01ae86e82b5ea6a04ac3d390585ddaa2d639d605785c01d4c3381c16a42acb10

Resubmissions

19-12-2024 13:39

241219-qx1nratncw 6

19-12-2024 13:32

241219-qtc4aatren 10

Analysis

max time kernel
357s
max time network
359s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
19-12-2024 13:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dog.jpg
Size

5KB
MD5

9535f14c249d78adce4b3aaea2840453
SHA1

816dae2bb35a8c44078ac77b557a8f32e85c7cc1
SHA256

01ae86e82b5ea6a04ac3d390585ddaa2d639d605785c01d4c3381c16a42acb10
SHA512

46dba79957d2b8d23005580be926b5703464c57017e19dcddb6a31d2fc4129f46d9078915ca96899b03c2c91f33b17b7829e2787e04cb521ea2d308d5573736b
SSDEEP

96:konLe3wfxJ3znYWrOFIyaXi/Ky/p8USrfr3BsixUD68ybD:hLe3E6paXty/6LD3Bsixm68ybD

Score

6^/10

discovery

Malware Config

Signatures

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\desktop.ini	AcroRd32.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\create_form.gif	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\distribute_form.gif	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviews_joined.gif	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can.fca	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\DefaultID.pdf	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\form_responses.gif	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\server_lg.gif	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\warning.gif	AcroRd32.exe
File opened for modification	C:\Program Files\desktop.ini	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\ahclient.dll	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Onix32.dll	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\PDFSigQFormalRep.pdf	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\bl.gif	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\br.gif	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOnNotificationInAcrobat.gif	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MinionPro-BoldIt.otf	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_US.txt	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AGMGPUOptIn.ini	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\JP2KLib.dll	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\end_review.gif	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOffNotificationInAcrobat.gif	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd-Bold.otf	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\PFM\zy______.pfm	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\FDFFile_8.ico	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can.hyp	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\XDPFile_8.ico	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt55.ths	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\ICELAND.TXT	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\prc\MyriadCAD.otf	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviewers.gif	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\rss.gif	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd-Oblique.otf	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-Regular.otf	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_same_reviewers.gif	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\symbol.txt	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\CROATIAN.TXT	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\cryptocme2.dll	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\AdobeID.pdf	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_browser.gif	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\server_ok.gif	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\ReadMe.htm	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can03.ths	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\pmd.cer	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\LogTransport2.dll	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1251.TXT	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1252.TXT	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\atl.dll	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\license.html	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\forms_received.gif	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\info.gif	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1257.TXT	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\9.0\helpmap.txt	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\SignHere.pdf	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\tr.gif	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOnNotificationInTray.gif	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\ZX______.PFB	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_GB.txt	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\UKRAINE.TXT	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1254.TXT	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\cryptocme2.sig	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroSign.prc	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\email_initiator.gif	AcroRd32.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\usa37.hyp	AcroRd32.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe

Office loads VBA resources, possible macro or embedded object present

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor	DllHost.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor	DllHost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	DllHost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	DllHost.exe

Enumerates system info in registry 2 TTPs 7 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 00000000ffffffff	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 9e0000001a00eebbfe23000010007db10d7bd29c934a973346cc89022e7c00002a0000000000efbe000000200000000000000000000000000000000000000000000000000100000020002a0000000000efbe7e47b3fbe4c93b4ba2bad3f5d3cd46f98207ba827a5b6945b5d7ec83085f08cc20002a0000000000efbe000000200000000000000000000000000000000000000000000000000100000020000000	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlgLegacy\TV_TopViewVersion = "0"	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlgLegacy\{631958A6-AD0F-4035-A745-28AC066DC6ED}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000050000001800000030f125b7ef471a10a5f102608c9eebac0a000000a0000000b474dbf787420341afbaf1b13dcd75cf64000000a000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000900444648b4cd1118b70080036b11a030300000078000000	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlgLegacy\{631958A6-AD0F-4035-A745-28AC066DC6ED}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\Sort = 000000000000000000000000000000000200000030f125b7ef471a10a5f102608c9eebac0a0000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlgLegacy\{C4D98F09-6124-4FE0-9942-826416082DA9}\Mode = "6"	AcroRd32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlgLegacy	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlgLegacy	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlgLegacy\{C4D98F09-6124-4FE0-9942-826416082DA9}\IconSize = "48"	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 = 19002f433a5c000000000000000000000000000000000000000000	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlgLegacy	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlgLegacy\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlgLegacy\{C4D98F09-6124-4FE0-9942-826416082DA9}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlgLegacy\{C4D98F09-6124-4FE0-9942-826416082DA9}\GroupView = "0"	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlgLegacy\{C4D98F09-6124-4FE0-9942-826416082DA9}\GroupByKey:PID = "0"	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	AcroRd32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}"	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlgLegacy\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\IconSize = "16"	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlgLegacy\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\FFlags = "1"	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlgLegacy\{C4D98F09-6124-4FE0-9942-826416082DA9}\LogicalViewMode = "2"	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlgLegacy\{631958A6-AD0F-4035-A745-28AC066DC6ED}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\MRUListEx = 00000000ffffffff	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0 = 9400310000000000e858ee7c110050524f4752417e3200007c0008000400efbeee3a851ae858ee7c2a00000011010000000001000000000000000000520000000000500072006f006700720061006d002000460069006c0065007300200028007800380036002900000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003700000018000000	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlgLegacy\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\Mode = "4"	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlgLegacy\{631958A6-AD0F-4035-A745-28AC066DC6ED}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\LogicalViewMode = "3"	AcroRd32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlgLegacy\TV_TopViewID = "{82BA0782-5B7A-4569-B5D7-EC83085F08CC}"	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f4225481e03947bc34db131e946b44c8dd50000	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlgLegacy\{FBB3477E-C9E4-4B3B-A2BA-D3F5D3CD46F9}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\LogicalViewMode = "1"	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 9e0000001a00eebbfe23000010002f921e494356f44aa7eb4e7a138d817400002a0000000000efbe000000200000000000000000000000000000000000000000000000000100000020002a0000000000efbea65819630fad3540a74528ac066dc6ed8207ba827a5b6945b5d7ec83085f08cc20002a0000000000efbe000000200000000000000000000000000000000000000000000000000100000020000000	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\ComDlgLegacy\{631958A6-AD0F-4035-A745-28AC066DC6ED}\{82BA0782-5B7A-4569-B5D7-EC83085F08CC}\FFlags = "1"	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx = 00000000ffffffff	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlot = "2"	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\NodeSlot = "3"	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	AcroRd32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlgLegacy\TV_TopViewID = "{82BA0782-5B7A-4569-B5D7-EC83085F08CC}"	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "4"	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlgLegacy\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlgLegacy\{C4D98F09-6124-4FE0-9942-826416082DA9}\GroupByDirection = "1"	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "4"	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlgLegacy	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlgLegacy\{C4D98F09-6124-4FE0-9942-826416082DA9}\FFlags = "1092616193"	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\NodeSlot = "6"	AcroRd32.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2140	EXCEL.EXE

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
2916	chrome.exe
2916	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2208	AcroRd32.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe
Token: SeShutdownPrivilege	2916	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2404	rundll32.exe
2404	rundll32.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2208	AcroRd32.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
2916	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe
580	chrome.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
2140	EXCEL.EXE
2140	EXCEL.EXE
2140	EXCEL.EXE
2208	AcroRd32.exe
2208	AcroRd32.exe
2208	AcroRd32.exe
2208	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2916 wrote to memory of 2552	2916	chrome.exe	34
PID 2916 wrote to memory of 2552	2916	chrome.exe	34
PID 2916 wrote to memory of 2552	2916	chrome.exe	34
PID 2916 wrote to memory of 2760	2916	chrome.exe	36
PID 2916 wrote to memory of 2760	2916	chrome.exe	36
PID 2916 wrote to memory of 2760	2916	chrome.exe	36
PID 2916 wrote to memory of 2760	2916	chrome.exe	36
PID 2916 wrote to memory of 2760	2916	chrome.exe	36
PID 2916 wrote to memory of 2760	2916	chrome.exe	36
PID 2916 wrote to memory of 2760	2916	chrome.exe	36
PID 2916 wrote to memory of 2760	2916	chrome.exe	36
PID 2916 wrote to memory of 2760	2916	chrome.exe	36
PID 2916 wrote to memory of 2760	2916	chrome.exe	36
PID 2916 wrote to memory of 2760	2916	chrome.exe	36
PID 2916 wrote to memory of 2760	2916	chrome.exe	36
PID 2916 wrote to memory of 2760	2916	chrome.exe	36
PID 2916 wrote to memory of 2760	2916	chrome.exe	36
PID 2916 wrote to memory of 2760	2916	chrome.exe	36
PID 2916 wrote to memory of 2760	2916	chrome.exe	36
PID 2916 wrote to memory of 2760	2916	chrome.exe	36
PID 2916 wrote to memory of 2760	2916	chrome.exe	36
PID 2916 wrote to memory of 2760	2916	chrome.exe	36
PID 2916 wrote to memory of 2760	2916	chrome.exe	36
PID 2916 wrote to memory of 2760	2916	chrome.exe	36
PID 2916 wrote to memory of 2760	2916	chrome.exe	36
PID 2916 wrote to memory of 2760	2916	chrome.exe	36
PID 2916 wrote to memory of 2760	2916	chrome.exe	36
PID 2916 wrote to memory of 2760	2916	chrome.exe	36
PID 2916 wrote to memory of 2760	2916	chrome.exe	36
PID 2916 wrote to memory of 2760	2916	chrome.exe	36
PID 2916 wrote to memory of 2760	2916	chrome.exe	36
PID 2916 wrote to memory of 2760	2916	chrome.exe	36
PID 2916 wrote to memory of 2760	2916	chrome.exe	36
PID 2916 wrote to memory of 2760	2916	chrome.exe	36
PID 2916 wrote to memory of 2760	2916	chrome.exe	36
PID 2916 wrote to memory of 2760	2916	chrome.exe	36
PID 2916 wrote to memory of 2760	2916	chrome.exe	36
PID 2916 wrote to memory of 2760	2916	chrome.exe	36
PID 2916 wrote to memory of 2760	2916	chrome.exe	36
PID 2916 wrote to memory of 2760	2916	chrome.exe	36
PID 2916 wrote to memory of 2760	2916	chrome.exe	36
PID 2916 wrote to memory of 2760	2916	chrome.exe	36
PID 2916 wrote to memory of 2772	2916	chrome.exe	37
PID 2916 wrote to memory of 2772	2916	chrome.exe	37
PID 2916 wrote to memory of 2772	2916	chrome.exe	37
PID 2916 wrote to memory of 1916	2916	chrome.exe	38
PID 2916 wrote to memory of 1916	2916	chrome.exe	38
PID 2916 wrote to memory of 1916	2916	chrome.exe	38
PID 2916 wrote to memory of 1916	2916	chrome.exe	38
PID 2916 wrote to memory of 1916	2916	chrome.exe	38
PID 2916 wrote to memory of 1916	2916	chrome.exe	38
PID 2916 wrote to memory of 1916	2916	chrome.exe	38
PID 2916 wrote to memory of 1916	2916	chrome.exe	38
PID 2916 wrote to memory of 1916	2916	chrome.exe	38
PID 2916 wrote to memory of 1916	2916	chrome.exe	38
PID 2916 wrote to memory of 1916	2916	chrome.exe	38
PID 2916 wrote to memory of 1916	2916	chrome.exe	38
PID 2916 wrote to memory of 1916	2916	chrome.exe	38
PID 2916 wrote to memory of 1916	2916	chrome.exe	38
PID 2916 wrote to memory of 1916	2916	chrome.exe	38
PID 2916 wrote to memory of 1916	2916	chrome.exe	38
PID 2916 wrote to memory of 1916	2916	chrome.exe	38
PID 2916 wrote to memory of 1916	2916	chrome.exe	38
PID 2916 wrote to memory of 1916	2916	chrome.exe	38

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\dog.jpg
1⤵
- Suspicious use of FindShellTrayWindow
PID:2404

C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde
1⤵
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2140

C:\Windows\System32\isoburn.exe
"C:\Windows\System32\isoburn.exe" "C:\Users\Admin\Desktop\GrantExit.iso"
1⤵
PID:1928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6069758,0x7fef6069768,0x7fef6069778
  2⤵
  PID:2552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1108 --field-trial-handle=1284,i,16607067369688016345,2341607051157925810,131072 /prefetch:2
  2⤵
  PID:2760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1516 --field-trial-handle=1284,i,16607067369688016345,2341607051157925810,131072 /prefetch:8
  2⤵
  PID:2772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1616 --field-trial-handle=1284,i,16607067369688016345,2341607051157925810,131072 /prefetch:8
  2⤵
  PID:1916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2304 --field-trial-handle=1284,i,16607067369688016345,2341607051157925810,131072 /prefetch:1
  2⤵
  PID:1264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2316 --field-trial-handle=1284,i,16607067369688016345,2341607051157925810,131072 /prefetch:1
  2⤵
  PID:2744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1416 --field-trial-handle=1284,i,16607067369688016345,2341607051157925810,131072 /prefetch:2
  2⤵
  PID:3032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1500 --field-trial-handle=1284,i,16607067369688016345,2341607051157925810,131072 /prefetch:1
  2⤵
  PID:1544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3652 --field-trial-handle=1284,i,16607067369688016345,2341607051157925810,131072 /prefetch:8
  2⤵
  PID:552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3728 --field-trial-handle=1284,i,16607067369688016345,2341607051157925810,131072 /prefetch:1
  2⤵
  PID:880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3644 --field-trial-handle=1284,i,16607067369688016345,2341607051157925810,131072 /prefetch:1
  2⤵
  PID:2168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2620 --field-trial-handle=1284,i,16607067369688016345,2341607051157925810,131072 /prefetch:1
  2⤵
  PID:2172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2552 --field-trial-handle=1284,i,16607067369688016345,2341607051157925810,131072 /prefetch:1
  2⤵
  PID:2752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3788 --field-trial-handle=1284,i,16607067369688016345,2341607051157925810,131072 /prefetch:1
  2⤵
  PID:1244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1076 --field-trial-handle=1284,i,16607067369688016345,2341607051157925810,131072 /prefetch:8
  2⤵
  PID:2392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2740 --field-trial-handle=1284,i,16607067369688016345,2341607051157925810,131072 /prefetch:1
  2⤵
  PID:292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2972 --field-trial-handle=1284,i,16607067369688016345,2341607051157925810,131072 /prefetch:1
  2⤵
  PID:2660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1104 --field-trial-handle=1284,i,16607067369688016345,2341607051157925810,131072 /prefetch:1
  2⤵
  PID:1828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=1052 --field-trial-handle=1284,i,16607067369688016345,2341607051157925810,131072 /prefetch:1
  2⤵
  PID:1820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2488 --field-trial-handle=1284,i,16607067369688016345,2341607051157925810,131072 /prefetch:1
  2⤵
  PID:1508

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2900

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:2208

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
PID:2360

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\DisconnectUnblock.vbs"
1⤵
PID:2572

C:\Windows\System32\isoburn.exe
"C:\Windows\System32\isoburn.exe" "C:\Users\Admin\Desktop\GrantExit.iso"
1⤵
PID:2868

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x468
1⤵
PID:2320

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6069758,0x7fef6069768,0x7fef6069778
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1176 --field-trial-handle=1368,i,4798977241049415476,391309686968439119,131072 /prefetch:2
  2⤵
  PID:2980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 --field-trial-handle=1368,i,4798977241049415476,391309686968439119,131072 /prefetch:8
  2⤵
  PID:1124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1584 --field-trial-handle=1368,i,4798977241049415476,391309686968439119,131072 /prefetch:8
  2⤵
  PID:2448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2272 --field-trial-handle=1368,i,4798977241049415476,391309686968439119,131072 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2280 --field-trial-handle=1368,i,4798977241049415476,391309686968439119,131072 /prefetch:1
  2⤵
  PID:2540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2800 --field-trial-handle=1368,i,4798977241049415476,391309686968439119,131072 /prefetch:2
  2⤵
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1248 --field-trial-handle=1368,i,4798977241049415476,391309686968439119,131072 /prefetch:1
  2⤵
  PID:2620

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2596

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:3036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d95dd905b53450c031abe1f6da2aa1ac

SHA1
8506ceb998d752827674a2985368301a8932e95f

SHA256
83e618edebe07e3ff88bc1eb6ca3b825294180d0dffeaea1b1e50df0ccabc44c

SHA512
75f07969f172479946021ef7f172adc6f82a8d1930ccffb557bce2b2343716c3acab2b7feb337942bebd0f2721e1570a4e90e512e75e9a7a1bb1ef59bbe616b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
28f0b2283fb47700155619a32d0850f1

SHA1
4e4578496fa7db066a91b7e0260fd0a9ea81710d

SHA256
0fba0b30961b6bdfbddd6f394d17fb31a6c70497433446a7eb71e30c41263436

SHA512
44da0b47293643c6f44d82e7162b722674a8bb8a07cf16d478c1f3b3bcd1ed2ba6347b38c90817c61ef9fcd3a96fa820c452f0d968c5969816ad5f114d006744

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\07eef4ac-9faa-4d98-8ca2-741cb3b0b1fd.tmp

Filesize
331KB

MD5
c441085b284ca40e8c0baed621ec503a

SHA1
220bfbb470a7669ec9a4348f3513feb6d8c4bc73

SHA256
23ee2dbbf3ea944d50f39432e80c7a49167bf5713700073c4efcee6a2a0fb88d

SHA512
ed8254aad7aee3d00357266b91b820e12008851e15e56c60ecfb5d9540a7d443a08277826fb706f16c41b7079c065a77c04f4da9fe3985d013edafbce9ed5370

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
6440e5b4ea3156744e4a29d42c8a2bd7

SHA1
da7b625fdca100cadf355ded3e112a57f8d25866

SHA256
c06f6986514f9e2a2853949c3809aa06a2d39594470ed4ffc77b5a9552565fb7

SHA512
960de88d405bccc917ad98c1cc04b9a3cb2daddd7a53ab5934e27e3bb2b1638dfa81688239db0910b53af711521a998a788ffabcdcaecf36caa0df2a31582d7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
700B

MD5
e47bc81de7a1cdb7c4140ef7d8b54be9

SHA1
db785a6418b7794e85b25f00416a3dd03d756a7b

SHA256
dde7534fe3cbdbae23591db2112c6b8239e1175afc7e7978b4efb5d69441488a

SHA512
80fdc7ba4f8d446b2a41324fc1c66d22f0fa1408e754871c0a950dd194d411037b2ba1cf855ebd9720ce3f9f7e19b49f6bb9929deb536f5e484a13defac697d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
ff5d8211d512a92401d05cb00751f678

SHA1
b580fb3304582d006067a3083c2e556025fed7ae

SHA256
9f95af87a3cc409750d08f636dd1631dd114e2f7fa22d0715b908ef3d0c61475

SHA512
5b2ab7b0fde21ece172fa3394574a63016d11977dd860e47321510f6e10455a02f9f50bc8aaa45a02369d8f25971ae98029550e52c428ea6d60e9fc5b30f1d43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
361B

MD5
870d58481bf0f91b4128c959af1f572c

SHA1
440073e921e3ef4c1b84c777c7a30e83fd6a9082

SHA256
fc1aac67688935a522cf28cb307de463815da3d11a5dc01e2e044e26514758a1

SHA512
d33854e3ee8d0bc38f1e3f37be1acc835400410dfcae97641a73b1b8dabc75d3da1ce243a56a8c96c5f1ee8f641ec94fd43860ba37fefe9498b5447170c5d9c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9be1117a664219aae10573858f628edd

SHA1
6b59ec690b0ef2f9df646f4dc30abef0223d2b3e

SHA256
6569b8c766227e5ce65f9c1a41e8bacef7d131b514118244690bf549fda83c8f

SHA512
990a65a0d5c94abdd331845cdfc682c2ac7928624bb45408cfa89df29be30a588806129837e565e9d6b66bea5fc1eb2bd71a6acd185d7b3f75254c001e61f165

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
89e92b20ca4c2954b5bdffc9f6bbebf8

SHA1
9826a4f6ea3051ff0799aade3efe2a7283506b28

SHA256
db553ad171b2a8ae2b522a7d5cf22b3995b6672c34d40e4f0bd42a4658b82d7c

SHA512
b86a20b263a7116d403e7d5695a6d06879174526612923dbe5dbfc241df777f36e36579e8a48274573223bf625f592cc2e9ad531b662f46b6a132dbfdda17768

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
e7981606432ed65cf8369b924143c153

SHA1
68d88e2d1997bb350e8e8279357674e4b09110a8

SHA256
339badbf7d85ea67318b35bfa722c02f5d1b47db3a4426f24de588b75df30020

SHA512
bab876ca33583836dd12b04d3d5b0d6e2a8f726f6284461db5cc4d55493eb0edb4068246edb2fe53e96428782f38b595a6b5fa0acac77fe6df4fdd5801b703f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
118fe87315e7a28468ffdb36e9ad2b2b

SHA1
4610b01785c3e1b9879f191321dc4a140d44825e

SHA256
e85133e94054cb6d69d0867647715dc9e9e7e776f06f43a9ba311fa58ab17a9f

SHA512
c0e158bb67a4dec642a8617813768eaaf02485827a61c9fc69bf4d742401fa8ad31e0130b5b507ff1bdd8be20294ab12b67ba5ec1f0763073e215454952f3207

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
f32c14bb000208d2e56b6323c96b4895

SHA1
7edf1b3aa11c281f87a4f4aa34deb0980ecaee5c

SHA256
b9e317a3433e614eebab7e914ae1f38d9c0bc0d7f8830416c02fb514d2334205

SHA512
d5c695b87a2b15602ffe0a7f880d16e89e65d84fd14448132d04d8d65cfb17ba9d74a6da63ef8e4b2853696664d782fdd309b28dd0a4395763dfc074a2532dd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bb5a3d2621d43d81025246019d958414

SHA1
aa379aa153b393e3644a5849385a2b8f2ffc34c9

SHA256
98f132cc8d7e97ffac1cbd8c1403acd1790e8e8b282f79ee9d0a2b54418b607b

SHA512
cffb784894fb3d1e520956088ed953fad0b3a6056a4747ada93032fd767005f8f7e249c4eb1f77f815f6bd45b2c4b8e24384e9220ff08b7497764865739db166

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000009.dbtmp

Filesize
16B

MD5
979c29c2917bed63ccf520ece1d18cda

SHA1
65cd81cdce0be04c74222b54d0881d3fdfe4736c

SHA256
b3524365a633ee6d1fa9953638d2867946c515218c497a5ec2dbef7dc44a7c53

SHA512
e38f694fd6ab9f678ae156528230d7a8bfb7b59a13b227f59f9c38ab5617db11ebb6be1276323a905d09c4066a3fe820cf58077ab48bf201f3c467a98516ee7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000010.dbtmp

Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
331KB

MD5
f681d03c05d8d242cdf85f3c47f62fad

SHA1
a19dd84b91e974e2255e41a59fc5672a72ac1edf

SHA256
0d5ed5d2ab78dd444de19bf89bcd67c265f890432aaad7754f9d6f5351ee65f7

SHA512
db9173612e8c13b0ceb9e3ff68d8c6d8449a035c84d9af813c953133e959272c913f0844359bdd74537468b0f0ccc648fdf099d0307f6d99dadf6bfe53089ed1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
331KB

MD5
24e491e0642654307269ef2b63ab6581

SHA1
55862de64033b767c8023001e95b21dcffc5c2c6

SHA256
271cfdb4757d97324cbe497a25903b4eb8047fca32f52236e099c9f112b8c41f

SHA512
5d8fbbd91e619cb07ec0c0c9d77fe012b71693e0306e1efc4d4a31969643537cb3d1d5d2825dcc9a228abac5a0b59507c4dbb1ea7441643a02752ad92ebfa60b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
85b62ceb4cf1e36e52c3349c49234f40

SHA1
997ba9ce3ff9bd45de1feb67100a986ba55ee366

SHA256
a72d702dd851e646654ff9817812a21ddd717ba956d63c9de84d44be1c79038d

SHA512
43f741fab7d25f0d386d4ec5648af537109fd0ab73e012ec045425d053995099eb42fe8f8f5c0f249c733ba40ad0cf732139748818528fdd994aca8a6ac55dd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
31390225a4b62c039eb8371070b30416

SHA1
f2ab8dd8eeb493ada6b798ac556f64f9e8d2acc4

SHA256
59bdae85374b19ef28c78cee822ad961c78c83e3616500017a076115c17d0096

SHA512
03edaccc9a3e76fffe157ab5ebc48bedda57cf51202c72a8d1f4417d2466d0d91c16c443a8dd82eb1852bf8c82519221b59fa3bb47b1c65e47908edcfdea01fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\a26aa099-796e-47e0-8665-e4e348bcb131.tmp

Filesize
180KB

MD5
dbe3f1580abe4c6b5489a3a2c48f3e13

SHA1
5597015d7ed309bb106a7bdc9fb6166ed06d06ac

SHA256
b2972345c471ae4ab6670164521286be175d2df0687a3400347f167090be5b97

SHA512
ff134b5cc79e049592418478c9fd6beb9e4b476266e1e1ff9ad97d03b9e762314f996eb0726d47ce95012ebb15805b883e1d76f511c26d5ca92ee4dc8e35f2b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab43D6.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar4417.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
7462afd4c649a8256875fb3ab64c0a3e

SHA1
4ae5c5adff496f63df3d9510a40d9d84d86e646b

SHA256
93ed679f6def9f20927919df949507c8db43739384bb189ef02dee2f450adee9

SHA512
ba4e31e403c2c462360dfd3a5493b0f8ea4fe704e7c676dfc289e9e4028df7b59693f320819b6e8eb2859a5da0ef4533a2ea608ad3c9176ad47ff06cb46283bf

Download Submit
C:\Users\Admin\Desktop\BlockStep.txt

Filesize
466KB

MD5
72c08f941114b6c9ee8da7f1c0cb4bd6

SHA1
e24958c331dc2cbd2ba81a5cac33773a3039b836

SHA256
33e70fce7ae60dfd675afa127340aa31dd12305c7f6324406c5aad14b14b77ef

SHA512
ba4f8004971aad347016926b03c18310885fed47e54392806487f0a0c12b8207e963cbc06e067b85b2ed9f251f2b83d1b7a34df0ef130c31ad8135a08f220bb1

Download Submit
C:\Users\Admin\Desktop\CheckpointMove.wax

Filesize
355KB

MD5
b65d6302dad29c66cb6c91d7e1b6e147

SHA1
7e2f7acc8d951aa2d8f6b7d30dbe341eec11f002

SHA256
ac4c8b3abc0a2fc89c15cc6341a47b5b41bd0b3274452b518a59626fc6d41f05

SHA512
ae6f7b72f45f3a97f1269b70e76392269cfb3fb848907e58cdf49cc96eba2f4697fa1030105b51fcbf39da9168e9970abea8b4c2a92356bbbb1296ff8076cefc

Download Submit
C:\Users\Admin\Desktop\ConvertApprove.html

Filesize
444KB

MD5
68e419370a384cda4257b5e07883f676

SHA1
e4de8c905710a286055f02d76a0b1556f9e77213

SHA256
8822f4726d742454b6768ccbad93de46aade11fe4c00104e85fc3810a1dff0b6

SHA512
03e9f08ba27a00e4af331b9906f0dd64b47e3d7c6574b7a7fffc11237b2bd697f2ce74ed2042e6ee6acefb300dff1b9c5a96e1ef0976cf4e7d7fbc2383146df5

Download Submit
C:\Users\Admin\Desktop\CopyStop.mhtml

Filesize
421KB

MD5
1e276a73013cf525d99e791227a481a6

SHA1
eb28b7197166df6de651c8cb8fa2daa752fe4205

SHA256
948e2436d321c1421823b36eb1d9cd46fae792e85baeb6694eca166b40538d26

SHA512
35e685027271b0f97d6931ebdebeee68b2cbc8ecba96b76a30e44e25152e04a56bd7c6f70ae49192bc7a25304fe5e3c355b79f22b3d3b1809f853b685c402a32

Download Submit
C:\Users\Admin\Desktop\DisconnectUnblock.vbs

Filesize
621KB

MD5
f94e2f62dbeb2f7a066b0748b2451283

SHA1
b11ed32c27af124f6686c2a271be0cdbb345d031

SHA256
63489a94159d6c7549c1937cdab28ed1f3c14061f620146430e446501f48bcba

SHA512
7da48c8c403686c352a624c5b6f54618f527c9559925286e2d1e2c85a2d9cb5fb710d62420c0061542bfb061561b4c0a5de20cd3d9fb6651c633f176eacc19c5

Download Submit
C:\Users\Admin\Desktop\DismountDisconnect.wmv

Filesize
732KB

MD5
bbaf85c19881778a3d6e2b8fd186c4f5

SHA1
5c1fd9e4a71cde88d91f928cc0e8bdecd9d50c93

SHA256
e7f6447c9bdb81877aa6006b64acc2686a2fce0e0eb4ca607a8cc14d109fd7b7

SHA512
2b63a0cb1a390f1b2594e8b87840b77d868ea8633d9b86c419239c2efe63f4fa11498b222a13db96b040cd58fb136c06448ee94825912ee23e9401ff534e991f

Download Submit
C:\Users\Admin\Desktop\EnableApprove.fon

Filesize
510KB

MD5
2672aec83968b3a0f9f69886cf73d720

SHA1
6a7f319d73517fc0997377b9e6e5c88d85b71a7b

SHA256
e99434e80f69e33c5eba36b1732a0d6799f848902917c6e15988c586d6ba2a24

SHA512
e76658bd9591a7e4fe7df384a69cd55828f45b1c326632d9c8e8ed079822d3b0a3fe1d10744f7e28e4280372e38eee65482df88cd7026351f8409848ee9bd21e

Download Submit
C:\Users\Admin\Desktop\GrantExit.iso

Filesize
777KB

MD5
d45b1541eb675026fbb4f87a5e28a2ae

SHA1
1f353e8435332677240c43c87ec9498acb1481ef

SHA256
e1841a1854a43af1b5463dccb5cecfa5dc46a22d9ef168fa22e7a3b36842b83e

SHA512
b038ee8c692ddbcd0232904e9c7bf7133805357af40fc9cf9cc82666c937f9c8fab51932b443a5004d079f522d4f134c4266c9a7bcfa6bc6f0305941990b463c

Download Submit
C:\Users\Admin\Desktop\JoinHide.docm

Filesize
843KB

MD5
0c255ddcfb69ae0e357a16cc19b2677a

SHA1
72561f778e545a36a5687553812385a6c2caa92e

SHA256
c2ec1cddc7887732a03966b286e423c7ff61c9a533f3b2b131a5739caae608d5

SHA512
5b85caefc42094c4cb22c84a5332e876282a805b5f4de12d4fe8d08d332c108e6ef667584ccf0364270ee608b9eb3d3bc3a84bd4ed4742f6c26b4e682e671a8a

Download Submit
C:\Users\Admin\Desktop\MergeEdit.M2T

Filesize
1.2MB

MD5
03fdc200084fd09c60c215f2a61aef40

SHA1
4caa1dabac188f4882cdfdfd029d854ae05b3653

SHA256
b168dce38d9d201a7649864d9fbc24a86f41c6c1d510cf5d7e0c60d94c3c9bf1

SHA512
b99a7f185d7cd9a5adcdeb842b0566f8eb3dbffba2a3bbbeda99d26903b8e7aaf098657c900debbb8ff7d0b917632a70bd732f872e8fd53c25e31b08588ba81a

Download Submit
C:\Users\Admin\Desktop\MergeSearch.mht

Filesize
333KB

MD5
d055d4098e4dbaeb87c6556ed8fde122

SHA1
f70d33c704c9a57143c33b659f8053b9d45da653

SHA256
43643ab58844b5d856f3fb11aec462f0e45fadfc23b779dc92a114148641c94f

SHA512
47f4a09081f222c31cf3493125196e02ad713c61b8148f34479ca2986f52dec81069699142c16b8ae8141a8d195c1416ed0d0756550ee2678af7442cfef9cb7b

Download Submit
C:\Users\Admin\Desktop\NewUninstall.xlsx

Filesize
14KB

MD5
54393a96ddefe29cb5ae69fdd74a6640

SHA1
9b3839413528a21c48967cf8dc755e6a368614e5

SHA256
82d8238e77c3213d83170d1b696b29fccfd63fb40fe9255a869cde88004904e6

SHA512
792235af023c3a2dbd0b904313f58853b1e53fea762c9cc5ab4ace293829d26a83d763139751b02fa6d4b82fb64264193675904dc40e3496ed4c0b38e7d61be8

Download Submit
C:\Users\Admin\Desktop\RegisterLock.emf

Filesize
377KB

MD5
ea9fd0dd5fb03f61ffdff06b647046af

SHA1
bacd3b68a656df3f57cd29c25d4b5fd2fb417880

SHA256
cc82174fb6a510fe70f8c25c4c572eeb27b34dc93def5697af2352214bfcec32

SHA512
c68bfc5b83097dece2739fc48d64b7976b633ebb4e6939bdb62921a27b97130ba078eba11957853d817ae67acd66676a74f1c4029e14d8ee6382860c51b2b314

Download Submit
C:\Users\Admin\Desktop\RemoveUpdate.cr2

Filesize
599KB

MD5
343ada14db3b443557653a6ed9cddc04

SHA1
f91d8e67fc1349b473b2b0d2835c506f466ca5a8

SHA256
0910d5444bf61e46ba004bb9f9721669fee66b571499c1a13df8f4938c938214

SHA512
7ac9d92aa3aa465dee5027307fca04e5f2c671dbd0ff97de3f985f3ab6ed4801fd026dc080faeee39436fb50f72b77cef86cf00a5411ff0136991b1646bf122c

Download Submit
C:\Users\Admin\Desktop\RenameImport.mpeg

Filesize
821KB

MD5
9c4f8b1cf637c08e26b086df15923aff

SHA1
d7384c4ad9c6e701fc1896186f4333cab5b580fc

SHA256
2d9c7252c707b7b8a4f0f9c9ff220c5ec0cd7e77cf7aefd6cc71bc8cbce1dbb7

SHA512
9dff29903159f4b1d37b4e71cec990e62b702677d03cd13f6e1e67deba51055228b6fe5f6e5e0e6655a11f4dbd61315293a53598010ea4b231c75726346137db

Download Submit
C:\Users\Admin\Desktop\RenameInstall.temp

Filesize
688KB

MD5
5ae27c0714e154d7d6bd5a80020471f5

SHA1
42ae751cdab95eac7bf85fd9e6e86f1922b2f567

SHA256
f43d4773db167506c9f8661e3434cb1f81715aea55acbf60e54441e370f431f5

SHA512
9b229791104b6983e9e93f5ea5b50b69ba6608f4c54da4f1cd98324730cd59cfa8628e4f30c36e64b74905ae2086bfdb2567bd95d108179df19726c36e0e0a5b

Download Submit
C:\Users\Admin\Desktop\RenameRevoke.rar

Filesize
577KB

MD5
d0bb634aa632de97141a4c5d9b2a2bce

SHA1
d392df9a203382153a8953670e667ac4bf4890ed

SHA256
1434709e5992cf302ef5902eeb148db24703d5ea01af150414ccf62258757562

SHA512
a6c0f13c82282c505e590027833f545b18b693e42371a009f74519084a7c0f66114d472976ea572b192780be454ad7ec2f2e26795b28cb243710282d352586e3

Download Submit
C:\Users\Admin\Desktop\RestoreMount.aiff

Filesize
865KB

MD5
c36b5b1ca5264f4300c5cad314e8b803

SHA1
d386980a976b95bc1dd1068d0a3b3698ebd9d55c

SHA256
4b4c5a4b505c8734c3a9cc0bed69985e5093a476cd051c9d24f05de29b352a0c

SHA512
1b10cbb35ea7a598f01b5fa54b6f6c97386d163fb225547e8ecf8ddb4e14bf22dee0786bbb5ad9ccc5b814c8c57f83e9dff61b13b4b9d2a6c12d96f1f5c758e6

Download Submit
C:\Users\Admin\Desktop\SaveImport.xlsm

Filesize
488KB

MD5
2695cb7e3f7e40c261745c28c1652709

SHA1
6057d5933b3e824e54da674fd0e78db372914684

SHA256
40f561ffa530f42fe8746f3f16704a5f638bd432d9b040c2e17ea3170d2855e4

SHA512
309572ebedb753a13f7cfc43a3e2bfe8b9b1bef8f5f7feb7a74ac5c23c3d04b6f0bbe6d2c1709cec23c14c7137efe8d9ef3303dec8165f707a30bfec0c148417

Download Submit
C:\Users\Admin\Desktop\SendAdd.hta

Filesize
555KB

MD5
6ed3f53c6a0b2d0ad87ec22af25d5406

SHA1
0067c12bccd1be156ef24d843d900c299a9d1027

SHA256
a5060f24d7ce61cfab455b77d305f0daa1114db73614c534ac44ca826905015d

SHA512
5151815e485f9f0a30eaef2b67ce4b66fa3f09415151a7ac122d770c96f34d30b366fa3a35b1b2a1f748e1fda4ead5d54e17e22e68b4ed7c284a8557e5d3fc25

Download Submit
C:\Users\Admin\Desktop\SendFind.dotx

Filesize
643KB

MD5
a557ca59ffa251951fc90b51070115d4

SHA1
2c0e340a65a3bc3e2afe50be5db2e1f0b2cc3908

SHA256
550e3e763c5e8a9ac81b2825deb86ceddeb66b48a48e11436f6cb96e29bd5040

SHA512
d508c1270ed9b049e94d7a94077cfb977cf56f0dbcd501e2202a2cb26e82d8c9323847f563619c4dc9ad782aff72fef25d26efee7bc22f3ab83153a15cdbb657

Download Submit
C:\Users\Admin\Desktop\SplitCompare.xlsx

Filesize
11KB

MD5
f8739d69fe9c8640b351a4b2ac308dad

SHA1
edb3c09c68a8d183ecb7c52e1a02d9f5ee84dce8

SHA256
5004979bdc8fd3d9adfdcfd0c70777c21fbc88550fc7f47302ceb0385cf47cb8

SHA512
6879a0d1b58e79c558a70d88546d28d75fb4bf2b4c5ba655a973fd16b6e14ccb275bc4ef7951222c42daf51ef12f9c1bf631343b92e5441200c9a176384d2815

Download Submit
C:\Users\Admin\Desktop\SplitSubmit.ocx

Filesize
310KB

MD5
c1eb4411400321e0c13bf4ba2198b4fa

SHA1
6852bad5da15c8d15547c95300d568f7d0317875

SHA256
dd8b03332901e8eb46ee7b9ee09b50ab8aed30de2ab9d4a9bea4e2ccd4a36a56

SHA512
04c02bcfc215d42b5132f609840db48b062c3a55f3385c0e8b48b4d5da022825cbc8d9cf951dff6ca1d16b1435825655116701ff876edf0cc6600b063a78683c

Download Submit
C:\Users\Admin\Desktop\SubmitRestore.m1v

Filesize
399KB

MD5
8fd1ecaa08af89a4dd9250a27d872173

SHA1
c9090ba420e9a9e35ab2e5f6d828a0bdc5ce5733

SHA256
be55385117be5e56d5c6ff4821447dac5aeef43a099a08e587d8e92a7c7dfe2e

SHA512
1a9c427f75b0f408706e912abe13688a11cfae9d755f07db5e077b77b612ae7471b97fc1778e45d43a1e4d7cebae9222542d86bcf06688e604ff08db7ee9123e

Download Submit
C:\Users\Admin\Desktop\TestFormat.docm

Filesize
799KB

MD5
c26d5ba88c4f37cfd086f89459b215c9

SHA1
aaabd92572e1056b939b2d5af4b507e5d23977b0

SHA256
43ceae70efeb38910941d68e0a84c2a6e527c3b46d2bb8eeb73dcdf61b432f9d

SHA512
9318568baa4f67234a83cc4586031e4b9bbd2103b920944b58a080a7dda3cf6bf3d6d537a565566e9ef5324286ab8194acbe975d525b75c4c413335bfee63603

Download Submit
C:\Users\Admin\Desktop\UnprotectSubmit.dotm

Filesize
710KB

MD5
8be04e80cf920a38ba71203378e1896f

SHA1
19ae13a6a3fa85d2e8e15edcde4dd59e0e9fae86

SHA256
db4424bdc9495dce6c69df57c10501d50420e190b1c9b712af57abd7dce245a3

SHA512
8a03414b2efd88867396dafe863df174df4352ec14817283f87a9688bed52623b6a9e579dc52dc961e9a16fef7dc9944a05c8873cfb7cae490f497fc5ebec843

Download Submit
C:\Users\Admin\Desktop\UnregisterConvertTo.emz

Filesize
888KB

MD5
7a31cb2085f7ab41dd89e32fd81f1572

SHA1
4eaced573a4dce9f726141ed0b73c93589cf292d

SHA256
b6f0fb5e77d8a3a1bddc38846b4f83ccc5a90ef35f8d7c328601decbb94f2497

SHA512
ef6f72c8c543ae9af49d92202b74d90d0974ae50fb514ebf98a8738c3752420e392793173f3da97344a50c5a42d8641eaa1dd0d32b462091bd096c58a2893270

Download Submit
C:\Users\Admin\Desktop\WaitAssert.3gpp

Filesize
754KB

MD5
e2a666f6ff2f258bfbc4cdca222a1c7f

SHA1
0ee94cf4b1affca4b62e2de592812d5413fe2b0c

SHA256
c71b70af1c320ca9c3a930ad3e685e2c3596dffbefed5ca2c44dbec2b38449c7

SHA512
a5e2a7cf45badacb9e46f7856fe279a7ba87435c890dc1b736b5b2b2a4244d4be4d9f17ac179db5076815b820dd5990ef4c2b14dd05117dea9a6c8b9617814ab

Download Submit
C:\Users\Admin\Desktop\WaitWatch.ps1

Filesize
666KB

MD5
723d93b3c4a265db1b8d7214e13d0419

SHA1
6d282d4593fc360540bf16e378a108b700f4faf5

SHA256
2357dffdaa41d8783933b47c4be81b2067dbfa1da61295bf0023d54886fec180

SHA512
76d51926b21b6658141bf459b5572eaa3ae52a4b07cfb4bace32cfa8274fc588b591f660268da2a37e93cc46767778754dd7268531e7d298dcbe517af6b43a13

Download Submit
C:\Users\Admin\Desktop\WatchPush.html

Filesize
532KB

MD5
ec69703f70b6b5defb3e614845398e27

SHA1
599ecec106b2e1a75119118dcbcc392f70b6c797

SHA256
ca3be6b65486466c41b1e69da7e849db39d560bcd82f14b43a20688f12892bf4

SHA512
0a249704c9b8b4691def6f2c7ea7a000b0939ecb493070299f2895c30dbc860fa23f58bd92d002dc0bf33e4ce8a07eedeaefc290ecb7db728bc811ee5ee377e2

Download Submit
C:\Users\Admin\Desktop\WriteRevoke.xlsx

Filesize
10KB

MD5
f910809b77800564a6367f645db718b1

SHA1
9a75c0e5323d29eb9d8bc0f346d61f80608dbe9e

SHA256
c64c781bd531c7c769275d05bd39162c1a5bb367456b126d09454c7c5ee6f69b

SHA512
089894108ea253f6481dca6ec0b6beceb9f971fee37090ead4170e87cc66ac0247e96b848baf59791f6ac04414b53cdefde03b2baff9a1784922603706fdabb0

Download Submit
C:\Users\Public\Desktop\Adobe Reader 9.lnk

Filesize
1KB

MD5
a7e6f9a905255c07b98a47206e73b9ea

SHA1
d54bd8f1dbca16960beead2808513c5e705a85fa

SHA256
b74fed1daf0786bbc39a00202271c7b89af39584dd5034960f689480c9c3f7ca

SHA512
fa34d41ccb76be323c31b3a411ea4b8f385ed86d2e8c13fa6d55c643f2cb4f37798cba5d6a50dba07395d86d01ae6e83c9a1a4a8be12f374b4c661bff2ba2ffd

Download Submit
C:\Users\Public\Desktop\Firefox.lnk

Filesize
931B

MD5
ef42e7d5b292343b11e0df6184bb43e2

SHA1
678d60fb4054f7bf36bde8ee17814e3ca69fce59

SHA256
9c24db9d276fb86b8f19607a294c715bcca6edfa4f5099dd05254f267fd1273b

SHA512
863e03a98fe54891f690784a56d0b10dbd9f783e44163566cd37ecbf094f8638ac2e87f2b71f40418e1bbc33fc7000b73f69bf0fd1f24d54fb0c2dbe48c7b4f3

Download Submit
C:\Users\Public\Desktop\Google Chrome.lnk

Filesize
2KB

MD5
bb1a9fe6e9e20792d7527fce8b25057b

SHA1
67d7e940d16430d21044820b37c6fc047df196f4

SHA256
fe95ad2ce6e4d5b092517310901649f3f2e227977620a3a7f9bc2d7ee74a0a67

SHA512
849571e81d2d02dbb8e3e4edf662ca1f6d5a1ea012063cb0048d24f8593c556d9d47561c21c2fc170c447b21d5b4012e2fbb0eee4200d3aac4f501d7016a8e1d

Download Submit
C:\Users\Public\Desktop\VLC media player.lnk

Filesize
878B

MD5
5d7728add5ea07795a24028b434a40a5

SHA1
47f54c2b8fcf108314dfbd6d41a62cbd52ed1de5

SHA256
d8f87d74f4e3630b909aca5c8ac2c3092bc71bc323c27773f0e1b58ab0ebdd5a

SHA512
d401d23cd4e8097980c72ad5d6240427020fe1d45224fb81b2e2137692ec71d23148c73d14435e88e3a41806a35055c7426ddb6feb1b15f5c49cd7dbada0c415

Download Submit
memory/1928-16-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download
memory/2140-15-0x00000000721AD000-0x00000000721B8000-memory.dmp

Filesize
44KB

Download
memory/2140-14-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/2140-2-0x00000000721AD000-0x00000000721B8000-memory.dmp

Filesize
44KB

Download
memory/2140-1-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/2208-738-0x0000000002070000-0x0000000002072000-memory.dmp

Filesize
8KB

Download
memory/2404-0-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download