31b50bf84e4920eba936c321dd56086506b1ad115bbf50862690ffb9fe0c5e21

Resubmissions

28/03/2025, 16:53

250328-vdy32aywfw 3

28/03/2025, 16:30

250328-tz1cjszqv3 7

28/03/2025, 16:27

250328-tyb9bsythv 4

28/03/2025, 16:19

250328-tszsfazpw8 5

Analysis

max time kernel
389s
max time network
391s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2025, 16:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

GNBQY-997049.pdf
Size

9KB
MD5

036a6b0818e38574dc32f192be0756db
SHA1

3e9a6c7056cd4a1d3c2a2e897b0880f012b85e29
SHA256

31b50bf84e4920eba936c321dd56086506b1ad115bbf50862690ffb9fe0c5e21
SHA512

7461f3e20417a72afcb66b3574e48bcabfe9acc0fc8f79e7233788168dc65da2b617f19593ced669091656c8793aa6ffa7c9ba8c0d587be1cb03de50c53bdf29
SSDEEP

192:826ESYK7DzfYzETR8wlk2w1ic84kOHHrDYDIlYDIvJoYDIYr:826ESY6DzAYTmwe2w1n8DqYDIlYDIvJr

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133876544467057715"	chrome.exe

Modifies registry class 59 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	AcroRd32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\DisplayName = "Chrome Sandbox"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff	AcroRd32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic"	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	AcroRd32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	AcroRd32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	AcroRd32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	AcroRd32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe11000000c48db8fda994db01dfa56f19b294db01dfa56f19b294db0114000000	AcroRd32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Moniker = "cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "2"	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	AcroRd32.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
3744	AcroRd32.exe
3744	AcroRd32.exe
3744	AcroRd32.exe
3744	AcroRd32.exe
3744	AcroRd32.exe
3744	AcroRd32.exe
3744	AcroRd32.exe
3744	AcroRd32.exe
3744	AcroRd32.exe
3744	AcroRd32.exe
3744	AcroRd32.exe
3744	AcroRd32.exe
3744	AcroRd32.exe
3744	AcroRd32.exe
3744	AcroRd32.exe
3744	AcroRd32.exe
3744	AcroRd32.exe
3744	AcroRd32.exe
3744	AcroRd32.exe
3744	AcroRd32.exe
5804	chrome.exe
5804	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe
Token: SeShutdownPrivilege	5804	chrome.exe
Token: SeCreatePagefilePrivilege	5804	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
3744	AcroRd32.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe
5804	chrome.exe

Suspicious use of SetWindowsHookEx 11 IoCs

pid	Process
3744	AcroRd32.exe
3744	AcroRd32.exe
3744	AcroRd32.exe
3744	AcroRd32.exe
3744	AcroRd32.exe
3744	AcroRd32.exe
3744	AcroRd32.exe
3744	AcroRd32.exe
3744	AcroRd32.exe
3744	AcroRd32.exe
3744	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3744 wrote to memory of 4632	3744	AcroRd32.exe	93
PID 3744 wrote to memory of 4632	3744	AcroRd32.exe	93
PID 3744 wrote to memory of 4632	3744	AcroRd32.exe	93
PID 4632 wrote to memory of 3648	4632	RdrCEF.exe	96
PID 4632 wrote to memory of 3648	4632	RdrCEF.exe	96
PID 4632 wrote to memory of 3648	4632	RdrCEF.exe	96
PID 4632 wrote to memory of 3648	4632	RdrCEF.exe	96
PID 4632 wrote to memory of 3648	4632	RdrCEF.exe	96
PID 4632 wrote to memory of 3648	4632	RdrCEF.exe	96
PID 4632 wrote to memory of 3648	4632	RdrCEF.exe	96
PID 4632 wrote to memory of 3648	4632	RdrCEF.exe	96
PID 4632 wrote to memory of 3648	4632	RdrCEF.exe	96
PID 4632 wrote to memory of 3648	4632	RdrCEF.exe	96
PID 4632 wrote to memory of 3648	4632	RdrCEF.exe	96
PID 4632 wrote to memory of 3648	4632	RdrCEF.exe	96
PID 4632 wrote to memory of 3648	4632	RdrCEF.exe	96
PID 4632 wrote to memory of 3648	4632	RdrCEF.exe	96
PID 4632 wrote to memory of 3648	4632	RdrCEF.exe	96
PID 4632 wrote to memory of 3648	4632	RdrCEF.exe	96
PID 4632 wrote to memory of 3648	4632	RdrCEF.exe	96
PID 4632 wrote to memory of 3648	4632	RdrCEF.exe	96
PID 4632 wrote to memory of 3648	4632	RdrCEF.exe	96
PID 4632 wrote to memory of 3648	4632	RdrCEF.exe	96
PID 4632 wrote to memory of 3648	4632	RdrCEF.exe	96
PID 4632 wrote to memory of 3648	4632	RdrCEF.exe	96
PID 4632 wrote to memory of 3648	4632	RdrCEF.exe	96
PID 4632 wrote to memory of 3648	4632	RdrCEF.exe	96
PID 4632 wrote to memory of 3648	4632	RdrCEF.exe	96
PID 4632 wrote to memory of 3648	4632	RdrCEF.exe	96
PID 4632 wrote to memory of 3648	4632	RdrCEF.exe	96
PID 4632 wrote to memory of 3648	4632	RdrCEF.exe	96
PID 4632 wrote to memory of 3648	4632	RdrCEF.exe	96
PID 4632 wrote to memory of 3648	4632	RdrCEF.exe	96
PID 4632 wrote to memory of 3648	4632	RdrCEF.exe	96
PID 4632 wrote to memory of 3648	4632	RdrCEF.exe	96
PID 4632 wrote to memory of 3648	4632	RdrCEF.exe	96
PID 4632 wrote to memory of 3648	4632	RdrCEF.exe	96
PID 4632 wrote to memory of 3648	4632	RdrCEF.exe	96
PID 4632 wrote to memory of 3648	4632	RdrCEF.exe	96
PID 4632 wrote to memory of 3648	4632	RdrCEF.exe	96
PID 4632 wrote to memory of 3648	4632	RdrCEF.exe	96
PID 4632 wrote to memory of 3648	4632	RdrCEF.exe	96
PID 4632 wrote to memory of 3648	4632	RdrCEF.exe	96
PID 4632 wrote to memory of 3648	4632	RdrCEF.exe	96
PID 4632 wrote to memory of 2656	4632	RdrCEF.exe	97
PID 4632 wrote to memory of 2656	4632	RdrCEF.exe	97
PID 4632 wrote to memory of 2656	4632	RdrCEF.exe	97
PID 4632 wrote to memory of 2656	4632	RdrCEF.exe	97
PID 4632 wrote to memory of 2656	4632	RdrCEF.exe	97
PID 4632 wrote to memory of 2656	4632	RdrCEF.exe	97
PID 4632 wrote to memory of 2656	4632	RdrCEF.exe	97
PID 4632 wrote to memory of 2656	4632	RdrCEF.exe	97
PID 4632 wrote to memory of 2656	4632	RdrCEF.exe	97
PID 4632 wrote to memory of 2656	4632	RdrCEF.exe	97
PID 4632 wrote to memory of 2656	4632	RdrCEF.exe	97
PID 4632 wrote to memory of 2656	4632	RdrCEF.exe	97
PID 4632 wrote to memory of 2656	4632	RdrCEF.exe	97
PID 4632 wrote to memory of 2656	4632	RdrCEF.exe	97
PID 4632 wrote to memory of 2656	4632	RdrCEF.exe	97
PID 4632 wrote to memory of 2656	4632	RdrCEF.exe	97
PID 4632 wrote to memory of 2656	4632	RdrCEF.exe	97
PID 4632 wrote to memory of 2656	4632	RdrCEF.exe	97
PID 4632 wrote to memory of 2656	4632	RdrCEF.exe	97
PID 4632 wrote to memory of 2656	4632	RdrCEF.exe	97

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\GNBQY-997049.pdf"
1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3744
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:4632
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C7828720097B51642D3E694C3453C537 --mojo-platform-channel-handle=1732 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3648
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=B1C152BBE4EA744FAF7C2D75BB12FF81 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=B1C152BBE4EA744FAF7C2D75BB12FF81 --renderer-client-id=2 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job /prefetch:1
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2656
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=49BEE9C373D247E0F67A48DAC212F50C --mojo-platform-channel-handle=2312 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2972
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=9AA06FFBFBEB1C246F375E249E8BEC38 --mojo-platform-channel-handle=1792 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1020
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=5BE783BADD62124E24EA392554D5F537 --mojo-platform-channel-handle=2344 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3316
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=1C935D83E8E5DA31827EDEFC73235A92 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=1C935D83E8E5DA31827EDEFC73235A92 --renderer-client-id=8 --mojo-platform-channel-handle=2420 --allow-no-sandbox-job /prefetch:1
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2472
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=BD965916FECE15827A4CAF5DDF310131 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=BD965916FECE15827A4CAF5DDF310131 --renderer-client-id=10 --mojo-platform-channel-handle=2620 --allow-no-sandbox-job /prefetch:1
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument C:\Users\Admin\Desktop\sssss.pdf
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb931cdcf8,0x7ffb931cdd04,0x7ffb931cdd10
  2⤵
  PID:4668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2024,i,11473774385023038273,15536181780970305496,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2016 /prefetch:2
  2⤵
  PID:4376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1628,i,11473774385023038273,15536181780970305496,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2320 /prefetch:3
  2⤵
  PID:4072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2356,i,11473774385023038273,15536181780970305496,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2552 /prefetch:8
  2⤵
  PID:5788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3260,i,11473774385023038273,15536181780970305496,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3268,i,11473774385023038273,15536181780970305496,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:4384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4228,i,11473774385023038273,15536181780970305496,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4508 /prefetch:2
  2⤵
  PID:2304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --init-isolate-as-foreground --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4700,i,11473774385023038273,15536181780970305496,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4680 /prefetch:2
  2⤵
  PID:2904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --pdf-renderer --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--jitless --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4916,i,11473774385023038273,15536181780970305496,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4908 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5484,i,11473774385023038273,15536181780970305496,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  PID:4548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5500,i,11473774385023038273,15536181780970305496,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5616 /prefetch:8
  2⤵
  PID:1216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5792,i,11473774385023038273,15536181780970305496,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5812 /prefetch:8
  2⤵
  PID:5360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5972,i,11473774385023038273,15536181780970305496,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=6192,i,11473774385023038273,15536181780970305496,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6164 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6004,i,11473774385023038273,15536181780970305496,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6316 /prefetch:8
  2⤵
  PID:3532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5984,i,11473774385023038273,15536181780970305496,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6336 /prefetch:8
  2⤵
  PID:380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6296,i,11473774385023038273,15536181780970305496,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6376 /prefetch:8
  2⤵
  PID:5068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4520,i,11473774385023038273,15536181780970305496,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4516 /prefetch:1
  2⤵
  PID:392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=6472,i,11473774385023038273,15536181780970305496,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6532 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5740,i,11473774385023038273,15536181780970305496,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6648 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=6804,i,11473774385023038273,15536181780970305496,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6832 /prefetch:8
  2⤵
  PID:2808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4844,i,11473774385023038273,15536181780970305496,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=1560 /prefetch:8
  2⤵
  PID:2272

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:3356

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
9c9f4e2147c4960e0757c423ab6e9a5e

SHA1
8ea06a96c15e152c9e91dd92d349d6812fcfd771

SHA256
e9d32b57cf358036e866f1fb59dd342b5b7ae7ea91c575cd3851d0c496d880f8

SHA512
eb024060f6f13ea0bac234849891bd23ca197fe569ff59e3092028cdbad71d19d692e2ffbe222a17685c4e0d88cc6ca8fcc4a5e590ab62c5a1f7e720697aa28e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
36KB

MD5
b30d3becc8731792523d599d949e63f5

SHA1
19350257e42d7aee17fb3bf139a9d3adb330fad4

SHA256
b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

SHA512
523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Filesize
12KB

MD5
888cc13179e3de593113313080645c96

SHA1
d19b08047132849b71f8d9214af211e83a164b43

SHA256
0ce40a49d624644ccaa9e3f4cc4bf43b21a22b273a99faa3d3f9cc07d67c77d9

SHA512
dff681c06d5550a4081e3e5bd9b6ef45d340732f072d6a307fedd52c5f44c7484118a9a146e684fa58f86bb1a32f3c6bdccb2ded7e19034ddc7d726fc1899981

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
b3a3e12e270850fcbd323cd23801e5ce

SHA1
e8fdc26677284c7d86a161395d20d365a95a099e

SHA256
0946f9b9d6424eb751956d1f8860526d577a37a9536eb6ef85c6d61a82aafc9e

SHA512
6be81d6fa75301120c4ebd1ab70e2292976241a18bc51a5b1d6c8f161c4294f59f2f786d2452b209ee6c050cb70957bffa003b0856d5b48083bd1595b9cfd71a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
687a8adf81cc717696031c547c346a38

SHA1
15d68dcd177254293235125adee274d703d5ea32

SHA256
0a7c8b9193b2d53a498f4111e52d6554046bd864f3e766804a02c6d088015666

SHA512
b050958595da635d4c41f4b05752899b0fbb1fab17ebef6b96b0276350b7a434b513fa3cf11165725fb779cac61ec4ce1ca6134cbdca19f4e7cf276cdbd3603e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
7ea304ca66181b0c030e585d64155563

SHA1
98f4e17937efad168fc92239318533f4c0c8b55a

SHA256
bc8b1e1950b4b140560d6ef656944d317b9b37b2bb5cfcd4254700b263d8862e

SHA512
735de498be7e4c21058ca20308b16b4a64789eb03910fbe2b8de112d0fd7ca7c193f9901f6279c827af7cd4fcd9e22b3116f5e51c2887a3b053a0e30fe998279

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
6b1903bd5f2a7d0a3f0b46120be2bc08

SHA1
8f5f9a415879967ee512aa7c35e8f2503515658a

SHA256
d6f8617df9f46419210fe3831ea71bb2a9fb9dab72e3d07629d2cc61fae3a3da

SHA512
69508b45fc073101a55fb9873b844ab88a8c6a04b38a6ddb7742a2279d3f28560ed81b3be78ecbf64ba4e5281d719757d7a4607186f98591fa3ac67f3fa63d19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
fbc100539960a9dafe0219b335b9b076

SHA1
17dd6031d097aea8a58c4ec68fcc0a2fe58c52d7

SHA256
dd0909841f1310d3772a513b9c06464d80cb14feaade68705f56cf823381c86b

SHA512
110cfc10136665ea065c1febba23aeac940d7330e94ca1c9c2afbef17898598f5a607c56a7fd269ac70379ee43d6de05543885dee7f17abf3bcf3e6c3f97bc6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
57a0c124b69c82777afb20f390207de9

SHA1
e341a71bf9de4fdefa481ec45de12d33400225b5

SHA256
16e82995c4278d0f44d05a66b18139677bd5e876b323ee9e2417e245ff87bdb6

SHA512
75248df2fe7ac96c95679b3bf98592aa9f3ed34b6e40a3f669dafed8117747b51f69fbbcb5c42e4d810e04fd80e401b4f8d4d2691db6cf95ab756d6f5762f071

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
810a692fdf494ee7bfec5048f01a1a4c

SHA1
884ae189ec0ef2b3a79f590ad68668c70befd2e9

SHA256
307ce5bfeb0b60ae27cd3e901cc28103a13f0826c18e4e9f46293a8ca6808728

SHA512
e8b9828bfa2a391dcf95ff989fbf96c5b2e1c041cd4f73ae7527fc06d983c1ea6a0bed9a479f71bd7d40997283c78aa5f6e55dd0983f88206351d2546c2e80f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
79da07785082e75a7f9d3c4880c392e1

SHA1
153bb13e3c12c1f038d7bcf726530ba14d848ac9

SHA256
63785fe09dcc21247b8630bb9c6900f79ac5cb910bc94827ee1b43175f30cee6

SHA512
8b2a9f0d3afeeda32c54cbb6ace87158c1c6b11fd2c88f0b5267ee1ae7e0defa6d9e5d14b42c8793b1ce87ab1a85bb9f9d8551d2cdc9165b4a3ac5b3b1838e45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
19abf24ed49f6ee6ede1421273bbe27c

SHA1
7a22599312d1865c9fc15f3406b698602ba2cc95

SHA256
37e6176c3f15e59bf40d91f947034b3cd62f91cf2e97f0d1ad20ad616219fc8c

SHA512
0d1a166b3322c6b1588af444bccc3329697d5582e0f20b0303f1008e0211d0bc589cbbe326e68927fd053a5ae241d2fa0ea291ec372c90919ddd55069040aeb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
01928cf00195a6f34a581ffdb3e2236e

SHA1
1381d2556cca612d244bf05958d8578e360ac434

SHA256
4d742f7a4ad70326b350fd9a9beee82f91fd5423c0f0949c36c0ffdf25adbf99

SHA512
5011d86474c79d124e7c4cf547b49194419b5d32eaa3825b5bb295df4fbee26bc13edf8539379f3d05644ead0e413cf6560da02130156e3c04fc14482d421b25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c4eb3ab7e9b71c433f114eb27a32ebf1

SHA1
b64eb3643193d86bf4c28ec6782534f5770d7921

SHA256
49010cc3c421a764900c801d4a2372f31b0c82b0f43d76e726de3b5778729256

SHA512
44ccf31d71bab0ad4f422d55d8bb6f9ef72fa91d28eedfd46e1eb80dd04f106bf86b0c1be74fa7c1ac7b01212dcf6d5d149f13a7e261a0b36c4a83e509f3f88a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
3a94ce7e28bd3e076f67312135051575

SHA1
c283da1d1cec0cdebf5c6ba752c7848233b8334e

SHA256
1008d4700f225e7531bb0af35db4197875740a18a6bdbf12b2332d39d5b14828

SHA512
86acfbfbbec929d22516dbe7e940566733cb76dd342f53c4496f3ebd282317a1ca3bd9bbcf854e78d9deb5f5c2f611ed9e0e6d04386c28bdefdd6d1bf5578bd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
3f40cbf8b0fda0784bdc0ffa781fa43e

SHA1
e80d50a9731aa8369f39624ec3d81b39c2f6bdf3

SHA256
56a17910974e5d1987b87e9154709a0ba200d424801a0693a54a9f02bc52f3e6

SHA512
643c0aec61502eb1a0bff00a489c94929de5605ca29a659d9508c646f3f0694e2d50b339ebd4f45dcc0f77a47c329dbc0846a1c7efc1490018e7358f7b6cd10f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5878a6.TMP

Filesize
48B

MD5
ac9b4445e3501d4c472a20e9a5fc80f9

SHA1
67d61e1d3f4c8ddfac6fbc7d2cf7f16300b9a64d

SHA256
4037cdcc07de3ee21e5e9184fc0c8d62de20f69243fac7f70abc46656ce3e4d9

SHA512
3cfde08f2d9f4545d99912859f10acd1780f77ae0454429e72d9f73f94bfe8528a6a8626c88dc96f3f68e893d5f3427f91a6fb8fd97029185d3445269a5d0c3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
70a055668d2ea7b012817dd5ef0b072a

SHA1
8e808a081071583275ea405575a4e75e0d0e7193

SHA256
3ec1388d7e78527815332a018282f4642d0dac762c943d2aa7db8e178ee2a293

SHA512
adb668f66759f98bb6b5ee07bfcc758e7a3794d55cce4c53a0f0a347c2de003b7caecab4b99928f7834687c3c88ece49f5897310f274877945cad6cc63346121

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
579603ebc127861a9d97a8e542d02193

SHA1
883d2d7183f439906776451c7bb5d1144e644fb8

SHA256
9996d16e6bd0ae8a62ed52eeb2afa93b1389782bea0e68e17b992096c0ec8b7f

SHA512
f1918253a8d11aa314cc54d086be2d8f9ec0f726b088f1f72e9511522694ba4eed3d79de59b289c46d05610048d3fb2c476a16386185017b932615d42db3446c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
b68193bfff1377370ced6d81f9a6010f

SHA1
20659c98bb478bc8f313efab922b87db826d8245

SHA256
6f1496cb1239ece27a4622596bcfb7266a0aae0b68c3f80e93eb780e0ef0fb7f

SHA512
9d46c6a63f9366b2b31e8613d1f935b5cd647e952ff4c5df743f909b5e2ec1290c686b37e0d6ee4cfeb0c578c21166270004858404a183c8a653058b27e54d45

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5804_1429520655\0cf15e39-919d-4d96-bd1d-39b5258f6f55.tmp

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\Desktop\sssss.pdf

Filesize
9KB

MD5
327b755263061765356e2df0ffa68d70

SHA1
3d876101192e62bab39ea2bef20056ece7f98346

SHA256
b6d8da566beb4227a25beffdf4f370f8f265c7efbcd1f55f97509292a503d189

SHA512
c383fde99350af54c014c791deef0bd910cf90d64aac782373001c51232ebb4d1e47f38491ca564221a3cec07e7573ca360fe3342edd03afe592bca5016a0eaf

Download Submit