infinitylock | 4c10d3ddeba414775ebb5af4da5b7bb17ae52a92831fe09244f63c36b2c77f34

Resubmissions

15-04-2023 15:00

230415-sdk53aed76 7

15-04-2023 14:56

230415-sazt2sga3s 10

15-04-2023 14:44

230415-r39z2sfh9v 10

Analysis

max time kernel
202s
max time network
205s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
15-04-2023 14:56

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

PowerPoint[1].zip
Size

66KB
MD5

196611c89b3b180d8a638d11d50926ed
SHA1

aa98b312dc0e9d7e59bef85b704ad87dc6c582d5
SHA256

4c10d3ddeba414775ebb5af4da5b7bb17ae52a92831fe09244f63c36b2c77f34
SHA512

19d60abf83b4a4fe5701e38e0c84f9492232ceb95b267ae5859c049cea12fee2328a5d26ffd850e38307fb10cb3955b7e5e49d916856c929442d45b87071d724
SSDEEP

1536:bnTpZDj+PE7ixJWt6/RXHNrqCRRSc5si4YJ5lyf1FDwTqV:npt2E7ix9Fp1qcCZI7yfa2

Score

10^/10

infinitylock ransomware

Malware Config

Signatures

InfinityLock Ransomware
Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.
ransomware infinitylock

Modifies extensions of user files 8 IoCs

Ransomware generally changes the extension on encrypted files.

ransomware

Processes:

[email protected]

description	ioc	process
File opened for modification	C:\Users\Admin\Pictures\ExportDismount.tiff.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Users\Admin\Pictures\NewSearch.tiff.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Users\Admin\Pictures\ResetSkip.tiff.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Users\Admin\Pictures\SendWrite.tiff.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Users\Admin\Pictures\SubmitResume.tiff.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Users\Admin\Pictures\SubmitStep.crw.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Users\Admin\Pictures\CheckpointConvertFrom.crw.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Users\Admin\Pictures\ConfirmPop.tif.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Drops file in Program Files directory 64 IoCs

Processes:

[email protected]

description	ioc	process
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\themes\dark\arrow-right-pressed.gif.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\faf_icons_retina.png.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\themes\dark\adobe_sign_tag.png.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSGet.Format.ps1xml.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\eu-es\ui-strings.js.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\share_icons.png.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\UIThemes\LightTheme.acrotheme.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\progress_spinner.gif.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\large_trefoil.png.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ru-ru\ui-strings.js.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\en-ae\ui-strings.js.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\pdf-ownership-no-text.gif.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\nl-nl\ui-strings.js.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\es-es\ui-strings.js.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\ccloud.png.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\createpdf.svg.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\es-es\ui-strings.js.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\fr-ma\ui-strings.js.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\goopdateres_sr.dll.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_sortedby_hover_18.svg.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_nb_135x40.svg.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\css\desktop-tool-view.css.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\de-de\ui-strings.js.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\ms_get.svg.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\pl_get.svg.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\es\Microsoft.PowerShell.PackageManagement.resources.dll.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOInstallerUI.dll.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_closereview_18.svg.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\themes\dark\A12_Sign_White@1x.png.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\ui-strings.js.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\eu-es\ui-strings.js.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\goopdateres_ur.dll.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\pl-pl\ui-strings.js.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\rhp\exportpdf-rna-selector.js.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\en-ae\ui-strings.js.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\sv-se\ui-strings.js.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\libcef.dll.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\review_shared.gif.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\move.svg.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\win8-scrollbar\themes\dark\arrow-up-pressed.gif.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\he-il\ui-strings.js.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\illustrations_retina.png.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\new_icons_retina.png.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\eu-es\ui-strings.js.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\nl-nl\ui-strings.js.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\1494870C-9912-C184-4CC9-B401-A53F4D8DE290.pdf.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\progress_spinner_dark2x.gif.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\SearchEmail.png.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\hi_contrast\core_icons_hiContrast_wob.png.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\fr-ma\ui-strings.js.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\progress_spinner2x.gif.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\progress_spinner_dark2x.gif.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\themes\dark\illustrations_retina.png.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_filter-hover_32.svg.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\icons_retina.png.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\images\themes\dark\sfs_icons.png.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\en-il\ui-strings.js.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\illustrations.png.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_nextarrow_default.svg.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\themes\dark\rhp_world_icon_hover_2x.png.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\sl-si\ui-strings.js.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\en\Microsoft.PackageManagement.ArchiverProviders.resources.dll.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\images\warning_2x.png.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB	[email protected]

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

[email protected]

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	[email protected]
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	[email protected]

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 17 IoCs

Processes:

LogonUI.exechrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "1"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133260514048994650"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings chrome.exe
Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

chrome.exechrome.exe

pid process

3568 chrome.exe
3568 chrome.exe
3568 chrome.exe
3568 chrome.exe
2672 chrome.exe
2672 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

Processes:

chrome.exe

pid process

3568 chrome.exe
3568 chrome.exe
3568 chrome.exe
3568 chrome.exe
3568 chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe
Token: SeShutdownPrivilege	3568	chrome.exe
Token: SeCreatePagefilePrivilege	3568	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

Processes:

chrome.exe7zG.exe

pid	process
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
4252	7zG.exe

Suspicious use of SendNotifyMessage 26 IoCs

Processes:

chrome.exe

pid	process
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe
3568	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

LogonUI.exe

pid process

2732 LogonUI.exe

pid	process
2732	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3568 wrote to memory of 4928	3568	chrome.exe	chrome.exe
PID 3568 wrote to memory of 4928	3568	chrome.exe	chrome.exe
PID 3568 wrote to memory of 4784	3568	chrome.exe	chrome.exe
PID 3568 wrote to memory of 4784	3568	chrome.exe	chrome.exe
PID 3568 wrote to memory of 4784	3568	chrome.exe	chrome.exe
PID 3568 wrote to memory of 4784	3568	chrome.exe	chrome.exe
PID 3568 wrote to memory of 4784	3568	chrome.exe	chrome.exe
PID 3568 wrote to memory of 4784	3568	chrome.exe	chrome.exe
PID 3568 wrote to memory of 4784	3568	chrome.exe	chrome.exe
PID 3568 wrote to memory of 4784	3568	chrome.exe	chrome.exe
PID 3568 wrote to memory of 4784	3568	chrome.exe	chrome.exe
PID 3568 wrote to memory of 4784	3568	chrome.exe	chrome.exe
PID 3568 wrote to memory of 4784	3568	chrome.exe	chrome.exe
PID 3568 wrote to memory of 4784	3568	chrome.exe	chrome.exe
PID 3568 wrote to memory of 4784	3568	chrome.exe	chrome.exe
PID 3568 wrote to memory of 4784	3568	chrome.exe	chrome.exe
PID 3568 wrote to memory of 4784	3568	chrome.exe	chrome.exe
PID 3568 wrote to memory of 4784	3568	chrome.exe	chrome.exe
PID 3568 wrote to memory of 4784	3568	chrome.exe	chrome.exe
PID 3568 wrote to memory of 4784	3568	chrome.exe	chrome.exe
PID 3568 wrote to memory of 4784	3568	chrome.exe	chrome.exe
PID 3568 wrote to memory of 4784	3568	chrome.exe	chrome.exe
PID 3568 wrote to memory of 4784	3568	chrome.exe	chrome.exe
PID 3568 wrote to memory of 4784	3568	chrome.exe	chrome.exe
PID 3568 wrote to memory of 4784	3568	chrome.exe	chrome.exe
PID 3568 wrote to memory of 4784	3568	chrome.exe	chrome.exe
PID 3568 wrote to memory of 4784	3568	chrome.exe	chrome.exe
PID 3568 wrote to memory of 4784	3568	chrome.exe	chrome.exe
PID 3568 wrote to memory of 4784	3568	chrome.exe	chrome.exe
PID 3568 wrote to memory of 4784	3568	chrome.exe	chrome.exe
PID 3568 wrote to memory of 4784	3568	chrome.exe	chrome.exe
PID 3568 wrote to memory of 4784	3568	chrome.exe	chrome.exe
PID 3568 wrote to memory of 4784	3568	chrome.exe	chrome.exe
PID 3568 wrote to memory of 4784	3568	chrome.exe	chrome.exe
PID 3568 wrote to memory of 4784	3568	chrome.exe	chrome.exe
PID 3568 wrote to memory of 4784	3568	chrome.exe	chrome.exe
PID 3568 wrote to memory of 4784	3568	chrome.exe	chrome.exe
PID 3568 wrote to memory of 4784	3568	chrome.exe	chrome.exe
PID 3568 wrote to memory of 4784	3568	chrome.exe	chrome.exe
PID 3568 wrote to memory of 4784	3568	chrome.exe	chrome.exe
PID 3568 wrote to memory of 940	3568	chrome.exe	chrome.exe
PID 3568 wrote to memory of 940	3568	chrome.exe	chrome.exe
PID 3568 wrote to memory of 4604	3568	chrome.exe	chrome.exe
PID 3568 wrote to memory of 4604	3568	chrome.exe	chrome.exe
PID 3568 wrote to memory of 4604	3568	chrome.exe	chrome.exe
PID 3568 wrote to memory of 4604	3568	chrome.exe	chrome.exe
PID 3568 wrote to memory of 4604	3568	chrome.exe	chrome.exe
PID 3568 wrote to memory of 4604	3568	chrome.exe	chrome.exe
PID 3568 wrote to memory of 4604	3568	chrome.exe	chrome.exe
PID 3568 wrote to memory of 4604	3568	chrome.exe	chrome.exe
PID 3568 wrote to memory of 4604	3568	chrome.exe	chrome.exe
PID 3568 wrote to memory of 4604	3568	chrome.exe	chrome.exe
PID 3568 wrote to memory of 4604	3568	chrome.exe	chrome.exe
PID 3568 wrote to memory of 4604	3568	chrome.exe	chrome.exe
PID 3568 wrote to memory of 4604	3568	chrome.exe	chrome.exe
PID 3568 wrote to memory of 4604	3568	chrome.exe	chrome.exe
PID 3568 wrote to memory of 4604	3568	chrome.exe	chrome.exe
PID 3568 wrote to memory of 4604	3568	chrome.exe	chrome.exe
PID 3568 wrote to memory of 4604	3568	chrome.exe	chrome.exe
PID 3568 wrote to memory of 4604	3568	chrome.exe	chrome.exe
PID 3568 wrote to memory of 4604	3568	chrome.exe	chrome.exe
PID 3568 wrote to memory of 4604	3568	chrome.exe	chrome.exe
PID 3568 wrote to memory of 4604	3568	chrome.exe	chrome.exe
PID 3568 wrote to memory of 4604	3568	chrome.exe	chrome.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\PowerPoint[1].zip
1⤵
PID:3112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffd4f319758,0x7ffd4f319768,0x7ffd4f319778
2⤵
PID:4928

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1612 --field-trial-handle=1796,i,5997399129604025321,14642786688104080716,131072 /prefetch:2
2⤵
PID:4784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1880 --field-trial-handle=1796,i,5997399129604025321,14642786688104080716,131072 /prefetch:8
2⤵
PID:940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1872 --field-trial-handle=1796,i,5997399129604025321,14642786688104080716,131072 /prefetch:8
2⤵
PID:4604

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3008 --field-trial-handle=1796,i,5997399129604025321,14642786688104080716,131072 /prefetch:1
2⤵
PID:1808

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2980 --field-trial-handle=1796,i,5997399129604025321,14642786688104080716,131072 /prefetch:1
2⤵
PID:4112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4472 --field-trial-handle=1796,i,5997399129604025321,14642786688104080716,131072 /prefetch:1
2⤵
PID:4340

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4476 --field-trial-handle=1796,i,5997399129604025321,14642786688104080716,131072 /prefetch:8
2⤵
PID:4888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4712 --field-trial-handle=1796,i,5997399129604025321,14642786688104080716,131072 /prefetch:8
2⤵
PID:4360

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4836 --field-trial-handle=1796,i,5997399129604025321,14642786688104080716,131072 /prefetch:8
2⤵
PID:3224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 --field-trial-handle=1796,i,5997399129604025321,14642786688104080716,131072 /prefetch:8
2⤵
PID:4920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 --field-trial-handle=1796,i,5997399129604025321,14642786688104080716,131072 /prefetch:8
2⤵
PID:416

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
2⤵
PID:644

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff7a05b7688,0x7ff7a05b7698,0x7ff7a05b76a8
3⤵
PID:736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5044 --field-trial-handle=1796,i,5997399129604025321,14642786688104080716,131072 /prefetch:1
2⤵
PID:1344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3248 --field-trial-handle=1796,i,5997399129604025321,14642786688104080716,131072 /prefetch:1
2⤵
PID:908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3708 --field-trial-handle=1796,i,5997399129604025321,14642786688104080716,131072 /prefetch:8
2⤵
PID:2708

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2980 --field-trial-handle=1796,i,5997399129604025321,14642786688104080716,131072 /prefetch:8
2⤵
PID:3612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4340 --field-trial-handle=1796,i,5997399129604025321,14642786688104080716,131072 /prefetch:8
2⤵
PID:4392

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2492 --field-trial-handle=1796,i,5997399129604025321,14642786688104080716,131072 /prefetch:8
2⤵
PID:1340

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3252 --field-trial-handle=1796,i,5997399129604025321,14642786688104080716,131072 /prefetch:8
2⤵
PID:3108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 --field-trial-handle=1796,i,5997399129604025321,14642786688104080716,131072 /prefetch:8
2⤵
PID:1764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1796,i,5997399129604025321,14642786688104080716,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2672

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3768

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2284

C:\Users\Admin\AppData\Local\Temp\Temp1_InfinityCrypt.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_InfinityCrypt.zip\[email protected]"
1⤵
- Modifies extensions of user files
- Drops file in Program Files directory
- Checks processor information in registry
PID:2052

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap7194:88:7zEvent32673
1⤵
- Suspicious use of FindShellTrayWindow
PID:4252

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0 /state0:0xa3ad8855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:2732

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudtl.dat.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB
Filesize
16B

MD5
36c931ed0ecc7ca2f7f7c0793a4dfbf0

SHA1
9ae12660681132dcb9164fb87f584954a5608c3d

SHA256
900c3dcd025e98fd5027ce81b786274f8694080b5a72f3d357945eeed7281944

SHA512
03da310492586dadb3fd279b4b9eeba62ee02216a7d8bd21e9d36cf171cdf858d777a79a9a3e291a1bf31e4e94b598f632a3baee7264ccfabd149c00a36ec96d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB
Filesize
720B

MD5
27b1eca0e5d8ce4b1f8cf1ef08c88ce2

SHA1
7651b9a2e518c090726b341440484f3ffcb3aaff

SHA256
b170c7233bda82999df302f60eba8b528101ad4048e5f4eaf8fa4b701b949a60

SHA512
c6a1e2c49ee0d40433170e41a56d20dfbe4e085f4c80519463f0e3ac683f2b83fc8028d2d7473fb13d54180314b5571a328e74cb3c0309acaba63e083eda2fb4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons.png.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB
Filesize
688B

MD5
c808734201e6f015fe5f1df825359c41

SHA1
9c33a71dab80bbeba5f310e9caafd88fabdd5914

SHA256
e49c46ca11223789965dc617056b8198753d042dce14bb635071fc3c343e51ec

SHA512
3bb55d33c14bee624b8b4d3793a8f0eeb721e59c85ce0f18c73385b043327c0b1eafbdc86104110725ff37de0a10b6a2d982d8cae2603c10b751915482ffca7f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons2x.png.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB
Filesize
1KB

MD5
f6146c85f192663d19018bb319e9649b

SHA1
a97439bbe22dd25c2b461fe3bbdc1ffa9fd396d6

SHA256
3ff00657f2109072224b1d9266acd072168f413f1ec9048d5dc8196a54ff6db3

SHA512
b4bb09e1c18dd1bf66134de43d6dec3d67f3ab847c90c43ff7363c7fd347ac22f9cd96a4cb03928f9e55ced631a8711372f3829f7e1e51b826283ba3aaf72ae7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB
Filesize
448B

MD5
16f7cd83a087adae249134657da72b9f

SHA1
746f74c7d073aee6387552b779cbb1437e739012

SHA256
047cfaa3c48581f7626697267e145f8ed8260042c73bb6d852c78eb73a1d7ad6

SHA512
1c57a154089d0472686405ef336b95ff5e040d3a58ba19c63a0bdc6e7afe12e2db4fb61224b725134a24c9bb5f288b7a112014d372e1e863c3f23f09c5d971d8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB
Filesize
624B

MD5
9514ca1be98504a76c3779cdf61a05b4

SHA1
85274643398544a106c8ea7baaae1b09a3856478

SHA256
ff27973dec6882aba1d0f05276ef95eeb896c3850327a2666dd0e37d035dbbca

SHA512
15d094c80d86481bfbe8bb3da2012ea81996317d7c1df7da307d6eca26ff67b35e041455cbfe69a40a031bdc65a6ca9045ac974d434c21939b0bd426611d49f3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB
Filesize
400B

MD5
12360eeed68e0ad3d9da38151499e927

SHA1
c4618f79ac3586c3476ae00a226485a4ed6ad065

SHA256
154ad5e5fcc9de5a40d0c60c22a880bb485309c0a54ccdbec9ed9c6e7dbcc6fc

SHA512
070ee31927fc6804bedee3336ce4431ffb8d92beef898313a186fd0ccfa197416a425bdd364361ca3e18fbcbb492fc82f88fe5f7b6bf7b5a93dd49b6c1a3ef5d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB
Filesize
560B

MD5
238a74924790c7d719cac82a92a16363

SHA1
1b7d458d3ca1d0dcb5581c76ce8e27ff6c2af188

SHA256
58a745afd3d9d32b8bd71ceeb793e47b59d03f41df42c272299b3879f5417c8b

SHA512
75ae5f3374f7a21b962893ae3aa96b8751e546527f5508df08f7b05c0166d061e0e6d475c05f8d9799bcf8cc620ef8dd15ef4ed016960a6bdaa66d9ae4dfa5b3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB
Filesize
400B

MD5
b57ba2c65049e782bb6908ebbfbee4bb

SHA1
2e7e20ea0257950036f11e8b2d717cf92bd6c8ca

SHA256
38486c0f442b446cd8eef7e02a7c22de825e0d0c209879035755b3ce5fedb849

SHA512
8d8340e7c2224308b0692238a733eb90f9cb3cec292d46dd57909c6eae665dc7906426b514a97a47be478494c7cbf42448cacf5a74039200f4ef2ccd858c2fe9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB
Filesize
560B

MD5
515e349ee88fd6c0cecc680fa815c695

SHA1
052db357a4c0ff84a7c320c14b0777053688d853

SHA256
0ee48bf5dfc5cfb016502d57e9112a158436bc6682584f75fb643dae3e4d329c

SHA512
7faa44b5a4b34ff7465fad90b4366488b4c78c379c002f9684cb3f094a6d6913626b9565cdb91bd9cbca446a0de501145b5a8900076c5014725bca36339465fc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB
Filesize
400B

MD5
cf664165b139dfa26cc9faec1864ef03

SHA1
77c811fa06c381a5ad26a59c8efcf7a57f519e4f

SHA256
04f0233ec03f2e890272db9db0140c50a367e2ac247e266cdcc795de13ce71f1

SHA512
662e5a3639a04452afbda8b5c26b373169ea3802df770149f9a2e19503a2a03a0a6257edb77d5f9efe4c5702badd202078c7a5aa81aab257a3ba3ff975a71004

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB
Filesize
560B

MD5
257ce69debcb5f962372f38b3814f4ba

SHA1
fafeaecfe6f15892c13ccef98671550a3a1df548

SHA256
e6621af4053d1dc09a5d7b8486fdff299790631e33b216a629224aafa484e8f2

SHA512
bcfaae44e175060cf72029f903c2f87bb0df5251465e97f84bdf5a3bba685778dcd574957045763d3780befac8b1832a0f2904335ebf1e9d9023fd89ca2323e2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons.png.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB
Filesize
7KB

MD5
f2baa832ee4f506ad23c033737f31abf

SHA1
35edc64526456f0b96a8bb9eacdd5eb72dac67a4

SHA256
e7ff4bd13d758e67f4ccc86f7d1e83d4e333760a9c3d7243dfe340b97fd14a30

SHA512
26a56c4002734960822192497756ee20d2fed9128e1cd0e7e40e0064a77ca1afd67b0af49b08f63b49ca986d14a4fec8454583816b2666415253dc07c1ce2ceb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB
Filesize
7KB

MD5
8a707941dfe84079f17afae33b3c0a5f

SHA1
4f1e1d0bade87a52640fa3ea9695becab65ad7e1

SHA256
071065d06c966ecf923bcd4a6f56c96fe9f50730ea40c2f32f907617c3a9258c

SHA512
6cf9cef34d5c0edfced9328a697411099c1639d7acc5b3a4612ae47c79fc5abe03388fca940217010c640d9493125d7c80d318a804b3b3ea3e3fac6cbbd99ca1

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_retina.png.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB
Filesize
15KB

MD5
55f7fa6303376c0d93c868d24a1d0458

SHA1
97f23f50686587fa268834bd21cf4123e33acce7

SHA256
84a32fe410ac70ac069deb0443274050a506d3bb70fbb69979f44e278027cf21

SHA512
a1c8b06d12b43908bdee377093f9a46b28bd361ea528202bd238ac1ec9ff5848572c3c95167ec5ff9e0302e6f7dcb7406071b3fcfafe455302b70392e24152cb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons.png.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB
Filesize
8KB

MD5
6f03ec6e8fd2c1a4cbccd399957327b8

SHA1
6eae1f830e578ce22c47300b55a109e65a45b423

SHA256
c3c56ff3f6848a066a632944280356268626eeecdee881e4df0d737ab560785b

SHA512
56d48a620047cb5df23586c210457ef0ee717b52ec71a6dbe5f4946909faebe85ec03e5126de9725f78ebb828a60b094c99b106689c00289a9c43e1f43d1e674

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons_retina.png.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB
Filesize
17KB

MD5
2cb5b76709d046172fa15a8f82d0325a

SHA1
4cde9025c73dfc9461db5fb972d93b08816b08dd

SHA256
9ba09e7e15a1d50fd64b0e4577e9c2bd5516db8cceb362b90918ee02a5add124

SHA512
ce64683175b9c2b8dcb7638e01593bb5f03ed2f4310a990ffdd6fc7d9b9a3d3525ffbda6dd5c524fc692fe9cd3c9ab10589491ccba4e93501999b173e748fd6d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_pattern_RHP.png.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB
Filesize
192B

MD5
45fac6fa11391957c1b9336b926bb352

SHA1
f19f4c51de3066a18375e3080020fbc10e0c4fc7

SHA256
ea5ace065b7ac1a0c5386fd1d39c9a4c20abe4157cad870b0da163b88a8df559

SHA512
ae95c580929b323ffb5669cc206793630b8e118199b245da28b9982ffaba90a4f2485afa1cb607efedcd17a35bc804631d32053274bcf42d0182e5fda820774c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_patterns_header.png.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB
Filesize
704B

MD5
6c4bdcf422638ec8e8b6799181176f34

SHA1
b9ee4326517badd34e3d0768d3b85bec3d3e1db4

SHA256
0ccd9e5972c893120066618b887f125226cbf1fc9bc9338f80c2b73aa32cf04e

SHA512
a4efa2101e41a5b739a33ebb8dccce9c7020b0c20b8bba02ef7cee55ba4c17f0042b326a901c27dfe76e21bf46f65e505295fec17961c066faf4a9baeeb0e08e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations.png.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB
Filesize
8KB

MD5
e7cfe51920607fd62cc171f5485cc39c

SHA1
0fe713ce53f04c75d3d2489cf049689ce26a8f0e

SHA256
83e8b15e44d4275cfcb6866f762eb5fd79b0509164479b373171ff4f2aedcff3

SHA512
96b1b617323154b26b0eada20672b21a7b81aa9f30b0a2ddf2330a29385911a6cb892ac2128906cb46b2ed37a974fb21de38266454e3b2c2a4bf8d878f85a513

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations_retina.png.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB
Filesize
19KB

MD5
a84d9e7ee14e6f7f6631a092f91d903b

SHA1
8c38d85d9411641dcc15af95a446c571fa2ee005

SHA256
fca9712e7f6179330b72a4a900fe60b651f63b45040a76e2d70cea590221a4f5

SHA512
1138a9c5b7fcc67e6656fe77a4187968adcfe2ccb9703721f2ace5c13bb336da789b83e80aabfeb28a3d96f05ef34bf4e455cf7cce1ee08bed8a46fba83a32f4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB
Filesize
832B

MD5
6caf760e2ce99debc6503cbf9d8941cb

SHA1
2d74300e7f5dbbbd5cd8616c4c09460e263be6cf

SHA256
5ff8501060881f67fe0267e48d097e2c1604d2613059450893b911ae2f7ca289

SHA512
c5661b0533e1d7c9ff258470853781cd607bbd41116f63d15805104b405bfc82fe742e3752673c3563f770a872fa75525227ffe13103696d42febf8105613704

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB
Filesize
1KB

MD5
737da4257bf7bfadc84a08c428e26420

SHA1
4505dbe80252485cd44e5e74717a5b5b91534f9a

SHA256
9ed96f96f582d0c87cc474338f8a17672ba5b1c5b19ab52c87ff2d3bb4be0ea8

SHA512
72cf41a48e429e816df01ff35ba772cd14045e8a8bb4aac1a11b7bae16e7c39cbf5bebba1db6533d8565bf083af3a55f0884bfc9178276d5a784597316dc0316

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB
Filesize
1KB

MD5
86ff656e7ff2bced778b7441b31e1e88

SHA1
4f88c701d6d01c5b6f29c632d26709edd8eb758a

SHA256
ad3d07aed3bee2371d2a70b05feca27bac97a5dab3031724c81dce31a2b5642f

SHA512
bd2b73a63205a210ab932586892e7a93e6d6a53bf2fb7aff9869481c0d9fd1db15ed56fa8c2ce75f234452f37a704771a40b75851021bf60d05dc269c9ade1a7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\css\main.css.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB
Filesize
816B

MD5
27119a5294cbe56ce1bc0dae471c65ff

SHA1
3137850080e44c8bd7fcbad7ce370fcc532f8500

SHA256
d33a609913180d30d9e328c49f1171c73b7266787f26943c38cdbd1fab0ae99b

SHA512
2d12cc5f0d5124acb0a92110eb7274a4b70e15161dbf0025f4497188bb89f2d9ff27f4f14ffb9dd5916841e0e2872779578ceb532c62144165b0267efcc6cb8d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB
Filesize
2KB

MD5
14c535d614af713825323f9d75af4a1c

SHA1
c8194828bd5d134a5bb8ace99402926c721fbed4

SHA256
5848863ce2761fd6c6f189ffbe7d06745254310808b8464b6316511d49cde407

SHA512
9480f46519a0757a7b8ccaecff531279eda4a846553a54bc53450f277c7fc08f79a6735e5cfba612ddcc4d8ca47a0b46bb5dec34eef33c3bf9a5f98d4e48a200

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB
Filesize
2KB

MD5
d0f85b97251603aa7fa5393645d5bc5c

SHA1
67e5312fb36e2b1ff3a97aa072622106cd9c91f6

SHA256
b3eb366ee4187fe4cf9c46745dfecb51250a2e49ae73ba9374dfabdd36fb10c3

SHA512
c81039a1907b1f83bab229c73b77f0858c544ef6c956168b23374e57d39e992dcff52d6f0ae1ec927b3daf53282a75797dcdec8d3c52f72d2027194c9b7ba6b8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB
Filesize
4KB

MD5
3294af63f7a8bc9fd9fd70a1000cf21c

SHA1
9c2d3a11ff983a263f6dcc926155ecd3ddeaf273

SHA256
a4d3cc69d898d5e65931e26549ad8e869ad1af768cf43833bacfda9c3353ea1b

SHA512
7e15bd3248e354856fa79465f7e05997391292ed88fb68cb29a3fbcd25dcb3372c94ef08cb8b75c09e30869f31bacc80883c20a4d8fa5c6762919889f170d90b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB
Filesize
304B

MD5
e5fd22eb32c5838c6f5966d3fa888ac2

SHA1
567d95c00ecc80ba3992136e2a369444014540ff

SHA256
489a23acb392d6421c4e4a9ede401042c7e0b813b7b7be96a768d39467e657d9

SHA512
1d79197daed1be31754c97737680137862276a4d735b22b928b54324ea64d785ed6fb97fd5a833e09f5359c8018cf87b1e20d8bfb01ca9fcf2aeb90b3afc695a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB
Filesize
400B

MD5
d0469be93b5f1bc46abaa66c5d1990b2

SHA1
f53e4c67061a23fbb0cdfa1a67a429078924061c

SHA256
4c54a1c6e1e0ecc90a0e9b94637b43b2cbf225a8edd0fed33c5a9879905cbdf5

SHA512
e3d50ee74eebd2f9c32fb79d17e55430cb24aaf153277cee2d2675f43a0900e2c49403056c8746cbd16721b9ec87b6739a584b7615dea7098964c0c90e1f5fc0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB
Filesize
1008B

MD5
330f04d400f071b05f8f4e389de59b94

SHA1
1700fbb9426f7901ae0148dfe8d1fcad758410b0

SHA256
0a1bc89e04ee353ec38e4e46a7a6b944cb2ae388e19d6470c0f86ac07280b63f

SHA512
a6bfc86d88e1e5adc0282d8ed562077f7b95c0dd2d323584c4c62ecbf5f605e4ea63c9402806d22357b71f5a2cf286b0b93bf066778ebbc90801af672e80dcfa

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB
Filesize
1KB

MD5
364b265648a5ca7f44d863b7cc0796da

SHA1
617e0533b4034ceef57063eb34af521a52bc7041

SHA256
f5e347ed128f658f4359d8a1ecd619f500161eb110546718385c849652405727

SHA512
a86f8c42af411d5779a96a64a447f7d865552e470b38e2019de3083c9d267007f2c2893097e89606fa5cd920457b21a1dcf12ab95de291c38ee2dd7d575eaa05

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB
Filesize
2KB

MD5
37ee2a5c7d24cb2469801f6a585e42b1

SHA1
edbca231cdf364c3a4bc4d92445efe5b901321b4

SHA256
440a24a6adeccbb961ea9e901dd558b3d1ecc99c28331adec1ff509c64be94e3

SHA512
46f540e52f7299112100ef5663a12b29cab079ba335154fcc5d9bba2263a7caf6e1d9b03f00f1b15350b4eb44bf98b7323aed080931faefdd44e3a7e9b481e14

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB
Filesize
848B

MD5
dace099e162be3763493f9dd7fa25858

SHA1
784a3b8d6b663e8e3f1ec2d37d8f5b5f0dcce9c0

SHA256
154ae283a6bc5fe0b3d57cedc09e224fa6312d1d51181be591015755b8de0b1b

SHA512
44c2ecd5c13cd259d5b95963952e68e8e9890e430ba50f8388e06130bbed9d9f5a98b895f40de8eccd5c001d8c0aa8db8a085f9032860c8481068f269c397372

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.BD18E2CBAF476FA60F6A70DA57D27EE2DD5A365BC5878E5639037785163F2CCB
Filesize
32KB

MD5
34a8ef8b87e1c0a3a7c3d60cacd39e93

SHA1
367dce4e5893c744b4271a7afcf08392afc68d6d

SHA256
32e84816d5c797851529c74113ba13b6bb8647a06ceea529e2a8519c2b8b67d1

SHA512
34e6e81d23e3f802a1d11eaaf4b85677aebb2b2a33aa17cd414a40bbb0deb35f8c39dd95089e6fe87457a9d8968585ba4bc75e2e5d7ad80c9331852280fde122

Download Submit
C:\Program Files\Google\Chrome\Application\SetupMetrics\20230415165652.pma
Filesize
488B

MD5
6d971ce11af4a6a93a4311841da1a178

SHA1
cbfdbc9b184f340cbad764abc4d8a31b9c250176

SHA256
338ddefb963d5042cae01de7b87ac40f4d78d1bfa2014ff774036f4bc7486783

SHA512
c58b59b9677f70a5bb5efd0ecbf59d2ac21cbc52e661980241d3be33663825e2a7a77adafbcec195e1d9d89d05b9ccb5e5be1a201f92cb1c1f54c258af16e29f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
3c2400913b078ca872a2d315c4fdf028

SHA1
063893b55bb7485ea8688456a349a8f641d43232

SHA256
525b6346a6d4c74a4bbf6091b93f4eaa2eb68b310dbde666f7136a4dd0c52949

SHA512
332b311da91413a614eba0b4277c8c609d0bdf12155bf0db19657d227989c2a67f1b84c7a0e757c2061ad888f1346c6951cd90d6daac4f855974cd34645338fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
59988ccc49ec30307110afe5ba00e7af

SHA1
5c999293e2330707a164e885aa9535948c2e528e

SHA256
e00f19b1cd75c21b8ea5a042b2cb15a8b8980dbdccd2ccffc46f0e8933b0cc5a

SHA512
88bb0b1d4b42223a986cd2172e9f2116ac961e065403bbae0be5c017d66133d01c43b1cea6ce011d83cdfbf8c3b876df3b6d746dc415b31b5a1a87f13b960814

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
0ce8b7974667c2166bdb20327a2b5cdf

SHA1
60da1486d3ade52e3cc8189fce7fda3889bb6869

SHA256
fdcd015e3b695d7d1526c810c021a1af6eb547bd66a11a93ab411d6e86547ef2

SHA512
3095cc6d57c88df670159cd8eab9b17903e6c5cf35c413118f9b722d384822d5ccd10e0ea719ed91cd72e4403d9cc0119adf2f8d74ff548304c247eb418ad274

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
585713b0de1d75bee4297da8244a665c

SHA1
9f8cb5bbab647a48e52cc35a9a4cdc020b9be873

SHA256
c6f0457f13ce43df803d1d850d410f630f0bf43605d230ad22b2d2e193c25be9

SHA512
6f2ae0409ff215573be858eb06d4a4df44e7aeb5566e7dd42fd81f15a5b17ea718fe3336e432966fe432b76b8ae663cf4451995b0d2e06c562ad95d38301c0a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
371B

MD5
9b2a6029b747aa6a9d6b4d925857e0cc

SHA1
e3fcbfd0fafcf18b27a5ebfde483cba792bdc045

SHA256
1bfe872ddf45e099c5dd95721ea798abd62d4e915f5da02765edfca0ef2989ca

SHA512
af0f4222111500f1a301a0209e0bf27c7766bc48dac403e6852d3e85f5e1c005985a92766e3f2412fbdf422beebe940c935aa411f8086fd9c63b2b480d44b2f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
a9bcec87cd100a621bef5a063daeed5d

SHA1
ebf427b0298863ef283d6906de1f0c76010cb403

SHA256
7f822d3add18380762ca4768bde1fa0bda629724b79d050190a618584c7062db

SHA512
b1b05cddaef395e9340df2c755e5906a72b87b9636b72d0fa7e708b867a46b982ff553267a5377214e90228d7f8a1d488689922faa9f7da695c19d9516867433

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
30bd493563649318477e5bcf763dd559

SHA1
7c72cc84675ea31186445a14221f52adf2373601

SHA256
0024031e081219362b049ad34905e5675d94f9e9bfcd77369efe74073605bb74

SHA512
e3006cb8b7b793afa35f68ee8a8102bbba0f99c7e507dde6387a2c83d7001f8d8bc46c742fe54bc9738118868644c88e3017a0e18d14dd41e3c209d6d76f85a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
2ac51b2127bfa5dc19ecff1450a3c7a4

SHA1
2c6da2e43cd703c7e43e357e31d93ea9ba3f3875

SHA256
74345cf226d49cc654b17691c5dea3c7e96e0645ee436baf89c30a1feebf86d5

SHA512
23b71eabb8dc66e5c5e3ecf2429b5413651b47d29e8d101960a0d5c0b089e0a37dbb697cf05f1652605c90b17fc46bd3e25a44ee1c4e0d41d817923920897da6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
9898a4a335631371b0fd7c65e6d8c689

SHA1
1c8a60b1171d1b70ba7129c43ade4260e1dba7ab

SHA256
dcb47011a4333a177dd922dc0f3783feba6c3cde693ea515dce0175970f50ab9

SHA512
57b5da1936a5147f3862666369ae8e17bca495503bfb90710aed7c1dfdef8a79086973abf6dad0c7000bc775d163ed69158b18a90f4c78d85ea10183a4771649

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
6695801235963e847ec2e7eba3b0e176

SHA1
e0cb34e7230359fd07aa448dc590c7a17a601eac

SHA256
efb6c49a4654d6e038811ac806cb78876000c5fd2068ac8069ec40da0bed3835

SHA512
f2143d346def80560df4a61be44fdfaabc225510015e294cb5243829bfee71c01445c26ffd400802fdd2c6f9669f7422c4fb1c41f0c1fd3e86276d344d959ab3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
1e3ff5d1482280b895f75a920024781f

SHA1
ff32480f0b198c7f5d24dcc189722e60f32cb76e

SHA256
bc15a55e73e391069a7d86427808aac59d4e5a16fa491016afa009aafa063cb0

SHA512
722c169acc4e85f9b3e16becfa5975e161e6e25a528fefb5ee9a79d505b43488df35e3300435246bf0e79b2997869867e0ea0492b93903f4c00470a65c77b088

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
8b8fb5b83ae20e51d6807310b8552f68

SHA1
83ba10a6f5f210494422bcc788d4aa0b90f3d7ab

SHA256
50b1459ab19aca4af13269438c36e8033a48a396b18b64c4c49cae81ee54eb93

SHA512
a5712ddb419bc1b4924ff3f009784d395404f614a50a69ee95a8cf560df71a5b8d7abccf4a8bc4dd882011246dc7d9e9d36867f316c229548f68fbc20bc2a85b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
f93d90870f8019ac95b6f58c435ebd7b

SHA1
4d1418a10ed81d25cec55c85549454b41ed32b3f

SHA256
3d5da1203f725faa12ad996ab7b5ec1166e2cc2fde9e5b43bea4cfa764ff29cf

SHA512
f611bd857bff20c3caaad2ec6e91d6557256d3533668aed6b08a74b153e567c3be0145d4c2ef201f1d2ef60b88493574987925d16a8d8c1ea6fbf8a8b821e112

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
201KB

MD5
885a0fa1d00d9e0d19f5dc0fe3d63eec

SHA1
5df6b8dbf8a9d9ac3037107bab8f026a4e34340e

SHA256
c86a743934bd259d71232ba23bbc25991da8b58be324105929fd0d278b56fdaf

SHA512
2960bab2805eed4ad9532d18305376bd29bbb74a316acfbb33e0035527c4082cc2ebcbb67920d8e0e47051c4806b23b323857c82228b616c7302a66e3e009985

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
72KB

MD5
cbc475b16bc456ca310c79be6188ec5f

SHA1
bc0130000831c5dea8c5a2dcfb277ee074ce6fa3

SHA256
0350aaf96553ad5cb21b8907afb2e0aed579269bca3e42e3fd54d1d361ab2107

SHA512
e423e1cfa9412e455bb7de680bb60c736cf9fa3edf46d907bec4183262fe980f20fdb79883a60f9f9bb26e4c6500b835e0d5144fbd59d927f7668015f2a512b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
201KB

MD5
e63d8983137e9d2110113c052362bcaf

SHA1
5890c96ea092c6b86c4c0c5d6a7e0feef657d5fa

SHA256
5128c1e4118117c528e2b0a77011e6f1a22b1a4b0d2984c4a89f2648cded78f5

SHA512
3393514afdf1b0db98ac63d74e2fd886c56c8d141135135b16df460d059d2dbd4dacac6e65b6e4e6bd98771b98addc6b5fab052e27895015201f9f003728f1fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
201KB

MD5
364ad8ff5fbd7670ee4c7d9656a18501

SHA1
910a4599187f69b55c55b05305a7477e281363f6

SHA256
68d4b1b48a24c20c97c481923f9581d47366ad56a03b29bf8afcddac2be85812

SHA512
4aec509adb45ae32faf17bed098eaaa3c5bfb19ac13788ad238429466951a7ac3e1ee78d39ff0518238de98d3e87018a5d996b2fe32dc9d5f0548407b0d274ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
201KB

MD5
3a7f6f52dc35726b2c862d6001d73c55

SHA1
d5afbe882baf0c0b7c33cb5229e5e45dfd8fa72c

SHA256
dc4764cbdecf2212d97d256322262bd67411b688977750c1a765f6286578cf7b

SHA512
08042538b2950b7661f3428fea819350006fc6007bf9996d2576ab71f529d4fd73457997885c2381c83dd5cf5839e5bd940f653d0976e03229582bd865d1f836

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
103KB

MD5
7d0fe6df77710225470174e330fc4dcc

SHA1
77be3b379cf02ccd6100c1224bd200a681c324ed

SHA256
fa1f84e4a29fa66299666d290eebeddf1af158ba11aed4fd0b8eec7df7e53fb6

SHA512
25db8599d7b8195399a6907efc8d508b045910ce66cbb901e4ea9fdeaf62c4243af2290816e7cfaa25b1c062ed4a86a6bbdae87526df8850a9c36e7942e4ea5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
95KB

MD5
7b3e2fb7056da3116b9d7e72df126853

SHA1
c559342070d0767055821c802bab1295eef515a9

SHA256
1049f988779f400e99a4412876d93b10891c90af8be8189e25a4338611e43a70

SHA512
5666da8696a97506b0d7a33b7047c33bc34b54f04f6dd16a4b9cf5c7117fee06ea598c4d0ff6297c05121dfbd2e01ef7c221443f036383ec234e9b97aebd7fb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
101KB

MD5
0ceaec31565615000b90c4bca612d5d3

SHA1
6e49209f8c6e8a71e4f8a38725cdd32cf169311b

SHA256
e3163fc16ac88cc90a69442155b3a7b79e6b1578adb427e28b3657b790046022

SHA512
2fd8c3abb62ad383c1f9f8e0a77df746fa8d2e134b29edbc1dfcb2c0e93102027ce3e6929527cca039fc48b1bdff98cc40426d1ed56730b39d55ef6fa8adc456

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe572710.TMP
Filesize
93KB

MD5
377b0afa784bb527ecbd96f33972f062

SHA1
d9645d78b23f887015647cd6d35f49ab0daecc01

SHA256
416f3e693f3e588a1627f6567f882d260a9dff7d098b497f0b8dd179bad16d64

SHA512
ac57da6030e998238ac7a9e57de5e6e0b81a3f489041d5efe1ea05f0dd7d17c6148f273b85b3863f2fc03cdc8103e6cf07734a4a9498c2fc1dd2b4faacab4952

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\InfinityCrypt.zip
Filesize
33KB

MD5
5569bfe4f06724dd750c2a4690b79ba0

SHA1
05414c7d5dacf43370ab451d28d4ac27bdcabf22

SHA256
cfa4daab47e6eb546323d4c976261aefba3947b4cce1a655dde9d9d6d725b527

SHA512
775bd600625dc5d293cfebb208d7dc9b506b08dd0da22124a7a69fb435756c2a309cbd3d813fc78543fd9bae7e9b286a5bd83a956859c05f5656daa96fcc2165

Download Submit
C:\Users\Admin\Downloads\InfinityCrypt.zip.crdownload
Filesize
33KB

MD5
5569bfe4f06724dd750c2a4690b79ba0

SHA1
05414c7d5dacf43370ab451d28d4ac27bdcabf22

SHA256
cfa4daab47e6eb546323d4c976261aefba3947b4cce1a655dde9d9d6d725b527

SHA512
775bd600625dc5d293cfebb208d7dc9b506b08dd0da22124a7a69fb435756c2a309cbd3d813fc78543fd9bae7e9b286a5bd83a956859c05f5656daa96fcc2165

Download Submit
\??\pipe\crashpad_3568_IJYOAOUNXXANLUAL
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2052-455-0x0000000004FE0000-0x0000000005036000-memory.dmp

Filesize
344KB

Download
memory/2052-454-0x0000000004CF0000-0x0000000004CFA000-memory.dmp

Filesize
40KB

Download
memory/2052-453-0x0000000004DE0000-0x0000000004E72000-memory.dmp

Filesize
584KB

Download
memory/2052-466-0x0000000004FD0000-0x0000000004FE0000-memory.dmp

Filesize
64KB

Download
memory/2052-3392-0x0000000006270000-0x00000000062D6000-memory.dmp

Filesize
408KB

Download
memory/2052-3395-0x0000000004FD0000-0x0000000004FE0000-memory.dmp

Filesize
64KB

Download
memory/2052-3396-0x0000000004FD0000-0x0000000004FE0000-memory.dmp

Filesize
64KB

Download
memory/2052-451-0x0000000004D40000-0x0000000004DDC000-memory.dmp

Filesize
624KB

Download
memory/2052-669-0x0000000004FD0000-0x0000000004FE0000-memory.dmp

Filesize
64KB

Download
memory/2052-450-0x0000000000370000-0x00000000003AC000-memory.dmp

Filesize
240KB

Download
memory/2052-452-0x00000000052E0000-0x00000000057DE000-memory.dmp

Filesize
5.0MB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads