49d54b34fd402bd164cffea4b86cc746575674f7b660ba73f738c5658e1477

SHA512
9cb333c4ff304d690051c9846b71965bd66a08603daf4f704e035f9e83a72b0093bf4dc8829778947c59fde1250755ddd4c7296a201efd6c79f09a7c07633ff2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
528B

MD5
9e3c1302b8ee99399abb9d7965353cbe

SHA1
1a093d915a624c087d5e64604dba2fe07c4e0de4

SHA256
d8e4424f949891d86f45f0a560dc21b6f06db7898985b8e2200fb7359f567370

SHA512
af5d46d1522b0a6ba3f3936dadd5144d68b8cca934b569ccb30af53baa019c683fc32085abdc85b1f0624379e352c62d8804e7fb095bb477ec7799064b2c92e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1d71e30afbd3135bfa2ff52b145fd8fc

SHA1
11c4ec101ffc6892e04110383588d85dbe3e29e8

SHA256
7284db92e660f0a64c02fab41991612c8850b9ae63725b895f5c0fca21866b46

SHA512
499f391acbeb4133afbf05cd48406eef0cb4409ed7c08670b0907d3232ee86ac52b9ebeeda261a1d0e7bf0515d7ed2f2031e4cfcdf3d4b286e8f198cc6002934

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9d50b3a9116c13834e367f66c5ad9bdd

SHA1
d257a26feb44d01bc6d4cf11eb25f783d275a745

SHA256
b28fc0eeb7ed6af115d03ed59a7a1768a0405b838e5bcc27b7dbb061f5a09036

SHA512
d37cbac8a6fdf6660267c2eca6d64c40062fed8ce3acdd09b158a81a1fc4ad699bb9a57437ebbf205afbc4f173fea4ec0bb3563c630e43320be6f5ab3e95bc58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
074f955ebcaa80587ba08e801d27ded8

SHA1
cb51daa514c4397817c1ace20941d90b187d8839

SHA256
1bd5f23316340cbc80aaa099071be9103eedb8492b6a4a31d95014fd862c2adf

SHA512
cea5d3d70dafbf5d49a2ab3bc14ce80bf22e9784f704c745d9536587622d9201815cc8c481d75e80c669812720d1003016c9218e687cefb1095c6f02c6111eea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
87bd03522886c72321e31d15b3cbf194

SHA1
3a6161eb752f9089a73bfcc6d90f0feec0b3fb72

SHA256
74866118d00e42357e9204040f4bf80e3c0488b9845d3c4088bd4257ae472965

SHA512
262f1360d520d7236eb903df5ea19156c91fba0915909f1dba5d2b6a8e9dffba796f35839de582b42d12e5e88a900f2db8ecc59e09322d4fa95bd23d1380a3c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
043198b38bac44098c50678f4e8456e0

SHA1
942613018ccda04596756abca4d5a4fb211edfd3

SHA256
2cd6b6abbef7d7c9ef819bb4450435704707f0e5837a9cde23706ae7e5b89d1f

SHA512
293900d4f4afc606eb74217ed383ec38cb57955cc39e4fd3f527e85c4dbb5559d0665ab8f0325bbc3a61708e49e12d8dee4162ba9006f18f0741197ab8172989

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
ec1f292dc42583bfbdf5c9ee61587210

SHA1
9edc659aa7ea9a7ba52ba572def773242fdb1c8d

SHA256
8d6d07cca407b29a1d662c1d5826a2b14a80686c480493dc011b9269d7d839a5

SHA512
8fb116fe9adebf1c5f2bea9d714b800182502d02d8c7a75be706122fc298d1c5f687acf1d400f75f2f511568698fec510cdaf0a408bacb0d24c3385835c2efed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
8926f85c49089929b537143614c67220

SHA1
44d8d5c926da8138051cfb63209998cee19c48b8

SHA256
87f3dd6fc71d7aa164a1a615f1fe1ffcf7e9847d322252dba5e1b82ffea3b55b

SHA512
af39ad8652169b7f58253cf4dd59287929ab5a6b79363d314b2d1f83faa7cf1b675e7d665383ec2a35ccea8a30d823f83a3001b36605eae8f3cea9bcb3da6e48

Download Submit
C:\Users\Admin\Downloads\Cover letter for Doctorate MhD Raaf Anwa MBA Engg Aus.pdf.crdownload

Filesize
655KB

MD5
df1a071fe1bc42cb9f6813f59ce69bdb

SHA1
b84f5247465265e72ce92bb7dd971cff31a9e768

SHA256
7d5323c3b09dfe19a9912beb59e4c718c0a32204016b1fa3dc84f30b4af62a68

SHA512
fb40f068b09fc2d2e41567d95ad795713b4c4043cbb7ffc341b1eeae62cdcef55bbd459764c743bd443274fda088df215a227bcf7b1c94d4c5beb1612baeaffd

Download Submit