40a6dfb2da3f160374c4c287d2b2e7657d151f5d9c1d73fd0f6682264a3b0872

Analysis

max time kernel
1782s
max time network
1677s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
27/03/2024, 00:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cvnwzmammv.harmless.exe
Size

307KB
MD5

8b537468ed4eafd01ae1f6d5f11bc052
SHA1

601f8e1aa9d178f7b1ed87606edb19450ab714c1
SHA256

db6487202d548f3e8f5a28f38095d48dfcf7ede13b31d49b827262d314d57f9c
SHA512

ebd2f83dedea6cdeaa71afb068544dfdad75a146c8d542643a105d3f2de2cef9954727c1be4486be522c314c8a1057de8699318530ce493542e545f873c699fb
SSDEEP

3072:xfo9A6UsqCFiv2mvVZKjzepmECVflsC6m7Yl22wruUiLrf923F8GDsrXkd+nAz4Z:69GzmzeAPN0n

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 44 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Control Panel\International\User Profile\en-US\0409:00000409 = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Control Panel\International\User Profile\Languages = 65006e002d005500530000000000	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Control Panel\International\User Profile\ShowCasing = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Keyboard Layout\Substitutes	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}\00000000\KeyboardLayout = "67699721"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Control Panel\International\User Profile\en-US	LogonUI.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409	LogonUI.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\MICROSOFT\CTF\SORTORDER\ASSEMBLYITEM\0X00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "75"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Control Panel\International\User Profile	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Control Panel\International\User Profile\ShowShiftLock = "1"	LogonUI.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\MICROSOFT\CTF\SORTORDER\ASSEMBLYITEM\0X00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}\00000000	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Control Panel\International\User Profile\en-US\CachedLanguageName = "@Winlangdb.dll,-1121"	LogonUI.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}\00000000\Profile = "{00000000-0000-0000-0000-000000000000}"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\HiddenDummyLayouts	LogonUI.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Keyboard Layout\Preload\1 = "00000409"	LogonUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133559737837631265"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Keyboard Layout\Preload	LogonUI.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}\00000000\CLSID = "{00000000-0000-0000-0000-000000000000}"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}\00000000	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268"	LogonUI.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\MICROSOFT\CTF\SORTORDER\LANGUAGE	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\Language	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\TIP	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\Language\00000000 = "00000409"	LogonUI.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}	LogonUI.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}\00000000	LogonUI.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1196	chrome.exe
1196	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: SeShutdownPrivilege	1196	chrome.exe
Token: SeCreatePagefilePrivilege	1196	chrome.exe
Token: 33	4020	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4020	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe
1196	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1500	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1196 wrote to memory of 5080	1196	chrome.exe	83
PID 1196 wrote to memory of 5080	1196	chrome.exe	83
PID 1196 wrote to memory of 1456	1196	chrome.exe	85
PID 1196 wrote to memory of 1456	1196	chrome.exe	85
PID 1196 wrote to memory of 1456	1196	chrome.exe	85
PID 1196 wrote to memory of 1456	1196	chrome.exe	85
PID 1196 wrote to memory of 1456	1196	chrome.exe	85
PID 1196 wrote to memory of 1456	1196	chrome.exe	85
PID 1196 wrote to memory of 1456	1196	chrome.exe	85
PID 1196 wrote to memory of 1456	1196	chrome.exe	85
PID 1196 wrote to memory of 1456	1196	chrome.exe	85
PID 1196 wrote to memory of 1456	1196	chrome.exe	85
PID 1196 wrote to memory of 1456	1196	chrome.exe	85
PID 1196 wrote to memory of 1456	1196	chrome.exe	85
PID 1196 wrote to memory of 1456	1196	chrome.exe	85
PID 1196 wrote to memory of 1456	1196	chrome.exe	85
PID 1196 wrote to memory of 1456	1196	chrome.exe	85
PID 1196 wrote to memory of 1456	1196	chrome.exe	85
PID 1196 wrote to memory of 1456	1196	chrome.exe	85
PID 1196 wrote to memory of 1456	1196	chrome.exe	85
PID 1196 wrote to memory of 1456	1196	chrome.exe	85
PID 1196 wrote to memory of 1456	1196	chrome.exe	85
PID 1196 wrote to memory of 1456	1196	chrome.exe	85
PID 1196 wrote to memory of 1456	1196	chrome.exe	85
PID 1196 wrote to memory of 1456	1196	chrome.exe	85
PID 1196 wrote to memory of 1456	1196	chrome.exe	85
PID 1196 wrote to memory of 1456	1196	chrome.exe	85
PID 1196 wrote to memory of 1456	1196	chrome.exe	85
PID 1196 wrote to memory of 1456	1196	chrome.exe	85
PID 1196 wrote to memory of 1456	1196	chrome.exe	85
PID 1196 wrote to memory of 1456	1196	chrome.exe	85
PID 1196 wrote to memory of 1456	1196	chrome.exe	85
PID 1196 wrote to memory of 1456	1196	chrome.exe	85
PID 1196 wrote to memory of 1456	1196	chrome.exe	85
PID 1196 wrote to memory of 1456	1196	chrome.exe	85
PID 1196 wrote to memory of 1456	1196	chrome.exe	85
PID 1196 wrote to memory of 1456	1196	chrome.exe	85
PID 1196 wrote to memory of 1456	1196	chrome.exe	85
PID 1196 wrote to memory of 1456	1196	chrome.exe	85
PID 1196 wrote to memory of 1456	1196	chrome.exe	85
PID 1196 wrote to memory of 2284	1196	chrome.exe	86
PID 1196 wrote to memory of 2284	1196	chrome.exe	86
PID 1196 wrote to memory of 2384	1196	chrome.exe	87
PID 1196 wrote to memory of 2384	1196	chrome.exe	87
PID 1196 wrote to memory of 2384	1196	chrome.exe	87
PID 1196 wrote to memory of 2384	1196	chrome.exe	87
PID 1196 wrote to memory of 2384	1196	chrome.exe	87
PID 1196 wrote to memory of 2384	1196	chrome.exe	87
PID 1196 wrote to memory of 2384	1196	chrome.exe	87
PID 1196 wrote to memory of 2384	1196	chrome.exe	87
PID 1196 wrote to memory of 2384	1196	chrome.exe	87
PID 1196 wrote to memory of 2384	1196	chrome.exe	87
PID 1196 wrote to memory of 2384	1196	chrome.exe	87
PID 1196 wrote to memory of 2384	1196	chrome.exe	87
PID 1196 wrote to memory of 2384	1196	chrome.exe	87
PID 1196 wrote to memory of 2384	1196	chrome.exe	87
PID 1196 wrote to memory of 2384	1196	chrome.exe	87
PID 1196 wrote to memory of 2384	1196	chrome.exe	87
PID 1196 wrote to memory of 2384	1196	chrome.exe	87
PID 1196 wrote to memory of 2384	1196	chrome.exe	87
PID 1196 wrote to memory of 2384	1196	chrome.exe	87
PID 1196 wrote to memory of 2384	1196	chrome.exe	87
PID 1196 wrote to memory of 2384	1196	chrome.exe	87
PID 1196 wrote to memory of 2384	1196	chrome.exe	87

C:\Users\Admin\AppData\Local\Temp\cvnwzmammv.harmless.exe
"C:\Users\Admin\AppData\Local\Temp\cvnwzmammv.harmless.exe"
1⤵
PID:2632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffad88a9758,0x7ffad88a9768,0x7ffad88a9778
  2⤵
  PID:5080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1836,i,7964533430309324946,15122674254023756026,131072 /prefetch:2
  2⤵
  PID:1456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1836,i,7964533430309324946,15122674254023756026,131072 /prefetch:8
  2⤵
  PID:2284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2208 --field-trial-handle=1836,i,7964533430309324946,15122674254023756026,131072 /prefetch:8
  2⤵
  PID:2384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3184 --field-trial-handle=1836,i,7964533430309324946,15122674254023756026,131072 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3200 --field-trial-handle=1836,i,7964533430309324946,15122674254023756026,131072 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4044 --field-trial-handle=1836,i,7964533430309324946,15122674254023756026,131072 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4524 --field-trial-handle=1836,i,7964533430309324946,15122674254023756026,131072 /prefetch:8
  2⤵
  PID:3320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4672 --field-trial-handle=1836,i,7964533430309324946,15122674254023756026,131072 /prefetch:8
  2⤵
  PID:1208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4584 --field-trial-handle=1836,i,7964533430309324946,15122674254023756026,131072 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3792 --field-trial-handle=1836,i,7964533430309324946,15122674254023756026,131072 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5116 --field-trial-handle=1836,i,7964533430309324946,15122674254023756026,131072 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3200 --field-trial-handle=1836,i,7964533430309324946,15122674254023756026,131072 /prefetch:1
  2⤵
  PID:2528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4176 --field-trial-handle=1836,i,7964533430309324946,15122674254023756026,131072 /prefetch:1
  2⤵
  PID:576

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3360

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:4732

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004F0 0x00000000000004E4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4020

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:904

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0 /state0:0xa39f9055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:1500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Microsoft\Windows\SystemData\S-1-5-21-627134735-902745853-4257352768-1000\ReadOnly\LockScreen_Z\LockScreen___1280_0720_notdimmed.jpg

Filesize
62KB

MD5
6cb7e9f13c79d1dd975a8aa005ab0256

SHA1
eac7fc28cc13ac1e9c85f828215cd61f0c698ae3

SHA256
af2537d470fddbeda270c965b8dbdf7e9ccf480ed2f525012e2f1035112a6d67

SHA512
3a40359d8e4cc8792be78a022dc04daed5c1cc55d78fe9cf3e061ea5587baa15023ce2152238f5be5cc5124cd468f220cf9dab54344d93edd3dfcd400b24469d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\3ef2471b-be6a-45a8-a0df-54d2c9db3c32.tmp

Filesize
6KB

MD5
1de11a72f0f9182110b36b4eaeb605ad

SHA1
24be4a60abd6a8cb135adea5173bf91936270473

SHA256
3d87c44255ef4e5552e078eecc619cd30c67a9b4919db0591ec8612e10dfb2d6

SHA512
c9a322f245cbe2d5619fb37a30c832075b5e589da7a68edbd8183ec519b2dda65322be17b023c2d4610e3a6ecea85e8ba391477007ae8a0877e576e831a6efe7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
559B

MD5
ba41c557fd94931df3f6a20e3b7d40d5

SHA1
e4ce908a8c348e7185ecd831d48331a53ba9ebb8

SHA256
44ea50f8eae4d88474c54622fb62f89d280e2920966d0cc321c05bca34e5677b

SHA512
e0f2b9a7b54bddb76836f7b7913d18338395dfb0da2dba9d352fc2b40507bde1c9e7a1f2befa89f61e7740748217cd816df0e60e97912f5f717e0091dec9fad3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
cfcb833527d01f54ccb3287f56d300d7

SHA1
7c70c64f7bf1523519a96e1cd42d282f4e04f4e9

SHA256
0b635a79fbb414ef66f7374682a8c0e645fdc9441fd8571f0f1b8c5374927d42

SHA512
b2e52513559fee0fa2d4c77fdbd0ef11ec96b4ee6ef581d78091ec1adbbf268fb6ecc7d41e39e259dc93b8d36c522e698ad1756ba24fa7a2b8c263c7152ff025

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
95fefd4151e1a780e29d1bdcfadcb03c

SHA1
6851cbda3aed79a7692aa5b3ca3cac51e81175cb

SHA256
5ba066543f3692f86159c80b68395fdf6a6dc317443a8e0dcbad0dc248adcca5

SHA512
1c2efceb8d60293d84ee6d9dd72aa0302e4ddf71928c8076b879e91dc5ad490e92c8fac2d37d7a624e5bc9688dac4e49ff4cfee9c996fa385b3ba030d21d17d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
88e943e654f9a65f7dcad422c433dd46

SHA1
022e32704188115cd64f1737db00158efb4c31e9

SHA256
577e8f70e7cf8042de6607156a8d7c6235c51f3ff25ba42d32d1d6e3cb1f5e32

SHA512
4cd47a0a90753c2c29715d0dc16e628cdeb2add7e59e10d848303a2c1114da4cb54e604f1f50bdadc8263904654246d4d42931a8e42815c0edaa96476348c9a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
38KB

MD5
6d96255554003ecfe7ebc9f0f4b8c852

SHA1
81bd96bdaacb930a706f5c8c6df7dcfadf09f22f

SHA256
4ddac031be4dc3bdd0c25293c1737db7e5fd80bd004e202f85f3cd169558419d

SHA512
e5187ce339e17252d06e97067ae0a870b76e1f22df76af72d2b86b2eb1a30a8d280bb1c153129d6abe75f873a592af4afb0bb74869acf6fa549830ec21ce612e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Desktop\AddOut.asx

Filesize
414KB

MD5
6ccdd437f340a38c211f8477b6b5759c

SHA1
d2dfbcafdf4a1a0a870a02b7f884c2d86e2a7dfa

SHA256
4dc8ae84fd835b6ae108d447fff93bb96e41961246b7c4336921516ab603718c

SHA512
7775199dda25085f2a4217e9fd89bf69047e9f83a0e42bf29bb996962ec68c7535208f8e87260f551a25ba07da89be9cfd998ee783db2c69225aa29ad223f574

Download Submit
C:\Users\Admin\Desktop\AddUnlock.mpg

Filesize
358KB

MD5
31368810fe9b29793ef96142be75785a

SHA1
2cac31d56305d9837cb25dce5d46ba29f672b8b3

SHA256
91c9c8dfa51bafefe0c703a23211ae665386f44d94b689c5b1364b0f7125ce40

SHA512
735bbd492108abe0fece12fe497bd35d44e6283ea881e0dbd74ef62787fe97330d0ce8494d610f7533c551daf8c1ace826cbf37c587b105560e7f168fb6be8c4

Download Submit
C:\Users\Admin\Desktop\CheckpointRegister.html

Filesize
384KB

MD5
39f1c9be296e3ac6350b1fd29c3059df

SHA1
176eb0e7c53c500ee78bcdd8e8d2e0e0b86347f9

SHA256
8366341d8f0bfdf4f6b372d3f63fc3cf3b06f59c9fbbcca404f6d48d1771e87f

SHA512
61441ec31722a7f0fcf27e61407e837025db27a87d806c9ae2d460851843b18032274ca765fec30ee1dd8dbf483f3024759765115fad716bdf912b9ed174ffa5

Download Submit
C:\Users\Admin\Desktop\CompleteConvertFrom.M2TS

Filesize
384KB

MD5
33ad24ebe5e144c4dd55452ad182f1d3

SHA1
4017a2ca3fe9fbf57fffad757526e3875f6211a1

SHA256
0e6595b1589f7d074b02c03f0e2b19b2d828700b76c83888caad70cceddba8c5

SHA512
28704446427f1b765330979b17809f9747f34be05b5550e9eb8bb07b610dac5d690fc9102e86cd1386b5e27d8fd8addcdf53aa745b7d47fb68fce9a6cd984555

Download Submit
C:\Users\Admin\Desktop\CompressEdit.ods

Filesize
192KB

MD5
b667bbb87651f3ebdd1df71f5b0b6ae5

SHA1
d579f398286f251a0420c260c950d4af17588e53

SHA256
93562c34f48211dffe4f4c43db50d3f2c87f59016e5a286cd5df7a0741563599

SHA512
545c3ae138f5f531df4c6a144ce2cc5669607c9d3b3cd56a5f58bbcd056742bb0d5ce9a6a83887fc04f1ce2196971c1234205e7fb04c9a434c69ed2355734ebd

Download Submit
C:\Users\Admin\Desktop\DismountExpand.mpv2

Filesize
128KB

MD5
b64427ccca852c7191411dcdb8add561

SHA1
f220ac1ef67bdc5c12c4b36cfcf0136c1cef71db

SHA256
b9e7c3cf69c54ba39d46eb0fd80fd94722012a0525c3cd99da72ad3e0813b9f5

SHA512
8fedb8ccdfcd493aa1eaf8e7955d5ba379dc517303bd9df25b354b5df29b28f72893c1b7d7b659148f2f9d42c93e8d36239bf7e0eeb9a5a8249af50438f96d2a

Download Submit
C:\Users\Admin\Desktop\EditLimit.midi

Filesize
128KB

MD5
3cd1b09db1c55282225cadab9ebe9ae9

SHA1
52e95b63dd150ed7ac2f45f48ca15de9ce7e6626

SHA256
ef945a30fae2c59eb01e8971ea766ea1c776a74df58e4ebf8f3cebf775afe1ea

SHA512
c91efe0fa19d97fbeb0d27e3f8b2cb4a9ab6a2bf9c69c58599d965e0b89a28603d1818c40805da2964d9a0468c435db712660df21ebdc6beffc980caae6aef02

Download Submit
C:\Users\Admin\Desktop\EnableUninstall.asp

Filesize
128KB

MD5
70f09d74722459b690efdaacdd784323

SHA1
5f9f1db558b1aff89b164409be5422202cf5120f

SHA256
2ffe0374a32047defaef994d838979818bd776bd2951d673abddb93b36b917e0

SHA512
e4cb4de21949d0a4f74b3c2730fe8e5335870ce48dcfbdd2dd81f0606f536a7163da473f99cb6177858746f932ac9f4c019458d99ecaf56fff501a1166256ce1

Download Submit
C:\Users\Admin\Desktop\FindSet.ppsx

Filesize
744KB

MD5
d0d59263e9978971d5c0a847a36baa11

SHA1
042877dd179e24a7a1513442633d2f247c9ce251

SHA256
3a2f852c2ab90d033d7c9183f22ae513eafebeb67aa1b21a41849f6cea077cd5

SHA512
fb4b4c636f3b94dcbb629051d2647358ae28ee5687af53a9aea664d434929d3fead08cec0fcbd07da08ec3aa08754c42ed4f901c2954cc756b75d9ee5b908bf3

Download Submit
C:\Users\Admin\Desktop\FormatSkip.xlsm

Filesize
330KB

MD5
11cb18a1ceb03db533075fe7470d393e

SHA1
54e95c4968d2d66be62b84a75a26478825233ccc

SHA256
c7526f1e763d3883f34d012be3a3e858f1b45e4827700347ad708536db9b3deb

SHA512
3a1a2385dc296826a4f80b54bb9ed25dc6c7b5a3255d614fea619da19cd5695a61e2ff4243e5972f163949fb5381f8303e853750d47ef3d1bb9ea9ded7475816

Download Submit
C:\Users\Admin\Desktop\ImportUse.cmd

Filesize
189KB

MD5
371ae63115f7a138179738ce579699b2

SHA1
77edccec9ba8aa66264ed974d7f37cceb60ffea4

SHA256
f9648f755508e6dcc2fec59a0aef6bc510bff8442744755e855af1719602d97c

SHA512
edbc314ba353540d89ad6e3a358e7fd0741dc5cc3c311d766358e95a970b62d6beeca836d8781f676b869e3c7fa28707dce6c22da04e3f2371fa1889eb2f83e5

Download Submit
C:\Users\Admin\Desktop\JoinConvertTo.eprtx

Filesize
456KB

MD5
6feef8d5dd8532f2f7365cbdac41a68e

SHA1
dadec5225eb0c10c540e362a88ae078e77915fb2

SHA256
f01d00429c0111401223380a51ad1ac3fc91ca80853b443c0b19585cbe9dc57a

SHA512
ce591d97f465b234db5835168be69a7a1bd6e1d5a3bf4e74ec0c29b1a5e89a969d1cbf299cc4e42265753e1682c80e101ade9d70e0bdac6233d38aef17363219

Download Submit
C:\Users\Admin\Desktop\MeasureRemove.svg

Filesize
273KB

MD5
3b94024ee06c4eea0a9164b8e7e6a927

SHA1
035df29b8c7ba6c7ae3483dfbc8244dd9b7fb71e

SHA256
4d860a48f7fcaaeacc7f85bf3ea5ea6edf0cf024402ad4e605d0594408ff80b7

SHA512
aa5955c2bdba48fb3cf58fdccfc2207c34698482a8dd615232207db5f8985e95332445119e91d12c4198a0a36a9e45ff8739bc17728e34aac29f6f41c269e8e4

Download Submit
C:\Users\Admin\Desktop\MeasureResume.3gpp

Filesize
484KB

MD5
13cdbba14e5e4787ed6db19484fb4873

SHA1
caeba8f2e1431fe4c59b049f3d8b883e05dd2ba6

SHA256
225a31a6a0c773e23c64e2c7e83d0eec06932b22452b6906e0eaf500ca694d1d

SHA512
5cc9954008ade9699a4de2540f5ae826d05da98cf7d82fe59429654546aa25a4009f0204d2548bbfa9c1e64262c176ead1b32c09674d8c63f65e0b6ae13d1a49

Download Submit
C:\Users\Admin\Desktop\MountStep.asf

Filesize
344KB

MD5
b9d9962de7dfe7517c7b9573b81d00cf

SHA1
ea18f21991f78c3f4df8dbe37268940052de3404

SHA256
36802f1955e2f185fd4e0595692fe7a607d543dddb2f138023f066a1e81da350

SHA512
6d638443dda6bd452d0746fd21ae44e6be478f829da1adc0054084b852e16112b31dcc750692ed39ac603a3b5d6ddd677c3f17d8f054d3b206182913aeb1fcb4

Download Submit
C:\Users\Admin\Desktop\PushApprove.bmp

Filesize
231KB

MD5
25bb35b45e765565c698b38d4bc0a435

SHA1
204a889a2723ab0dea6212abaa636a8832aa1e43

SHA256
d69d0b085ad9caa1e6f6184ed62e2d1c7c6486c8ce656a331b5271beebdf9b9e

SHA512
2aea2841cf051b4ac993054fc0d93f8f5f89572f5f4859dc1068b7145ac538377559ebcc35c37a038550b55d1e4113abe10666891e9feaf3dca2db29a798e81f

Download Submit
C:\Users\Admin\Desktop\RedoResize.vsd

Filesize
302KB

MD5
8ea73fec7e5855feb00cce8146109b3d

SHA1
7ea4c302bf193f6778262b2035094e22ddf8656d

SHA256
15357f5802e2d69dfdc61cf6da3b88e2af9c0f2b53e0627a75cef3bef0a63752

SHA512
73125cb00d4680530dc6051383cac65588b0de6f8e9e0e9a3d1c9154c26aee41d350fe4ec762d427ee26a9c791ab131103470a4dd2f39c107812cbea16236db7

Download Submit
C:\Users\Admin\Desktop\ResumePush.vsx

Filesize
386KB

MD5
5cce31b0f108879d4a989479f26ef1d5

SHA1
ce6c468e82503df2209072f7eaaaa7ada677f69b

SHA256
c693a2c743bb2008c565bf18950f36da219bc06c7e201836ce743d1daaccd09d

SHA512
961981f289745a333abcfa32da073ad306126b0cd6d5373f08b0f595c029b69926122174a43a462e00e6ce8e8dae1c0517184287a98c0987c3a051e8051763fd

Download Submit
C:\Users\Admin\Desktop\RevokeConnect.emf

Filesize
287KB

MD5
6ac0a4ba2519788cdfb1497b1546d46f

SHA1
0dadd2b590dae8fd54444d489b1ce9b21677ad24

SHA256
3efa83d08ed638a48351ebc7d77319580174bcc576da501996f560be118bdbc1

SHA512
c9a3ab4a22a795ad1a58060047fd266c6325ecb3c295ef8c45fe1796f57ac92258117ab49c7445728d516241b079f5bbb2f12c8a4f712f0369cfafa9e8efc7f7

Download Submit
C:\Users\Admin\Desktop\SaveSearch.jfif

Filesize
540KB

MD5
bbcf11e4e0148f6f34331f67d066e393

SHA1
c333aa5f18c1fb3a61b30248caf51c5ae6875793

SHA256
5f4e3b84df0db9423858b24fb8ca9f85d25fbbd1c28a795686ee320cba8b5736

SHA512
802c5b6217243a57f3b2ed468807e284a4fdf2081dca21c3d7c7ba2bea0102f206cb0f86af84455cfed2c7ad6ceb6894f5d6efd64a229556633dc7eefca22b64

Download Submit
C:\Users\Admin\Desktop\StepInitialize.cab

Filesize
470KB

MD5
60a21aa55ded678ed131650369c88465

SHA1
6561bdbd5eefd5fdea8fae1dd9515af0b7c0c2a0

SHA256
7716f80c0150a276a8caf2001ef8348765b69d162ffb5d75eda6117a37a0a653

SHA512
0a9331aaa27abaff53e8600072642a67e3ed46c09ec38b7d451052671d3e2266580d0d3eae2e0ffa33e7e8d727a8a6e73ef5260c3ee1025f374c9f153968ab76

Download Submit
C:\Users\Admin\Desktop\SuspendCopy.css

Filesize
245KB

MD5
8447cd16a5d7119353a09762189541a9

SHA1
cbcbe0ad615cce545777ffeefdefa202499ba0a4

SHA256
b7ec8153fe07d7cd3969a5373c8c847d361350c23ee78d1f2c6ae54948ae2344

SHA512
06f348a55c67263a9ebab5a23be162d4b70e10365f6c9c063e3d1a87c036b8982ea6c72f9538ba6f7c1adc1ce65060c4cfb79644a58abaf28967246682d6e637

Download Submit
C:\Users\Admin\Desktop\SyncSend.mpeg

Filesize
442KB

MD5
b069708d6141dbc01e84042d43488068

SHA1
ce08409c4c186a961f66c76968a426acfc6bdb80

SHA256
33018c985601ef0b2ebad5dcf75d3acc7d98109c50180a2e68137db8ffe45f76

SHA512
08464fdbf3daae7811b1891a01bf4bd08792c6a253a10dd6ba20ae51a20534d25e319efdbe47069b0a5a6e6cc8e225db75be7ddd6149a7795045290620d0e866

Download Submit
C:\Users\Admin\Desktop\TraceRegister.emz

Filesize
217KB

MD5
7812c076f214b32e02c2bad1b5c98127

SHA1
dba7b4e2cd6837ddce0344adef65048dc596a4f9

SHA256
3f57690029274e0fc83016b35af9ef5dcbde78030817641d9f6e94646d398d09

SHA512
88973c4cf0c641c0a4512dc82c4d985fb88f459f38dceaa4cef694ecefdaf6d6627e70c2c615c0757b45d13132da29ec6206215434659d0d3cff2ce0c9771131

Download Submit
C:\Users\Admin\Desktop\UnprotectUpdate.ppsx

Filesize
526KB

MD5
a733f716a2bc83acbf355597cbb651e5

SHA1
952ad07dd23006081396d9e05d27cbafa827323c

SHA256
fe2d791fb60cac8a29db87f742124b5e1e5cc7572c5befd4055c650c519a5cda

SHA512
7fde6a9fa8b83db1d1214044fef825a80fa8ec5db07d4e17b75ca4e6033effc6f8dc0a141318df6a73efcce475b508be5b88fd58921e970f734abe04c79d82b9

Download Submit
C:\Users\Admin\Desktop\WriteDismount.lnk

Filesize
259KB

MD5
b4d8438abdef52f2496b3ad4dcdaea37

SHA1
a3b80f1c59d570f42257316ba00105990d912c89

SHA256
827f93276b3963f945afb737cdce68c742346bb8e1cdcd7cf534cd028e4d38df

SHA512
527ce2b23cb7ceca82f601e20964fa61fdc46a698a2c67bfaa277d357c0596ed352ff3189eb5955f36a1ac568448b0c5326bd4eeaf1388fd3944ce6ed939dc03

Download Submit
C:\Users\Admin\Desktop\WriteWait.m3u

Filesize
372KB

MD5
3b8a29bc7d812dc81043b593068ba77c

SHA1
be1347783287ceefb348dc87f429c8e34a471da5

SHA256
ce58334666fa9e07dcf849fdc8107427aba745c438875b969bf1ca0dd004abd4

SHA512
4304ef37c9b09f25fc3e10612967f62b4ca9e18801457a7ed3a99486eb9d559a8fa65ff8233fa117186371e36a2600a05e4f22af64bf168c2dd13a95215580a7

Download Submit
C:\Users\Public\Desktop\Acrobat Reader DC.lnk

Filesize
2KB

MD5
ba6ea42030305609038d754fa9211a4d

SHA1
18b5b14854577fc6197f825762e7eb28925a21d1

SHA256
07148d5e77f5dc67ed5d29f1754b8babe6353f92652d739649c08661eec6f828

SHA512
2ed086ae70ce40bf150eff35c15419caa5d31dd3c1dacf0133a1aa2d01b65a08d4801ec384c30e4764d8b1429bb6cf13e9b64317c5d67a84babfc7059b269e18

Download Submit