hxxps://drive[.]google[.]com/file/d/1RZjZhBnDS2Y6IL_IN-Z84KHrvhaNrenj/view?usp=drive_web

Analysis

max time kernel
300s
max time network
288s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250113-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
21-01-2025 16:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1RZjZhBnDS2Y6IL_IN-Z84KHrvhaNrenj/view?usp=drive_web

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
5	drive.google.com
8	drive.google.com
10	drive.google.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4069049685-955655941-4058287599-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133819490699848799"	chrome.exe

Suspicious behavior: EnumeratesProcesses 26 IoCs

pid	Process
1192	chrome.exe
1192	chrome.exe
3584	AcroRd32.exe
3584	AcroRd32.exe
3584	AcroRd32.exe
3584	AcroRd32.exe
3584	AcroRd32.exe
3584	AcroRd32.exe
3584	AcroRd32.exe
3584	AcroRd32.exe
3584	AcroRd32.exe
3584	AcroRd32.exe
3584	AcroRd32.exe
3584	AcroRd32.exe
3584	AcroRd32.exe
3584	AcroRd32.exe
3584	AcroRd32.exe
3584	AcroRd32.exe
3584	AcroRd32.exe
3584	AcroRd32.exe
3584	AcroRd32.exe
3584	AcroRd32.exe
5404	chrome.exe
5404	chrome.exe
5404	chrome.exe
5404	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe
Token: SeShutdownPrivilege	1192	chrome.exe
Token: SeCreatePagefilePrivilege	1192	chrome.exe

Suspicious use of FindShellTrayWindow 43 IoCs

pid	Process
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
3584	AcroRd32.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe
1192	chrome.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
3584	AcroRd32.exe
3584	AcroRd32.exe
3584	AcroRd32.exe
3584	AcroRd32.exe
3584	AcroRd32.exe
3584	AcroRd32.exe
3584	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1192 wrote to memory of 1408	1192	chrome.exe	81
PID 1192 wrote to memory of 1408	1192	chrome.exe	81
PID 1192 wrote to memory of 1416	1192	chrome.exe	82
PID 1192 wrote to memory of 1416	1192	chrome.exe	82
PID 1192 wrote to memory of 1416	1192	chrome.exe	82
PID 1192 wrote to memory of 1416	1192	chrome.exe	82
PID 1192 wrote to memory of 1416	1192	chrome.exe	82
PID 1192 wrote to memory of 1416	1192	chrome.exe	82
PID 1192 wrote to memory of 1416	1192	chrome.exe	82
PID 1192 wrote to memory of 1416	1192	chrome.exe	82
PID 1192 wrote to memory of 1416	1192	chrome.exe	82
PID 1192 wrote to memory of 1416	1192	chrome.exe	82
PID 1192 wrote to memory of 1416	1192	chrome.exe	82
PID 1192 wrote to memory of 1416	1192	chrome.exe	82
PID 1192 wrote to memory of 1416	1192	chrome.exe	82
PID 1192 wrote to memory of 1416	1192	chrome.exe	82
PID 1192 wrote to memory of 1416	1192	chrome.exe	82
PID 1192 wrote to memory of 1416	1192	chrome.exe	82
PID 1192 wrote to memory of 1416	1192	chrome.exe	82
PID 1192 wrote to memory of 1416	1192	chrome.exe	82
PID 1192 wrote to memory of 1416	1192	chrome.exe	82
PID 1192 wrote to memory of 1416	1192	chrome.exe	82
PID 1192 wrote to memory of 1416	1192	chrome.exe	82
PID 1192 wrote to memory of 1416	1192	chrome.exe	82
PID 1192 wrote to memory of 1416	1192	chrome.exe	82
PID 1192 wrote to memory of 1416	1192	chrome.exe	82
PID 1192 wrote to memory of 1416	1192	chrome.exe	82
PID 1192 wrote to memory of 1416	1192	chrome.exe	82
PID 1192 wrote to memory of 1416	1192	chrome.exe	82
PID 1192 wrote to memory of 1416	1192	chrome.exe	82
PID 1192 wrote to memory of 1416	1192	chrome.exe	82
PID 1192 wrote to memory of 1416	1192	chrome.exe	82
PID 1192 wrote to memory of 3176	1192	chrome.exe	83
PID 1192 wrote to memory of 3176	1192	chrome.exe	83
PID 1192 wrote to memory of 2600	1192	chrome.exe	84
PID 1192 wrote to memory of 2600	1192	chrome.exe	84
PID 1192 wrote to memory of 2600	1192	chrome.exe	84
PID 1192 wrote to memory of 2600	1192	chrome.exe	84
PID 1192 wrote to memory of 2600	1192	chrome.exe	84
PID 1192 wrote to memory of 2600	1192	chrome.exe	84
PID 1192 wrote to memory of 2600	1192	chrome.exe	84
PID 1192 wrote to memory of 2600	1192	chrome.exe	84
PID 1192 wrote to memory of 2600	1192	chrome.exe	84
PID 1192 wrote to memory of 2600	1192	chrome.exe	84
PID 1192 wrote to memory of 2600	1192	chrome.exe	84
PID 1192 wrote to memory of 2600	1192	chrome.exe	84
PID 1192 wrote to memory of 2600	1192	chrome.exe	84
PID 1192 wrote to memory of 2600	1192	chrome.exe	84
PID 1192 wrote to memory of 2600	1192	chrome.exe	84
PID 1192 wrote to memory of 2600	1192	chrome.exe	84
PID 1192 wrote to memory of 2600	1192	chrome.exe	84
PID 1192 wrote to memory of 2600	1192	chrome.exe	84
PID 1192 wrote to memory of 2600	1192	chrome.exe	84
PID 1192 wrote to memory of 2600	1192	chrome.exe	84
PID 1192 wrote to memory of 2600	1192	chrome.exe	84
PID 1192 wrote to memory of 2600	1192	chrome.exe	84
PID 1192 wrote to memory of 2600	1192	chrome.exe	84
PID 1192 wrote to memory of 2600	1192	chrome.exe	84
PID 1192 wrote to memory of 2600	1192	chrome.exe	84
PID 1192 wrote to memory of 2600	1192	chrome.exe	84
PID 1192 wrote to memory of 2600	1192	chrome.exe	84
PID 1192 wrote to memory of 2600	1192	chrome.exe	84
PID 1192 wrote to memory of 2600	1192	chrome.exe	84
PID 1192 wrote to memory of 2600	1192	chrome.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/1RZjZhBnDS2Y6IL_IN-Z84KHrvhaNrenj/view?usp=drive_web
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffc79fecc40,0x7ffc79fecc4c,0x7ffc79fecc58
  2⤵
  PID:1408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1884,i,2579930173352265759,13386410546590831555,262144 --variations-seed-version=20250113-050136.126000 --mojo-platform-channel-handle=1880 /prefetch:2
  2⤵
  PID:1416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2156,i,2579930173352265759,13386410546590831555,262144 --variations-seed-version=20250113-050136.126000 --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  PID:3176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2272,i,2579930173352265759,13386410546590831555,262144 --variations-seed-version=20250113-050136.126000 --mojo-platform-channel-handle=2436 /prefetch:8
  2⤵
  PID:2600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3144,i,2579930173352265759,13386410546590831555,262144 --variations-seed-version=20250113-050136.126000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3152,i,2579930173352265759,13386410546590831555,262144 --variations-seed-version=20250113-050136.126000 --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3900,i,2579930173352265759,13386410546590831555,262144 --variations-seed-version=20250113-050136.126000 --mojo-platform-channel-handle=4456 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5280,i,2579930173352265759,13386410546590831555,262144 --variations-seed-version=20250113-050136.126000 --mojo-platform-channel-handle=5296 /prefetch:8
  2⤵
  PID:852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5324,i,2579930173352265759,13386410546590831555,262144 --variations-seed-version=20250113-050136.126000 --mojo-platform-channel-handle=3568 /prefetch:8
  2⤵
  PID:4608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5284,i,2579930173352265759,13386410546590831555,262144 --variations-seed-version=20250113-050136.126000 --mojo-platform-channel-handle=4544 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5520,i,2579930173352265759,13386410546590831555,262144 --variations-seed-version=20250113-050136.126000 --mojo-platform-channel-handle=5540 /prefetch:2
  2⤵
  PID:3476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --pdf-renderer --lang=en-US --js-flags=--jitless --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5516,i,2579930173352265759,13386410546590831555,262144 --variations-seed-version=20250113-050136.126000 --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:3792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5048,i,2579930173352265759,13386410546590831555,262144 --variations-seed-version=20250113-050136.126000 --mojo-platform-channel-handle=5036 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5404

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3736

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3156

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\2025 PCCC Sponsorships Opportunties.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:3584
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1600
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=38ED9DDB1D38BA65EB09F04120183EAB --mojo-platform-channel-handle=1772 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1608
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=522708C586906D93541217B020759E95 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=522708C586906D93541217B020759E95 --renderer-client-id=2 --mojo-platform-channel-handle=1780 --allow-no-sandbox-job /prefetch:1
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2412
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=21D039D0FD849C08FA524B59F231580A --mojo-platform-channel-handle=2340 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5212
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=4C76CE4042FB99474A54F137DEB6ED68 --mojo-platform-channel-handle=1788 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5300
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=D4C3E730438E810344003243AAB73613 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=D4C3E730438E810344003243AAB73613 --renderer-client-id=6 --mojo-platform-channel-handle=1760 --allow-no-sandbox-job /prefetch:1
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5316
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E2748A3D087BDCA80287014BEB4E6EAC --mojo-platform-channel-handle=2768 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5516

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5164

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
36KB

MD5
b30d3becc8731792523d599d949e63f5

SHA1
19350257e42d7aee17fb3bf139a9d3adb330fad4

SHA256
b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

SHA512
523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
b72779e03645407426a04f279858f144

SHA1
eb0ca5b8ceeef0c534d3d2e08283f246a04accad

SHA256
d823da4ffd937b5570a26f3215a2fc5fbe8112e73ff85f27aeeb9a5430236091

SHA512
bc90ac792606d874a9035526808bfa8e36d63cda585eca9b083adc9415f94338f21a933a83452f1b84e0d7ecd96d601b8515efc048f5d029d104a08d2d95c6d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
cbf42c1d9ee90dd57bfadf8a1c92eb97

SHA1
841f91ec9f3b5a8b588b6d9cdfa3a9804a18ee19

SHA256
1b1993346a3024cb12317fc30d5dcfb4c5a3e64aa2af39d1e155b064179258bc

SHA512
3d5c2800e52a3eec4f8f3adb3f15c8bd482107f959508d19938cb8be761718ec5a08c786df4de699af7bd8d59ef262cc6c326edc4f3a1e7f968a137bcfe00f0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
c65a89f2ef6d396de525885210ba95bf

SHA1
f1fd2c2c3ef5d639290864d381d6cee349420468

SHA256
bb3e56858c023bbfd0903e19c4ee98e8a17f5ef5a1aa75f58837f64df6a35e01

SHA512
c53075b0cae5cadad27dc086139fcbe3a74597946d17e733eb57205ec3c512b883960cdfa9b25e03a25beabbcfc67f55e8f08670bcb8efbbe9785380c9698230

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
9f60004af7252ad7fa7edf9bb4f62e2e

SHA1
324f5ba1610948d24b385bc9dbc8fed020b766a3

SHA256
ae95deced81ccbe47aa2c8dbd8f5da723b791600a1a017d182b46618130d46b9

SHA512
2c95504c09f95556473cb65adf0dc1fded466aede4b2ce63fcefb43ea0f9373b07e6df516f01db38ebcdae0d9022000c4fbbb5cba7ee0c42f6a9f7c2b2952224

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
2bf2719a72b82e9d93d48d13b8835f0d

SHA1
be8165e9f6cfad9b5a7ea65e3f3206e3212c677c

SHA256
ab580da4ff5ff5e63be6ca11373e0da292d52bc2117406283ab5dbf3e372c771

SHA512
39bd17ab74a3a1e0b53444592a2e4fc833642ce58eed7fadad70d352c5daf2a7d60cd0923b6c009d67b39bdeb9b6429cda96743b9cff683a93fc031adaaeaea6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
61c06a46b91f299094ae196636e5227c

SHA1
21ff8ffd53a758bbca3888ba67aade7590bb3c38

SHA256
49bdc1ef252b67eb776780049456d61010e6d75677ba59221a8cf69947f54c9e

SHA512
445400ad51e6032b7e5071a5dfdbb025199a2688d57b710b5a4ff7996202942064c1878f382495f05c4d81b46844071390470742bcaf89fdc5fddf42b638dfce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
bcf66b88eb515147b3396bbde0e93c08

SHA1
9c920a4ae4146babeb0a98eed3bb35f47d01d10e

SHA256
e74144796729ef54117a59779b77241eaf781fc7b6a9973f51aa961c88dfe449

SHA512
5c73a7f5c50250555eb5b35a5f9bcaa17ca6deeeb16672f2f07b513242dc2eb5ca84d416dc54757d390af3b70a2a97be8cd4bae28739c5b4a8b52648c4c3cf9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
66263d2c214c9a31f33a9e58eaf0cd62

SHA1
1d9ed968f6487b521bc613fd2f48296f8873af4b

SHA256
9a372fd7619450f8b40744a317ad3e4453743110db4cbef32692e0c5f83c1d98

SHA512
7c16430a765f1fa077c695613b171684eb04719e49d88323dc249f8e45b8846b835dcf7a3db965d412973de7ccdd369811057a17cc87533fae65f2fc4da6cbcc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
62cb6c05f635409025cbe9409d890737

SHA1
40fbc6e3667011ef11f3e155b4bc182538f42f4e

SHA256
96d0507bd70af3d8fc8ecc029906b266113c58317cbdf965e468ccf6b6d864d3

SHA512
9577ef61ed0320d46698444c87206b3d59b24252eb0ed8583498a957709c12d2f3ff7df4ff86990de7d306ac796ba202498602e3f97c64911de37742987326b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8c9435bb1af2d63e9a6a2bc03eeb29ad

SHA1
9c3811142989ea58e75fe596089bb341c06a3866

SHA256
6cd2285a470add9d2716037c8944e536f5c613983e531467c81124f5351a8053

SHA512
3d3724dcf26f2cd915e9294bdffdd14c01614370e602e9386565bd859de279bd7bf067bfb5b867eea48ff1a9a29709a7751adc43fb15d017c0d5e0cbf526c10b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
71c4eb85532f8e2129ee33c74789c5b4

SHA1
6a7461dbad6d416fac2becca71e84886ce1f160d

SHA256
5fa10e5cf57f1b0d59b9f7547e46ff33ff01064a37e208e337137e75df671184

SHA512
f55169707b9ffedb62e4ba7e3e3f4754a512421470f2d2199a3e8d20501638978e7f350d3d2d4cebcd4bdacd2b2ce6f79c462c59c0b33c9be201173f53cc7766

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a8fbfc49691f0e8697ec93ba6f2601c9

SHA1
8ceb7cbdfa0e8216a9ed78954a575559fc0e7693

SHA256
09b078ef3c82183f5cd98f293102fb5405152bacddabb1f906ca7a8dd003da43

SHA512
575bc77188420330b962e5c824bc818041afc9a93d8cfe0386e8bae5c39e2fc92a4b54b8b0e74b93afe25dd21f9aedb8e6b5de074d3848d8037d88b99670b96d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
587bb66f1a3dca2282cdf4768145cc2f

SHA1
20f0339afe6af5a457846af0a0a5e4b35eb59486

SHA256
888b170d73f38b0c79e7b135c8f2e14aeb0ee0a07e5ac8d6b1b191599d1993be

SHA512
ff3317da14b27b4bc85ea8c64fb032901188b786f0d732faf33746009bcca28a351dfce03296e78200732fc112a8c789a5b8c10cd9f403f7db349ef92f055496

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f6c6081fe13e5e0546381866347f985d

SHA1
4dd121f287da6d120fa34f833c9891201eb92c0e

SHA256
e1abccc68cb1b57ffc9303b3d04ee327de6ae066f6a547e3decfcba5ea2aaa7c

SHA512
faf55ffe979a71590cc2d53c0ca9a2a9bb4b568746af223622300e17370104d154818385a97ac941f0aa1b138c41bd35d6fa0590824b04743e1fd0068676c1a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
96fbfff3ced716208013c204409ebf08

SHA1
72458cce7211f6cde651fd4fab2f1d280ef6f2c3

SHA256
e2e3c5643a53c866b74c8803a03971a93d5d0fa173b827b9e88610874a43954a

SHA512
9e3f091cca66dcbddfbbba9eb992a7e8bae0cbde925e4ab0d155e44a1d1cd72fee40405bb606e9b5c760ff97de4e5b30fca313d9eba34055b9149bf3e617bae8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4998c81c9cf05aa9fe67ddc906c4f7ed

SHA1
e9ae3b287de0dcd40cbd2cc05929e9b20d68aa21

SHA256
21c1a08e19c8c5f45af66e40ada0e8f49516cca287e55d6c890dd3e661ab7ab9

SHA512
f241996f0b22a285e794f22e2a3a0067d63a79c1a12bf32f5585f0bb378cfa8c4842d47522ab3ea45f444fac32b58536e533ad1c1fd017dbe68011d051deae38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
222edf7f6a299d4f784f47d0725bb89d

SHA1
4c05a10a96a8befbe6df35086c9eb83edebda273

SHA256
48cab2d58dc495a8cc42d672fcd90c4d91c0ce5b9fc57fc8ffadd17cb7397345

SHA512
ccea39a31ca88445f50cb5a04d6eab105851bda856f4c92319be2dc78cc0c5cfaba58f0dca124eab2a4ac8b480ef6962b33ec816e4d35345cec37864ef318200

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d226208a568067ee45f96b09f5b9a6ac

SHA1
88511f3d785163e85dae313cbf2819d70003e760

SHA256
ce85cc948bb9da225193f5dcda02240fbe19e32477b1df88ede9ef263c604d1e

SHA512
73fd71dfd7235e9260801be91537c9d84b54a81772a76879595cb9ff0f391b32520016981a39575930660f7bb2b14d9417925be430721374d2ba0a8a040419a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
33e7223f9f89e8c54e2675c61ea47709

SHA1
80c182f20bc50bdde46c7179bcece1fa20fa1b2a

SHA256
2844a224a13f419d330e07b37c49c7fdafa83fa6bea84f84d16a0f3f3f2bb8b9

SHA512
40dc02e67e4b5df1ce55b8ee6bf8393b7acccfbac7b3c9c914401fb6911adb9d12e3cd3990e558426891eac2eea699058d43328eb02cd0b0bfa11c95d0c615a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
81bddee87f6b6a6e6f0ac24fc8de5c6c

SHA1
6e5683da7756583c81dd7f17fd33da9751818043

SHA256
9e58c6c2ee366d8f03a914a0d753f8f6541a5de093875a3cf106f0fa6e70fa6e

SHA512
394edf6e3ba8e3838b69947da5fa01166e208072df791aa0d62ee52b7fe0eea0e01c313ab0e7309d5ccf7c49ff127c7855497ea8c6728c00b79fb8f0e9255bf1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2311a8f785f0aeecc72c2f09ef7b8da4

SHA1
73790dee3f7ec496930cc360c9dbca738bb6f2e5

SHA256
611f12620fb559438c7f734fe247fc281629708b702b37df58033930c621eb69

SHA512
879c0ec7eb17efc881c2cf288f968fbf4c665abb768fbd470b2246df4dae30a66f1bee973b763526e8b2179e9f13ced3aa3563efe34ef2b928ed477bd7361d88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
361cc90d1e12ceedfd7308ea47265c55

SHA1
cc9330adc97bb97dcb1c15d1de70eb6733cea6b3

SHA256
6ee5a804f993ff0f612f3f7c8aff619e68082a372544a3d61e93a07a63fa81da

SHA512
8bd338f473e07bd0c61fabf7c56554148e616121d33b0dfd0e1bf02d0cd02fd452d7ec9a2f4dfdc7f38f5b47b30a3ef501e5237604d5aedb565d4c9407a1aabb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f92513ef4fe0bbc00f2c174b7e4592fd

SHA1
c0bbb0bd490642be9585c7a33c0aa53c03624b0c

SHA256
86af6ba4e8a23201b1f84de685007474dfac449ff06470fa20d352d474caa310

SHA512
f6cd8e5d7e1b9fec449c42214d0f3c7a315c0fc4a957ceabce483acf1a33684c8b921286289cafd3254fa3ff6ef0a6b0ac1bd95d66a8963485fd884d644ab853

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d90f629c-32d7-4544-9163-4b3093c5feff.tmp

Filesize
9KB

MD5
5df1754eb6bdf1dbcc9add4162c1bc28

SHA1
28f50f92a897b1974ac8bae9d74e24ed909334f6

SHA256
4e208adb9cf9574406eb4f0ab2ab760be2a3e1861793a4941cb7bd3e1c6c4315

SHA512
a13e1980675b4f48993b94c0793878ed2e736be322f6630ce9102647679c06fdcce3bdbbf8f7b915f3d6e662ad3f24391a6dd35124d0494ed2e9915aa57452ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
c917c5da3d8b09e6ddddc4f5c5b60b7a

SHA1
b2dcf7f0e0802ea2eb33aca556d54349120f5fa1

SHA256
a46b3757d5bed58aff8b904f4ee5d102e0c4587798cee379a5727d9d6430db53

SHA512
4067b1382dca9ccc1c94729e5d185bf1b9065d41c9878a0d92f542e1ec16ef9c21d85b1a87667f9efba04bc98c3e29cf07f65ebd38b4d95c9ea543f101722e3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
72f24255f91f862c1212402ecaab26ba

SHA1
d74eb5f59ecfaf8d2a24a94a0e97855f474771c1

SHA256
96c0f8f33bc199ee152531bbe79e4e7a48a9e9817bad561864dd3b14cced60cb

SHA512
0aab36c9d72e3c31eb8882757e270ef7ddde12b638cbfd672bbf0c007b9ac8b606243ca0678a251918c2bae4680a87da05117c98c99d71b7483673d1479d2b7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
2c3681d4371b0edd8beeb9cfd44800a1

SHA1
5aa614716193762facc576fc9364c0803b5a9758

SHA256
75ac9ad8ebe565b55b3bef7892bad001b56880d02dfd81c75c47547285c1901d

SHA512
2c5af2a08be891b7ac61237d3814c973b777cc74934923948fe112917f10a9eb5b8826997ba78aa2a76a8d2a3cfc4c52fa862854d47c23a1d6af00180e378604

Download Submit
C:\Users\Admin\Downloads\2025 PCCC Sponsorships Opportunties.pdf

Filesize
32.3MB

MD5
167b81332fe6882ffd5a478037d03140

SHA1
6fd4efb57a5f4f2afabf8b055ea1ee56bca40d87

SHA256
7416582bf1bf7f20ee7250d5f4b9228fc8614f9684e7d54301f4b2565b07ee98

SHA512
91f531b340ddba01ecad10ae8160cf3c8bd4ae6da6a5aa2db5425a7ba4913c3a3c684c4986c7222d348aaa563546ace54e87a9d773af19f68e2c75e159dda38e

Download Submit