hxxp://masterdatasempra[.]zendesk[.]com/attachments/token/v1AH88MHVUN7JVM4dwdxx2OmJ/?name=SI*-*Formulario*Informaci**An*del*Proveedor**A28Sempra*MX*29*ES**A2812*29[.]pdf

Analysis

max time kernel
263s
max time network
268s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
20-02-2024 18:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://masterdatasempra.zendesk.com/attachments/token/v1AH88MHVUN7JVM4dwdxx2OmJ/?name=SI*-*Formulario*Informaci**An*del*Proveedor**A28Sempra*MX*29*ES**A2812*29.pdf

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133529275460693317"	chrome.exe

Modifies registry class 55 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000e693d8d3492fda01257772a2502fda01af7f34692b64da0114000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\NodeSlot = "2"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1815711207-1844170477-3539718864-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe

Suspicious behavior: EnumeratesProcesses 26 IoCs

pid	Process
3992	chrome.exe
3992	chrome.exe
2612	chrome.exe
2612	chrome.exe
4232	AcroRd32.exe
4232	AcroRd32.exe
4232	AcroRd32.exe
4232	AcroRd32.exe
4232	AcroRd32.exe
4232	AcroRd32.exe
4232	AcroRd32.exe
4232	AcroRd32.exe
4232	AcroRd32.exe
4232	AcroRd32.exe
4232	AcroRd32.exe
4232	AcroRd32.exe
4232	AcroRd32.exe
4232	AcroRd32.exe
4232	AcroRd32.exe
4232	AcroRd32.exe
4232	AcroRd32.exe
4232	AcroRd32.exe
4232	AcroRd32.exe
4232	AcroRd32.exe
4232	AcroRd32.exe
4232	AcroRd32.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe
Token: SeShutdownPrivilege	3992	chrome.exe
Token: SeCreatePagefilePrivilege	3992	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
4232	AcroRd32.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe
3992	chrome.exe

Suspicious use of SetWindowsHookEx 13 IoCs

pid	Process
3936	chrome.exe
4232	AcroRd32.exe
4232	AcroRd32.exe
4232	AcroRd32.exe
4232	AcroRd32.exe
4232	AcroRd32.exe
4232	AcroRd32.exe
4232	AcroRd32.exe
4232	AcroRd32.exe
4232	AcroRd32.exe
4232	AcroRd32.exe
4232	AcroRd32.exe
4232	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3992 wrote to memory of 1736	3992	chrome.exe	64
PID 3992 wrote to memory of 1736	3992	chrome.exe	64
PID 3992 wrote to memory of 920	3992	chrome.exe	86
PID 3992 wrote to memory of 920	3992	chrome.exe	86
PID 3992 wrote to memory of 920	3992	chrome.exe	86
PID 3992 wrote to memory of 920	3992	chrome.exe	86
PID 3992 wrote to memory of 920	3992	chrome.exe	86
PID 3992 wrote to memory of 920	3992	chrome.exe	86
PID 3992 wrote to memory of 920	3992	chrome.exe	86
PID 3992 wrote to memory of 920	3992	chrome.exe	86
PID 3992 wrote to memory of 920	3992	chrome.exe	86
PID 3992 wrote to memory of 920	3992	chrome.exe	86
PID 3992 wrote to memory of 920	3992	chrome.exe	86
PID 3992 wrote to memory of 920	3992	chrome.exe	86
PID 3992 wrote to memory of 920	3992	chrome.exe	86
PID 3992 wrote to memory of 920	3992	chrome.exe	86
PID 3992 wrote to memory of 920	3992	chrome.exe	86
PID 3992 wrote to memory of 920	3992	chrome.exe	86
PID 3992 wrote to memory of 920	3992	chrome.exe	86
PID 3992 wrote to memory of 920	3992	chrome.exe	86
PID 3992 wrote to memory of 920	3992	chrome.exe	86
PID 3992 wrote to memory of 920	3992	chrome.exe	86
PID 3992 wrote to memory of 920	3992	chrome.exe	86
PID 3992 wrote to memory of 920	3992	chrome.exe	86
PID 3992 wrote to memory of 920	3992	chrome.exe	86
PID 3992 wrote to memory of 920	3992	chrome.exe	86
PID 3992 wrote to memory of 920	3992	chrome.exe	86
PID 3992 wrote to memory of 920	3992	chrome.exe	86
PID 3992 wrote to memory of 920	3992	chrome.exe	86
PID 3992 wrote to memory of 920	3992	chrome.exe	86
PID 3992 wrote to memory of 920	3992	chrome.exe	86
PID 3992 wrote to memory of 920	3992	chrome.exe	86
PID 3992 wrote to memory of 920	3992	chrome.exe	86
PID 3992 wrote to memory of 920	3992	chrome.exe	86
PID 3992 wrote to memory of 920	3992	chrome.exe	86
PID 3992 wrote to memory of 920	3992	chrome.exe	86
PID 3992 wrote to memory of 920	3992	chrome.exe	86
PID 3992 wrote to memory of 920	3992	chrome.exe	86
PID 3992 wrote to memory of 920	3992	chrome.exe	86
PID 3992 wrote to memory of 920	3992	chrome.exe	86
PID 3992 wrote to memory of 4636	3992	chrome.exe	87
PID 3992 wrote to memory of 4636	3992	chrome.exe	87
PID 3992 wrote to memory of 4816	3992	chrome.exe	88
PID 3992 wrote to memory of 4816	3992	chrome.exe	88
PID 3992 wrote to memory of 4816	3992	chrome.exe	88
PID 3992 wrote to memory of 4816	3992	chrome.exe	88
PID 3992 wrote to memory of 4816	3992	chrome.exe	88
PID 3992 wrote to memory of 4816	3992	chrome.exe	88
PID 3992 wrote to memory of 4816	3992	chrome.exe	88
PID 3992 wrote to memory of 4816	3992	chrome.exe	88
PID 3992 wrote to memory of 4816	3992	chrome.exe	88
PID 3992 wrote to memory of 4816	3992	chrome.exe	88
PID 3992 wrote to memory of 4816	3992	chrome.exe	88
PID 3992 wrote to memory of 4816	3992	chrome.exe	88
PID 3992 wrote to memory of 4816	3992	chrome.exe	88
PID 3992 wrote to memory of 4816	3992	chrome.exe	88
PID 3992 wrote to memory of 4816	3992	chrome.exe	88
PID 3992 wrote to memory of 4816	3992	chrome.exe	88
PID 3992 wrote to memory of 4816	3992	chrome.exe	88
PID 3992 wrote to memory of 4816	3992	chrome.exe	88
PID 3992 wrote to memory of 4816	3992	chrome.exe	88
PID 3992 wrote to memory of 4816	3992	chrome.exe	88
PID 3992 wrote to memory of 4816	3992	chrome.exe	88
PID 3992 wrote to memory of 4816	3992	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://masterdatasempra.zendesk.com/attachments/token/v1AH88MHVUN7JVM4dwdxx2OmJ/?name=SI*-*Formulario*Informaci**An*del*Proveedor**A28Sempra*MX*29*ES**A2812*29.pdf
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcfc8f9758,0x7ffcfc8f9768,0x7ffcfc8f9778
  2⤵
  PID:1736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1900,i,8890206630934679737,6358212333522741443,131072 /prefetch:2
  2⤵
  PID:920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1900,i,8890206630934679737,6358212333522741443,131072 /prefetch:8
  2⤵
  PID:4636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1900,i,8890206630934679737,6358212333522741443,131072 /prefetch:8
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2836 --field-trial-handle=1900,i,8890206630934679737,6358212333522741443,131072 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2868 --field-trial-handle=1900,i,8890206630934679737,6358212333522741443,131072 /prefetch:1
  2⤵
  PID:212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 --field-trial-handle=1900,i,8890206630934679737,6358212333522741443,131072 /prefetch:8
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 --field-trial-handle=1900,i,8890206630934679737,6358212333522741443,131072 /prefetch:8
  2⤵
  PID:4308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 --field-trial-handle=1900,i,8890206630934679737,6358212333522741443,131072 /prefetch:8
  2⤵
  PID:1912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5108 --field-trial-handle=1900,i,8890206630934679737,6358212333522741443,131072 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5808 --field-trial-handle=1900,i,8890206630934679737,6358212333522741443,131072 /prefetch:1
  2⤵
  PID:3912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5968 --field-trial-handle=1900,i,8890206630934679737,6358212333522741443,131072 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4668 --field-trial-handle=1900,i,8890206630934679737,6358212333522741443,131072 /prefetch:1
  2⤵
  PID:2360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3952 --field-trial-handle=1900,i,8890206630934679737,6358212333522741443,131072 /prefetch:1
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4676 --field-trial-handle=1900,i,8890206630934679737,6358212333522741443,131072 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5568 --field-trial-handle=1900,i,8890206630934679737,6358212333522741443,131072 /prefetch:1
  2⤵
  PID:3468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5484 --field-trial-handle=1900,i,8890206630934679737,6358212333522741443,131072 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5444 --field-trial-handle=1900,i,8890206630934679737,6358212333522741443,131072 /prefetch:1
  2⤵
  PID:116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5388 --field-trial-handle=1900,i,8890206630934679737,6358212333522741443,131072 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5540 --field-trial-handle=1900,i,8890206630934679737,6358212333522741443,131072 /prefetch:8
  2⤵
  PID:2628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2892 --field-trial-handle=1900,i,8890206630934679737,6358212333522741443,131072 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:3936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2884 --field-trial-handle=1900,i,8890206630934679737,6358212333522741443,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6148 --field-trial-handle=1900,i,8890206630934679737,6358212333522741443,131072 /prefetch:1
  2⤵
  PID:3920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6228 --field-trial-handle=1900,i,8890206630934679737,6358212333522741443,131072 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6548 --field-trial-handle=1900,i,8890206630934679737,6358212333522741443,131072 /prefetch:1
  2⤵
  PID:3528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6244 --field-trial-handle=1900,i,8890206630934679737,6358212333522741443,131072 /prefetch:1
  2⤵
  PID:1980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=3944 --field-trial-handle=1900,i,8890206630934679737,6358212333522741443,131072 /prefetch:1
  2⤵
  PID:2004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=1084 --field-trial-handle=1900,i,8890206630934679737,6358212333522741443,131072 /prefetch:1
  2⤵
  PID:2384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6624 --field-trial-handle=1900,i,8890206630934679737,6358212333522741443,131072 /prefetch:8
  2⤵
  PID:216

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4028

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\SI - Formulario Información del Proveedor (Sempra MX) ES (12).pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:4232
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  PID:4732
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=0B1E0657545063853C973601EB7D77CC --mojo-platform-channel-handle=1768 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:208
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=176B32F11F7052892311E7064F34E9C4 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=176B32F11F7052892311E7064F34E9C4 --renderer-client-id=2 --mojo-platform-channel-handle=1776 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:216
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=944B1F398DBA0A884B0DAFEA6D2F1785 --mojo-platform-channel-handle=2340 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4568
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=38930A69862BB705857969E87F980BD8 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=38930A69862BB705857969E87F980BD8 --renderer-client-id=5 --mojo-platform-channel-handle=1880 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1216
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D71860DCCF94A55BDA0759B98F697176 --mojo-platform-channel-handle=2472 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2536
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=BB226D76109B3010A7464FB29C6030A2 --mojo-platform-channel-handle=2444 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:5048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
347b016bd20d1091c92492ece91311f1

SHA1
f452a133aedd5d85f984acd268a22bd345447241

SHA256
bcb7f4c6c920668b23d2cc1c676eb317702b4ea8eb72b14016858051f9794a71

SHA512
170f304595b36d664a537ea6fd7b05cef99de7bed401d5fa723ae218c5956a5c24493e990f7d28b4695f9463ec7da4f18e19d3233ddfdef682de66b117501523

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
36KB

MD5
b30d3becc8731792523d599d949e63f5

SHA1
19350257e42d7aee17fb3bf139a9d3adb330fad4

SHA256
b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

SHA512
523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
194KB

MD5
ac84f1282f8542dee07f8a1af421f2a7

SHA1
261885284826281a99ff982428a765be30de9029

SHA256
193b8f571f3fd65b98dc39601431ff6e91ade5f90ee7790bfc1fba8f7580a4b0

SHA512
9f4f58ab43ddadad903cea3454d79b99a750f05e4d850de5f25371d5bec16fc312015a875b8f418154f1124c400ae1c82e2efd862870cd35c3f0961426c8cd82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
51e3d1752fac23aa58f7bf8874dbae53

SHA1
7b6812845deee4bb79aa4806dfbb7dab1c65c056

SHA256
0a621f581cb9735c77c9eef5749d4fed72fc161a7137153e48e5c1f1c0ff504b

SHA512
1515cc4603d44e1885032a919024e0e9330c1fbccde57c36349ea909a723249b2d6e5c24a01d7245758b986db2d1f9953ede3f742e522360464a10d7dd5c184b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
d75e45b1a9fe89c1606bc9d067aa7af2

SHA1
e1fe18082d07c45ec2a7bebb661a699368704f3c

SHA256
59303382f1f4e06eb660fdc1f01dbee6b04d1cfa9df73b2f70ae1c0e61a37e0a

SHA512
dabd88e978c8f7e430df89501919914d3e6a3a2b14bddaa85459026b677a16395aa4752c7b06aa3d2d99dccd4de1968c00013b81a36c94f3445201d5ee24e1e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
06740eb1880f1eae410a42117fd5e370

SHA1
8369a78cfcd78957e929761f96624cda4f1ddb7a

SHA256
b0d07a19d2d4fb93fa8f57f5fb94e04f5598954f197eb26a52e82259a1ab691b

SHA512
9d4bd5ffe1a727635c35cfdd3684a509d6bc657828f427b6870b029b637a294de238ef5dcaaad191fe4535e79747cf6a2755df410f770fde136549d73347a878

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
6172835e6b05824a3c12195b3b898e99

SHA1
988601aeaaedeba8c53786c4e947ba229314bb11

SHA256
2a8039e48088f4cff073cc801ae5e9eb2402008bd8bdf14e86dcc69e24bd582d

SHA512
a36cb41e856c5d2328019314af4642645b46e3a76df89cd34aa0b12afd767036d808be7a322c8792ec3a57c5af55a373c76b7d6a38717f82afcd55a429fa4291

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
cca8177098c46424f5b37d9f058d5857

SHA1
b2ae256fc6d1c9754466ef23b86c8d75231b2c02

SHA256
d8e2a4b5c9e020a9cc112450517643ca3facc2f8cbfee0abfc83f9497fad4a1b

SHA512
e9187950d202fe5e3b331fce8c3d92ffbd8d44b521ad19d907c4d4286a30ad2366d05e4d6bf250c94c7de50f4a30686d0a052c1d29b6f3f75d09e5c20cf81e37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\92ecdffe-5b69-4cd5-9588-a93a7f4dea0e.tmp

Filesize
1KB

MD5
0897f0c91a77ccb3ded5f206671dbff3

SHA1
766eaa2496cc7b58312137e345f7c138cc2711f6

SHA256
29a437d2cc374c1fe0501eb0e9b8c6f613435083c9a1de1c79b1049735219eb4

SHA512
8ad911df690cf7b7dc50a89aba6da9904412a879a05a23000893af2f94a6f35183974c12e884394fe8d052eaf154fc6887e6f529554d230fca63c567383ec63d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ff5194e1ab5f179b8c97055eb2b5b38a

SHA1
87623deae9be9dce4cd9003adb1e9524a80a7e7b

SHA256
0bce84b7fd077cb2c21e6d96b9eeac1e1408c4ca1a4199a7b0a0eff1992d0b37

SHA512
9dc7673eeec726c60d2c56dc7662c61b88e072fef8be688df99af271d302eb571fc39f922ea3be80101766235bed562561965782c526fba8126877c7ba477c6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
f31a68a5ca11342d955959d136dd0af8

SHA1
0e3564e8bfddd2038d7a5912ccb14bf20191f71d

SHA256
50750ef90cb5071ba665eb36b29356ceb4a65b66cc7612874929a9a8cb490a5f

SHA512
d02f5fc27f0f3af9f398d5cff3276f87465bee48bf8b6c51d2a883283e5c1992492fac6f354ef8e5ca319136d679e69635705a25fc54849efdefa05d2699c0f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
074efe8c6923b6f683a54402ef11ec92

SHA1
669bc4feaaafedea7514d7ef366af87355ad492f

SHA256
940397319387cac2a3de6246c20e41b2acaf7cb757fd3a640c949857c60de3aa

SHA512
75f1ae551efd4301e8d513cc6eba495c84170bb4105c20093705f683b7521f6119dd0d9559dba8bdaf70e5ef8814eefd8fb065a8a3a25ac8034cf04baae4fc94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
a05bd5e69a95169970bf7e9942ef105e

SHA1
8eba0c76e5644905921270cdd7fc7f598f55dbfd

SHA256
6e76b3edc401d8670f54935bd5804e5fda46024c795fbdc70ef045a4c0f169c4

SHA512
08945919f4c9e71852ff8cc227ba74eaca97b1e512b6f569b8a1dc39f6a04a3bb1666d563fffc0339bd15b6de4b9d9d95cde5ce5822e7126f99323452daef04c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
f8b029e201dbbc24d04e03eab2801654

SHA1
af38d678003c29202435b7926e728f08427d81f9

SHA256
19fbf11609c04532be369375e7c97b5c9153892f991d34bd0f3485efbf03ffa3

SHA512
a4505397e922fe288116fc2a1def1167e46815d47e60ab13ee84b97ff21da452e40b3552b7c946ce11832f9daaf62baba45380b61f557e273435715f2719b9ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
7d23676d415edc9bac7573c6227a671c

SHA1
536bb34025420070df907d87ab580bb28ab0cbe2

SHA256
70850272f3e5efe164fc921d39c72c05af27d8dc6cf738f0e2864393c8e2cfd9

SHA512
0180fd5e3b6e216d4d027fcab31821ecae427eb9ef1a3b70c6f0f34b712265bf2d6026071010c90a75e50c94e67403e83461bef3aa68a3009d171435503fe21d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
501e798dbde11e78ec1a4612e3642115

SHA1
58f088233fe1ef57763ea6219af90cfc35713c10

SHA256
8439946bfe7ca06e7af956e39c604aa75a08e40cd4b5da06803b2fcc12e8b714

SHA512
dd0134f59c9c4fc2098bcbeb87239dc91a979951087a413138821b5d1d2608d5a1c7a342ccf86ab29fd249481a8c9896c6fb0aed286afe97a072f9d36af39ba7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
359cc2d45d16b2f46d9ecb59856528ab

SHA1
e4f660a495cd07874ceeb4e22abc25d558774458

SHA256
5f7d2df70eb0faa869cabdfef4a50ddb4783425ebb704a3a7fade4b9fa0bd84f

SHA512
dc163ceaee34cb1d8909f74381b030828009487c593690866d6fd16eaadf3844e22bda510f59e52692cc4e90d9d514644582e2cb6787aa861bf12c6bf7ad0519

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
16ea086afb79ebeceac7cb2995bd4fb0

SHA1
a6059965d3e4bfb1c5e9cab1baac52878fb75243

SHA256
840e500849df44a52d6e4170981ce4c7f7f544102967bd58b5bbc82a857401dd

SHA512
99fe8edb88dc095a8d584d72ba6d088f5b609559eca27f76500f8f3140376f1ca348568197d7139dfff2233dc571a7fedb4813696f7779a115104f67d218ca81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6f7caaa1fe8d52f4c270a98e17a19a66

SHA1
e4e28c50ab9a49cef7c63ff18c97b09436018f84

SHA256
070e53614e0e7c1f1f11b5b830d0a418d8ad762ce1dda4ff9ae6cf55a37ef692

SHA512
2d83e9cb33d107c8bc66269bd314fec8798d351add139e9caefe79772c928e6160c09a45057bbc65b6a233c25ad11dde4203459aa927f48d47e1ea8181090096

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2cbda6be10917ab75b84d05113db817e

SHA1
b2f8797c99a9eb8387a104c90a87be79dffe28bf

SHA256
7a6a013938c2049981cd9bb224b15dae554d181a9c564c1a72e6e0bf2f1ab0de

SHA512
7d410aaf4bdf62a44573109d62e7263cf73e2b4eb516051f031e648c4095c2f3856c64f7166f35ed53ea0b4592b30a1f3b98dc22b7535228f4445aba692dabc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
eadd5dbee9165870c3ffc5a59ead2712

SHA1
eefe2cf4b2eae1eb65dff9de1b061b3c3216b33f

SHA256
85343782360a89b7fe7a75acf1ad651016b2d290a7e9c4c803eeeec3ba3cbb58

SHA512
487f9708e12cdcf591314fea4c6c11283e5d8221e2ea0a40c929eb2e75da358b0410ca973c158e5bdc698df7e179c909677a68ec6c1b77d04e837a6ad06589c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
70f14b894fe585422cb51d3285bc11ea

SHA1
12a49e1cbf3ff596b2847aedd93ec6c041d53b24

SHA256
f0ec8cc8d14dc286951c8bc1274176ed7b5502cd54e6560ffc0d5a4ce44bb5a2

SHA512
cf341e4dfb76e769ee01481cb49891f95ce017a264ae5975c85bee0fb2d6b3b06cc3a24b3b6b132a4d59af05af72d3f648e0337b6199a4f5e22309121ffff3c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
76eca81b95661e7ba94f92819f67121a

SHA1
f3d40699ff127d2fba048f78c6e993eda9930847

SHA256
dda8682aafcbe7b3846d1b05ad412e8ba6f4df7842673d8b82e8617aa6498a15

SHA512
a4ea87ed91d7c4d2150f21e661d53061c357c797b47a104b729896b992103045620a15614a095447cc2e01410087a9b31d0b6a530230995f9af09a512597eaa4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6158a444c896532b0738057c97edeed0

SHA1
1b776b1fe2a58fe5676007a35876a231dbbedbc5

SHA256
099334dcd87f5ec6fa6f3870bf90c8117abd78a2e1c23f3dc34ffeef3499f355

SHA512
149cbd7c8d5c720debef542d22a7895b45dfb97a03a5212cf66d47e63439ecfc36d3c3a825c96f8da95effed60861f46b04257c0fa44c4d7d4ffc7474fd8246a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f57c97835639b30bc35eec070f02cf00

SHA1
aa1a5535b901c3acd319487d59048506349e2f33

SHA256
26c3aaba14e987eeb2649f19d70397098654487125af881702c175a528ff7c99

SHA512
a9b792a2f35716ea4cc58a951d4dee122a009f33358117ff74d3a48f0d0f4c817cdbe0ff7496157e133b5963829dee39e596f884ce631d295b425d0e48b644e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d30911f8c3a89fb92333449c474ba251

SHA1
ef751698768006b359b9d78480234a9668681c8f

SHA256
7e7d911c2b304f8e179e79d2f6893e1097a52b78b8abd4582496e06498dc71d1

SHA512
e7a21369b2dd28c977b59ac0bdeefa47f8326f8a5759ceb4efd92ea2970d3f796f62a9cfe16edd247cccd55dd0d3ff56e5e9e866685322bf00658b6dc8bd637a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e170ef0d699dfc96fde5898086d40234

SHA1
07624f0317334cf4e1454148ec8235052ad63de7

SHA256
2522423fe4ce04ebbec03a10c4fa81fc4273cfac9d4855cf903b846f48e61fb7

SHA512
5af9dd63c438fcb2d2ec1e2b6bad8a0efb279a01de9e3290ffa830828dad78c689c82c54ef996a414dda35ba2ceffcde17bc6eb9ada2d7a6e903c8ad95d2d2b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3fe79e08665d91ac864e9f4d57f2f65a

SHA1
e57c5f6f74aca2669936d04567becaa47d267c69

SHA256
afdd0c788a75d98a412c029663068a3c17808b3264e91ce0a1b1f0762019efa1

SHA512
71817a7ef1a31d0b0b3fc877485cbebb86381eca223ce55cefc8c28ff6b2afb5338134da4fd5a0cef3ede3d1a2fe4445acfa53597227b3fdcde1cfb38d37392a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
2d75d1641d9fe27313b047b89f68feb1

SHA1
eda1b8ab1653ab30c226eff2d03ca06ed45feb75

SHA256
10d23286061ffc9bf403d9d52ea82974219b22ce9cc41d6ebdb4e70f21754d18

SHA512
2fe0d93ed0d3cd3611748ce5029db8aea89454850df1c64ec5f8568ca8cb2597c3e66908485281125b6b10a1c4c28d393ede779d4c4c2629d5c81de0b0b16909

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
26d07e75b85c0bb97719d5cc1d1c589a

SHA1
092b16850a57675d3456e661a5f34a18c890aab7

SHA256
964b07cf1b940ca05977a74988f3378519c18396d0bdf848c9f2ecc821850205

SHA512
fd6512039dd3080957f702a96e16ce73f67c0476a1ff71206b35306517928f287345b88f4e76ae3addf10ce68c8aaaa4d92b39ebf63e17c7153db8b6113cecee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
aed075f15284cdac0c3c8f127988edfd

SHA1
ca8bdbb1bbbf232823a932b2dfa52922c634c8f6

SHA256
a66fa44621558efe8a23432a00c91e1247d25311f49b47d45b6f1fe0d8d0d2a0

SHA512
d853380384ea279073bb054c4ff9e2718cbc0732dadad5145734d6ac67ee7443c526107655261ac766fde87d8608c96cdaa3f848cbc06218c61680b05254e484

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
343fed1c170845461c3bead9a831e1a1

SHA1
2b611cfa57c6a6c67409f9d3d08d4b3e62f4c27e

SHA256
a993fabf8d50002dfe471e793386633cedd63d90b0e1fcd4d052b478344e31b4

SHA512
8bcd598be44f3c863285dda860a553b52838d4d462924f1d34173b27f92b5e782cbb4424be4f28e47cac269be1887b852fdbc992dee7c4f5ee013c4bd2a5b1f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
6f748db39ceb123bebc9356b58d6c6e7

SHA1
988026c425c115712bd8fe15aeeca45feb851640

SHA256
80e4b844a7695b4c90a968adf4a5e6ab5710f2cac9f99cae2abe932e51d66ce9

SHA512
a18e451d4b8a8b8e54f09a4e221c72018e1003bbe3d0811560e0091eb1daa786aabf97bceadcc105d3864f0e22ba86de22f46d40d9996618ced9bd07501734ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
4029aba1545d6545960604164ce47e66

SHA1
5b31d91fd9fe06e7f8d1725fcc14b65cc1a622ba

SHA256
43e03de0b206221127d6810187dd71d2d8ec05dbfff2dac2370b0119f8ac972b

SHA512
e147d9a13d1a3830619eac72de948026dfece325a7a6d0d4fd1c256a2f1d82381728b888501c33fbf5e12efd316c6c1cae761ab40aebc09fe4c013b310e02889

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe599149.TMP

Filesize
48B

MD5
59da2c229a576f133c3d7d86081e07eb

SHA1
1182bda45081a03ddbca1dcf93826e060e4c7e5d

SHA256
661734b4feaa632138c79ab8ed8b1d12215e81db388f2e76bae88f82a6a97367

SHA512
14bc6c226d825652626bda09e9fb7e7878c73e2ec46ba9377bddea92a035e14a73785c275b6bc112241f52821c31e8fc9be1fc3ca2538d8dcefa2a384c3a30d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
ca04045bfa61af490697bfa3322c52c2

SHA1
1decf1b8c8da4a952656f5186936c42f0b465a8d

SHA256
9316c27f56f54695955856430e5bffa186893f1ca50ee3edf133e31c96dc5ca6

SHA512
dbecedd5d41433c4d573caf7e4af1e84c2b5308233814cbd4ba3107f19b658a146e27b102fce7dfcbd93e1c12b4583dbc36eb28d6fa95c6207b1ed517aa39c0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
5bd3a533b84d9d01c24ede156f457db4

SHA1
f4fb1ff795836696a228f7e6e5e959e89b455d96

SHA256
d6369dec9ff8aefbdbc9d0ba6cb67f5be2fffe4e6fc4ebc9bd945a57b43f6738

SHA512
88feacbe02d7eb0f72a2cc8001109216e56a7a0c51dffaee4d30b5dce1df9f2db053e64bd5641ccef4dd191266c6ecc9d35c1017bb53b52c32986bf77ffd4794

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
dbff7ef8f82035b6862bcbb4073bfcb8

SHA1
aa70911775f4b120234f06feb89e7f87184573c4

SHA256
6f8d017f9775a6f309248818b45e990d791937f2016803be9739777bed0b56dc

SHA512
9d265551588ce55598bff1e7d3a7890a245371214f54044e808bb7f2ace7b9f4b540515af8399a9536a82a42a96ff9eb094ec3dfd890abebfa1dbb2b9525c235

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
7f47817132804ba12169975e4c5adaaf

SHA1
859087dcc642ddd0bd20dd7597a2a507bdafac94

SHA256
28898f6510fc24ccdb617a687c389b933ca4d3307352eb46263a6d9651caad2c

SHA512
6ac2d6cc6c7a61b0d8c3c09952232de166b2768126e53760b0659de49a4740ea2ac0e7ef1345ed8805aab01160eb4e59245a30aad5e920beeee7820bf173b7f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
69b6c8d94465889ffe9b5b6fa40869c0

SHA1
e8b12b03841cae66039bf261ae2a45bbff4f2dbd

SHA256
50ae64febd9af4dbd72a55c44a096db1b29fe41e3a9d9da3a052a6be4a5e1f7d

SHA512
b3279e82fd6004a0fc938170dbe29d8ae9c1265f6c7e339ed5a557175593fdf6b97e2c23b8ae0b7d7d72b8d6ad3f238b8e0ed9875986f073a2e7351fff2a0f6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
108KB

MD5
114e37b741751f5734db47e8b7f64324

SHA1
9bb2a329bef68071de704aed6acec3c430b735c5

SHA256
ddf4f79ddff56125fd1f964ce05ce5a21253cbb1e9af0f9b8ada5dd9ab964466

SHA512
5a3ab3898996acc7743e4c2949306588a5a71f0f0b34213c4582aaefcaaddc21f84b66e41f96bf433f0f03eaab2f434b98c69f0b112ddca8c33bebeff14a684b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5aa6e0.TMP

Filesize
107KB

MD5
27f0b2ab1ec7f724b0966805c6820378

SHA1
735cf83f134c777a47f0786f365e68c25810c3a9

SHA256
1827140c8e471a91d2ce2cd789bd4c16d5bd5dc255c20d5ae4dd53ed67948dc3

SHA512
685fb17438ffdf356c13f661383add035fe901608db5c55efaef57e459e8c6e1bbff17da63dbb52e416bb284166b79337b03bdca981f82f96d0e7e00c19b70df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\SI - Formulario Información del Proveedor (Sempra MX) ES (12).pdf

Filesize
225KB

MD5
1f4007a539b3d61076167f77c33b2a3d

SHA1
978beeb5d2b4dba50dec58ce0945d77675057f4b

SHA256
97c6b2c9a3644b9eccf93d88c0e07acb35d9bbe8da929f111bfad2a41ec5e5f2

SHA512
4bdd678976ab2f8380d9e73d5dfb7961c86690ea012a398c50ffe19069a6f2e652c9d7527fd588d79d80947b7949639cb84427b964c2b9fede5a6dca91996fee

Download Submit
memory/4232-889-0x000000000B540000-0x000000000B590000-memory.dmp

Filesize
320KB

Download