hxxps://www[.]toneden[.]io/jeff-flix/post/discord-nitro-generator-made-by-jeff-flix

Analysis

max time kernel
261s
max time network
262s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
29-04-2024 18:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.toneden.io/jeff-flix/post/discord-nitro-generator-made-by-jeff-flix

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133588902822510981"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.toneden.io\ = "301897"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\Certificates	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\ = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Rating Prompt Shown = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "541"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\DisallowDefaultBrowserPrompt = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DomStorageState	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "703"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\NextUpdateDate = "421230186"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 0a0e741a669ada01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory\NextBrowserDataLogTime = 4039987f989ada01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Explorer	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\OneTimeCleanup = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\NumberOfSubdomains = "1"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "3510"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\en-US = "en-US.1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B72164 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = bf76a01f669ada01	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 1761ce29669ada01	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\toneden.io\Total = "13"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState\EdpCleanupState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "268435456"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = 0100000085fe16d435f70b9b3f8948424e5f3019dd38d0ab39985af61ab62df676a84d646ded516d7eca8843412fc9ea957e254431274ceb69bba3c1f0ac	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "689"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "588"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\bing.com\ = "0"	MicrosoftEdgeCP.exe

Suspicious behavior: EnumeratesProcesses 25 IoCs

pid	Process
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5228	AcroRd32.exe
5228	AcroRd32.exe
5228	AcroRd32.exe
5228	AcroRd32.exe
5228	AcroRd32.exe
5228	AcroRd32.exe
5228	AcroRd32.exe
5228	AcroRd32.exe
5228	AcroRd32.exe
5228	AcroRd32.exe
5228	AcroRd32.exe
5228	AcroRd32.exe
5228	AcroRd32.exe
5228	AcroRd32.exe
5228	AcroRd32.exe
5228	AcroRd32.exe
5228	AcroRd32.exe
5228	AcroRd32.exe
5228	AcroRd32.exe
5228	AcroRd32.exe
760	chrome.exe
760	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5548	OpenWith.exe

Suspicious behavior: MapViewOfSection 6 IoCs

pid	Process
1652	MicrosoftEdgeCP.exe
1652	MicrosoftEdgeCP.exe
1652	MicrosoftEdgeCP.exe
1652	MicrosoftEdgeCP.exe
1652	MicrosoftEdgeCP.exe
1652	MicrosoftEdgeCP.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4944	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4944	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4944	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4944	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	872	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	872	MicrosoftEdgeCP.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: 33	1000	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1000	AUDIODG.EXE
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe
Token: SeShutdownPrivilege	5068	chrome.exe
Token: SeCreatePagefilePrivilege	5068	chrome.exe

Suspicious use of FindShellTrayWindow 41 IoCs

pid	Process
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5228	AcroRd32.exe
1980	7zG.exe
400	7zG.exe
400	7zG.exe
400	7zG.exe
400	7zG.exe
400	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe
5068	chrome.exe

Suspicious use of SetWindowsHookEx 43 IoCs

pid	Process
2364	MicrosoftEdge.exe
1652	MicrosoftEdgeCP.exe
4944	MicrosoftEdgeCP.exe
1652	MicrosoftEdgeCP.exe
4736	MicrosoftEdgeCP.exe
2364	MicrosoftEdge.exe
2364	MicrosoftEdge.exe
5548	OpenWith.exe
5548	OpenWith.exe
5548	OpenWith.exe
5548	OpenWith.exe
5548	OpenWith.exe
5548	OpenWith.exe
5548	OpenWith.exe
5548	OpenWith.exe
5548	OpenWith.exe
5548	OpenWith.exe
5548	OpenWith.exe
5548	OpenWith.exe
5548	OpenWith.exe
5548	OpenWith.exe
5548	OpenWith.exe
5548	OpenWith.exe
5548	OpenWith.exe
5548	OpenWith.exe
5548	OpenWith.exe
5548	OpenWith.exe
5548	OpenWith.exe
5460	AcroRd32.exe
5460	AcroRd32.exe
5460	AcroRd32.exe
5460	AcroRd32.exe
5228	AcroRd32.exe
5228	AcroRd32.exe
5228	AcroRd32.exe
5228	AcroRd32.exe
5228	AcroRd32.exe
5228	AcroRd32.exe
5228	AcroRd32.exe
5584	AcroRd32.exe
5584	AcroRd32.exe
5584	AcroRd32.exe
5584	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1652 wrote to memory of 1432	1652	MicrosoftEdgeCP.exe	77
PID 1652 wrote to memory of 1432	1652	MicrosoftEdgeCP.exe	77
PID 1652 wrote to memory of 1432	1652	MicrosoftEdgeCP.exe	77
PID 1652 wrote to memory of 1432	1652	MicrosoftEdgeCP.exe	77
PID 1652 wrote to memory of 1432	1652	MicrosoftEdgeCP.exe	77
PID 1652 wrote to memory of 1432	1652	MicrosoftEdgeCP.exe	77
PID 5068 wrote to memory of 4360	5068	chrome.exe	88
PID 5068 wrote to memory of 4360	5068	chrome.exe	88
PID 5068 wrote to memory of 5148	5068	chrome.exe	90
PID 5068 wrote to memory of 5148	5068	chrome.exe	90
PID 5068 wrote to memory of 5148	5068	chrome.exe	90
PID 5068 wrote to memory of 5148	5068	chrome.exe	90
PID 5068 wrote to memory of 5148	5068	chrome.exe	90
PID 5068 wrote to memory of 5148	5068	chrome.exe	90
PID 5068 wrote to memory of 5148	5068	chrome.exe	90
PID 5068 wrote to memory of 5148	5068	chrome.exe	90
PID 5068 wrote to memory of 5148	5068	chrome.exe	90
PID 5068 wrote to memory of 5148	5068	chrome.exe	90
PID 5068 wrote to memory of 5148	5068	chrome.exe	90
PID 5068 wrote to memory of 5148	5068	chrome.exe	90
PID 5068 wrote to memory of 5148	5068	chrome.exe	90
PID 5068 wrote to memory of 5148	5068	chrome.exe	90
PID 5068 wrote to memory of 5148	5068	chrome.exe	90
PID 5068 wrote to memory of 5148	5068	chrome.exe	90
PID 5068 wrote to memory of 5148	5068	chrome.exe	90
PID 5068 wrote to memory of 5148	5068	chrome.exe	90
PID 5068 wrote to memory of 5148	5068	chrome.exe	90
PID 5068 wrote to memory of 5148	5068	chrome.exe	90
PID 5068 wrote to memory of 5148	5068	chrome.exe	90
PID 5068 wrote to memory of 5148	5068	chrome.exe	90
PID 5068 wrote to memory of 5148	5068	chrome.exe	90
PID 5068 wrote to memory of 5148	5068	chrome.exe	90
PID 5068 wrote to memory of 5148	5068	chrome.exe	90
PID 5068 wrote to memory of 5148	5068	chrome.exe	90
PID 5068 wrote to memory of 5148	5068	chrome.exe	90
PID 5068 wrote to memory of 5148	5068	chrome.exe	90
PID 5068 wrote to memory of 5148	5068	chrome.exe	90
PID 5068 wrote to memory of 5148	5068	chrome.exe	90
PID 5068 wrote to memory of 5148	5068	chrome.exe	90
PID 5068 wrote to memory of 5148	5068	chrome.exe	90
PID 5068 wrote to memory of 5148	5068	chrome.exe	90
PID 5068 wrote to memory of 5148	5068	chrome.exe	90
PID 5068 wrote to memory of 5148	5068	chrome.exe	90
PID 5068 wrote to memory of 5148	5068	chrome.exe	90
PID 5068 wrote to memory of 5148	5068	chrome.exe	90
PID 5068 wrote to memory of 5148	5068	chrome.exe	90
PID 5068 wrote to memory of 5160	5068	chrome.exe	91
PID 5068 wrote to memory of 5160	5068	chrome.exe	91
PID 5068 wrote to memory of 5188	5068	chrome.exe	92
PID 5068 wrote to memory of 5188	5068	chrome.exe	92
PID 5068 wrote to memory of 5188	5068	chrome.exe	92
PID 5068 wrote to memory of 5188	5068	chrome.exe	92
PID 5068 wrote to memory of 5188	5068	chrome.exe	92
PID 5068 wrote to memory of 5188	5068	chrome.exe	92
PID 5068 wrote to memory of 5188	5068	chrome.exe	92
PID 5068 wrote to memory of 5188	5068	chrome.exe	92
PID 5068 wrote to memory of 5188	5068	chrome.exe	92
PID 5068 wrote to memory of 5188	5068	chrome.exe	92
PID 5068 wrote to memory of 5188	5068	chrome.exe	92
PID 5068 wrote to memory of 5188	5068	chrome.exe	92
PID 5068 wrote to memory of 5188	5068	chrome.exe	92
PID 5068 wrote to memory of 5188	5068	chrome.exe	92
PID 5068 wrote to memory of 5188	5068	chrome.exe	92
PID 5068 wrote to memory of 5188	5068	chrome.exe	92

C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://www.toneden.io/jeff-flix/post/discord-nitro-generator-made-by-jeff-flix"
1⤵
PID:4880

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2364

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:1348

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1652

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4944

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:1432

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:872

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4736

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:4484

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:4568

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:4960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffa63159758,0x7ffa63159768,0x7ffa63159778
  2⤵
  PID:4360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1544 --field-trial-handle=1792,i,16949855809657995904,10167299311467788958,131072 /prefetch:2
  2⤵
  PID:5148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1832 --field-trial-handle=1792,i,16949855809657995904,10167299311467788958,131072 /prefetch:8
  2⤵
  PID:5160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2076 --field-trial-handle=1792,i,16949855809657995904,10167299311467788958,131072 /prefetch:8
  2⤵
  PID:5188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2956 --field-trial-handle=1792,i,16949855809657995904,10167299311467788958,131072 /prefetch:1
  2⤵
  PID:5336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2972 --field-trial-handle=1792,i,16949855809657995904,10167299311467788958,131072 /prefetch:1
  2⤵
  PID:5348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4464 --field-trial-handle=1792,i,16949855809657995904,10167299311467788958,131072 /prefetch:1
  2⤵
  PID:5624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4440 --field-trial-handle=1792,i,16949855809657995904,10167299311467788958,131072 /prefetch:8
  2⤵
  PID:5664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4756 --field-trial-handle=1792,i,16949855809657995904,10167299311467788958,131072 /prefetch:8
  2⤵
  PID:5680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4916 --field-trial-handle=1792,i,16949855809657995904,10167299311467788958,131072 /prefetch:8
  2⤵
  PID:5872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5032 --field-trial-handle=1792,i,16949855809657995904,10167299311467788958,131072 /prefetch:8
  2⤵
  PID:5940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4944 --field-trial-handle=1792,i,16949855809657995904,10167299311467788958,131072 /prefetch:8
  2⤵
  PID:5996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3772 --field-trial-handle=1792,i,16949855809657995904,10167299311467788958,131072 /prefetch:1
  2⤵
  PID:6060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1540 --field-trial-handle=1792,i,16949855809657995904,10167299311467788958,131072 /prefetch:1
  2⤵
  PID:5720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5000 --field-trial-handle=1792,i,16949855809657995904,10167299311467788958,131072 /prefetch:1
  2⤵
  PID:5848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5108 --field-trial-handle=1792,i,16949855809657995904,10167299311467788958,131072 /prefetch:1
  2⤵
  PID:4304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5244 --field-trial-handle=1792,i,16949855809657995904,10167299311467788958,131072 /prefetch:8
  2⤵
  PID:5344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3768 --field-trial-handle=1792,i,16949855809657995904,10167299311467788958,131072 /prefetch:8
  2⤵
  PID:6116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3752 --field-trial-handle=1792,i,16949855809657995904,10167299311467788958,131072 /prefetch:8
  2⤵
  PID:5988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 --field-trial-handle=1792,i,16949855809657995904,10167299311467788958,131072 /prefetch:8
  2⤵
  PID:5472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=164 --field-trial-handle=1792,i,16949855809657995904,10167299311467788958,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:760

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5512

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3fc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1000

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5548
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\Nitro Gen V1.0 By JF.rar"
  2⤵
  - Checks processor information in registry
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:5460
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
    3⤵
    PID:6104
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=24EDCE9300E7F22544D4D82814DBE466 --mojo-platform-channel-handle=1612 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:3260
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=58B83C984C2575E7F5A6068E34204950 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=58B83C984C2575E7F5A6068E34204950 --renderer-client-id=2 --mojo-platform-channel-handle=1636 --allow-no-sandbox-job /prefetch:1
      4⤵
      PID:6060
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8A4E247030436774CD659165528A346F --mojo-platform-channel-handle=2192 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:2916
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=22FB2AE2675CE42F2C62CFF0A8282AA6 --mojo-platform-channel-handle=2328 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:5316
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8CAE859FB66E644ADF200C3F04868521 --mojo-platform-channel-handle=1756 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:5548

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\Nitro Gen V1.0 By JF.rar"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:5228
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  PID:5560
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=F220AC86C54FF869B6A42C0AF8C2BFCC --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=F220AC86C54FF869B6A42C0AF8C2BFCC --renderer-client-id=2 --mojo-platform-channel-handle=1536 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:5824
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=6A1E1A421B9F98F1FC890A2C16666EA4 --mojo-platform-channel-handle=1836 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2508
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=576381DC2EF85550792CF9EEFF0396B0 --mojo-platform-channel-handle=2308 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:196
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=14F39596125361C9A30BBF19BCDA8B86 --mojo-platform-channel-handle=2312 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4140
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=BC2C4E57E9FFE8065E79F73E5156D387 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=BC2C4E57E9FFE8065E79F73E5156D387 --renderer-client-id=6 --mojo-platform-channel-handle=2528 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1852
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=74A32F849F39C0C91FF64144FF0B96E4 --mojo-platform-channel-handle=1824 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:5640

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Nitro Gen V1.0 By JF\" -ad -an -ai#7zMap71:102:7zEvent27564
1⤵
- Suspicious use of FindShellTrayWindow
PID:1980

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5660

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Nitro Gen V1.0 By JF\Nitro Gen V1.0 By JF\READ ME OR DIE!.txt
1⤵
PID:5872

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\Nitro Gen V1.0 By JF.rar"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:5584
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  PID:5692
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=CB6D4629EA565CE8FC8D4477A00220DB --mojo-platform-channel-handle=1592 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:836
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=21F99A03638E3A521810F46BE56FD726 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=21F99A03638E3A521810F46BE56FD726 --renderer-client-id=2 --mojo-platform-channel-handle=1584 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2192
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E6EF1DB93791E40E66FACB643241C663 --mojo-platform-channel-handle=2340 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:5444
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=933221C39D1C3B9B762089400F1519A2 --mojo-platform-channel-handle=1692 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2320
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=AC931D77F94DC06A8A41B2007CD91AE8 --mojo-platform-channel-handle=1876 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4444

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
PID:4832

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
1⤵
PID:5552

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Nitro Gen V1.0 By JF\" -ad -an -ai#7zMap10285:102:7zEvent19980
1⤵
- Suspicious use of FindShellTrayWindow
PID:400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1

Filesize
264KB

MD5
b370c0d9c32a331b50c9942cc9e45249

SHA1
4ba7792d2d43e3caaaedcf960f08c975350701be

SHA256
3825f9b95adcd9c7d516d89f9287cff65e3cd19c2b0fab4491c3b6e709d04e6d

SHA512
10e948ddbf670d3e732769bded885bfb83f77bd44eb3d45bb4dc66a0ec57b1945993a7c91ffbbb01c3b4473bfb18e4b9f92f544ab4c7a6f3ce01fb8381073e1a

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1

Filesize
264KB

MD5
60fc555fa32e26ca538a033366045f04

SHA1
6bc4fc34311cfb9db279db1dff8a498f1f608d4d

SHA256
d7969af1d340a5b623e5736d760a98f07045dded14882c73d8d7028015cc60ad

SHA512
c525bbf39549cce0f85521b2c7f85a3d2dc53a01b966417209b6c152c6ba94e65e255e4866d688527d2913b1ba2d1af1bd9db2715709d72215dc6c530500e48a

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1

Filesize
264KB

MD5
61c20b77b42218528ba330fa3ec8d761

SHA1
0fa9f295970e97f4930cee4566235ea2abdc6d15

SHA256
401db8d9428ef90971ef93e82fd62433455f5f7e036d537be22262e1084cb720

SHA512
885fe1ea78cd25e480f00ee311ba30b25891f627f21e832fc25f716c1d106c5663d5707a990c913d9c3fd3f1f96ebb9b5509f92a9cb057d33aa4ceca5db0baac

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Filesize
292B

MD5
edee4b579e72c5c1a993013c5a819e1c

SHA1
3d5c0dda38a15faa2914fdd5c3c2dcba4f823761

SHA256
4b57f488d0d3369d38351ac72b8eddaf425970d3bb2c1625bc01ff2f620dc01e

SHA512
7971bb64b088d1161286ebadccc773746b7e4776e30ae1cbe83e64269f2d3f689f4fcb242a4bd68decae16ca55e8dd20f68c19ac1ed079023bb6fbcd94a8c5de

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Filesize
292B

MD5
89c927bfceec214864974cab1bc661b6

SHA1
232836b0866c45aace8ea68e50c97582172495e5

SHA256
7de06afa430027d970276df38d2c6ae263c1520ac790afd6b7682d2ea0025ffa

SHA512
14ab8560f5cde5a2a6a6f30fed9e61ef9c9174a8358fe032a9e9cd52bbecdc4c29468fbb036ff625d00164f470bc29189fa02a17cd407f1baa73ecea081cfb3e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links

Filesize
128KB

MD5
206d1619f85e0e0996d2e03809825388

SHA1
d4f6affb2848c4a81d87787dd8351f8b15f551e7

SHA256
83aa676d0351ef3b90c4544e17c5be36e18b7ed45aa656739395d722c91d8ffc

SHA512
3398bbf5aee0d324613f35b433b3ccff912168354cd578f9cb3158738dc48f154fad11c6dba2df858ba0aabf5e3685cdb209babf7764fef7f7b6594f5e12778a

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links

Filesize
128KB

MD5
f727fd9066a4e2a2a7ea2ef00d87050e

SHA1
a3bedd9161660a69522c41276b05ec24fc208612

SHA256
b2ac421933612b41192231bf97f60971159954df5a53b82dc34ab38a6eab5117

SHA512
d8e8854f7aa28de689d1ab92bcddab66469d5ac1716e5386339b14c3fa360a1216f2e175f6d6e6dab7026e57b2061d3163681820d223c81a34cb5f73f2586a1b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
a1852ee38cd3084a003edcdcf6e5ab26

SHA1
e3e597545204d1a393380620a31800f4f9f73fd8

SHA256
85a5c9ffa349561e5f1e1c81e24f96a88a48110fba4fe630fdaf415267e02561

SHA512
ea673692ea83b98505c8bb0b0f22f04c3c5c8760e3f70e9916f8adf27a6a1b1e71b26b1ea01cbe932ffcf4fa861f99e47bc53ed571b660b95383948e0e1ae567

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
404B

MD5
b89a970f3e96dfa4a1bb6da6051acffc

SHA1
d72fee9f3d6c4b59871544d5491922c6dffc44e3

SHA256
1f4dd32a0a0170f9d2186ce5c95b79a84be3df1eba893cefb9559547eb39d3fc

SHA512
43543299f3f8052d18dd5a3990dbb996a773acf5acaec2a16e69c585e92ba5374af92bfd4ca86fc02e8278939eec9fde1bab315da39cb4f82186e4cdb04990e9

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt19.lst

Filesize
89KB

MD5
23bbe4f07987758df68cd4458d7c4df5

SHA1
0120faf0d3809436a3e3eb0820f6c373f71686cf

SHA256
96406de1bcf36fe5d493aeb0befa79626c1bf2f8253493e554242973a15e8ea6

SHA512
c89dc0fccf18b696c61e65557c1a8f9f270476a079ee8e2f019d5d067ec6dbb076b78ea62bb44aba6b07d234f01249a5199244ab1055e58f40851093944d2fc7

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat

Filesize
145KB

MD5
0ca92e00a9ce4375a3638046691b4bc9

SHA1
5a157e36bc4f2d9e92603360272114bdc0c05a6f

SHA256
d4438f7c878c75f83cb468efcf7c34f76c7db8e04a90a40314785addf2227151

SHA512
bf22570e1899f239c117a4e3bd1f46f6e656ee3615490c45157c8dfc18bc3021f6b7a75afba908c2c31850c4f5db7fb56e08059eeb36552720a7aa5d9f7c23c7

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat

Filesize
232KB

MD5
3d10afd98c465a02c6e8694488943308

SHA1
4b58ce7b4d12546415f1c001167bd56ff3393b23

SHA256
edff0837721f309030d2b7527160702372fd81532587b8ad5b2b9d710542c629

SHA512
7eddce960cb2f7929a91ebbc9918c46888f9423d7d48de5758201260866811e210bd9970864965f1997119aa1dd27e97e8d433fa48eb9102f59b6384fb47aa77

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Filesize
12KB

MD5
d7aaa627b1e290bcf03238628cd379b9

SHA1
eb26177287c58b472abbcc886946edc3a276a64f

SHA256
00fd5bda1a1dd2bb9ddebe9418d4e20856c6508863d1a8a162052bfa50728b15

SHA512
55a22c8d7db9f0657e7b40006f48e59b9096750982a951a4bf32796ff8e6fc7eeddfb7858680806ab277475b400c65b8a656faca078ee4996bee24e9b266bd4d

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\UserCache.bin

Filesize
38KB

MD5
ecd2d4fd5e8c9fe0d663b368b1d37a37

SHA1
c1511e11806a804bdb7211da346146c433199726

SHA256
7c0324ffc02ba37c1e1b7739aba626cd8e4d37072e4e82854027c78a8b012ae1

SHA512
9b6057f3e26e1ae915806b0889eade4205016b71b894e6008fb2b47fa6fea7d1ef07d6b7867f0b0af306da68f43a011794539a5855dcb7ea8a58975cce0e402d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0769b9fb4c4f09154da6e7518063d957

SHA1
23858e808c9343a8874c286731852179d5249b36

SHA256
6d66b7d708d2b0877d27f4f53a8c1bda76b61458009ccad5cef1b22cca2e5922

SHA512
75f674ee6755bc11ae56ae904e39bd0374c4209510e86ea4e512b70e15539c639f433c9eb8f970a7b2b460621c7d50ab18ad08a93e4704e4f6694fa2a4580c78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
5ab85747d901bffd17d22ac88f4d4101

SHA1
0b9ad3faf9c2dae047d5b0f78fa32b20263f74b6

SHA256
09a4f4c23bd2284d4f0f8b4e091f6b9d5241372c5cf8748dadce8704c49f8307

SHA512
95788a175c797550983d99c02f9483435b4dc1d5d9d432c3bfc47479b297b051e0ca5d1700c70681f19ca1f0b0cd93411d564955658b9ad641455dc7f0f143de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
ec96cf9624fb576706cc50ada52bb679

SHA1
ea435eecda97db7562416f178527957242f55dee

SHA256
8efc88153e4db186e9f5495d1209d67769c93788432c017f9f5145e03b21ecd6

SHA512
9c8bb4db4ea129652ce282f731e254de10d2a3f8b30827c90803ab67a2b750627faa2e9d8edc36f1df76255098151189118425de50165d5eaa349b2bbf0cd9c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f6e66f4b1de8346f981882b73d5c8e65

SHA1
aa96f4f85c5348f29ccd38090372fa1a78703e0e

SHA256
098d8d3d81e73bcf1983993023a477b768f9185d81cd306a1994572a728731ee

SHA512
127c412b4943676c52c2724225e9262f50996272aa2954b1ee077575664ff350aaf990ad979b7ed625a2fe2998fc73daca9753d6ed632623b6faae9ff5297fe7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
95432fd30dc3bc9900718ca73fdb65ab

SHA1
b2c8dd82545be7055f4d1832743f46faacafd0fa

SHA256
311c0bbc0f5e7c7fc093ec5a756388b240fbf1bdccec24600d275989e3937d26

SHA512
47c45b119dc4b92bb344aabc520073c89628f8722d7ee26fa3118262213eb784475a9ab76479a2c2fbb0e1191edcda7ebeadb31e904a76b13a6206e5db37cebd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ae7a7c2bbddbe188ad384c8aff4adee3

SHA1
526fd81217ddbef2e0bbb9b79c8334c791c8495c

SHA256
77638755930603f70e939e2bdc0bc05e02d79ba528b0abfe4344da62c10d50fa

SHA512
4f58e1b1140a3dd17a5e185d9a2e80126fd9ba6a1fa6ba088bea1aa317f308d171d199aaef8be52154afdd3c2129876e7a038535647149af74e70d164ca291f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
647b44b39d6b6df77265e79066159ef6

SHA1
fcc6a64177f35e60e747b4d024b3448e35b84c11

SHA256
f0190ef1b8ee4d7633ba7eb144b66bfd1ef893432c6541d79171d37d3a1b3ddc

SHA512
8a4ebb6bfc524269803d4663ed2b2cdd8503e3dc5715371837087fbe2b12980b394c924093fab2ceea4f9603c8c0fe0c1f1e7261894174d5d6b7ef6b07e2128a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
dd9e02c80eb513f7c7df197c4b97dae2

SHA1
e0bfa2387b0171a0124bacb907ea88788b202399

SHA256
b2d64ae72f0763c328b6e496b429413200ea13fbf0f465708e7cb84d31f8d619

SHA512
0c28e9b7a5c51e5578c144824cba2f3431324ed1640998e1ac33b79a9fbf8c2cbc51b8b84e7c82ceb15c227d699cd3d7732cee231185e4bb15a2923bead7663b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
ee36b55797f6879cc2123bbaa09bed9c

SHA1
cd0d844d785f426d73e81f28146e699b704777aa

SHA256
bb6fcf741546df5b05f1fccc69bb76ec9df2fd880712d465204c4294fde85bde

SHA512
b59a6009dc4e5ccb941c4ba70cf7a0ba209ae532e8e5ea9fcfe3f93b1b597ab9799aef70504ed9aeefb8a79247c5d79012f599f632f2ab4d5b7d063a7650bae2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\4d1ac657-b1ee-4ea0-9116-984cc26bf475\index-dir\the-real-index

Filesize
2KB

MD5
30627cf700a207ccb310dc073e54a78c

SHA1
aef02db4adf4a0f7eefde4984d93bdd1230c429b

SHA256
3106f8bb79d3d5432da09595335632ffc8a857e95a2cfc10bb12fbd08a357ef4

SHA512
e87d3d9af4fadb6286d0a5a1025a57a3a97dc987b9e993a1c50a5db403b5b5600483b23684bc9d22108556656f52a34dafa7e65939517c0e2ee53bdc59b1bd76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\4d1ac657-b1ee-4ea0-9116-984cc26bf475\index-dir\the-real-index~RFe58da00.TMP

Filesize
48B

MD5
a15615ab25d761a21864166aeed6fc19

SHA1
e6e4497fbaae59c0e3356707d733dca8555aab76

SHA256
605b848481a18eec2bc6f636d22607328aa6c9a7c268366c10ed399d590e2b02

SHA512
84e3c47dffefe1ed2207b790eaf53283307d0515a762f5cb6e0d27488dba9748ab76d7374946f6c069dc3f2067e517060f63f8b623a6e7a2f1d0a93a8e6a7a6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5775feda-7415-4b96-84dc-87cdb84670fd\index-dir\the-real-index

Filesize
624B

MD5
23a20f3cff804b896c194248d8608146

SHA1
8d774384118c7134065e27af58c41188a2c24adb

SHA256
4a4ca630cd241e1e7d2f850c56ade6f5dee2f8643f15e9e43cb164561f44aab1

SHA512
1f534ac061a2605c84e6369f9c881059092f70f86c6fbb2f78f5d6bd4da27bf69064aaadb20b51d271c560243f5b6421122879572ba14f9d0734c7a6f5d0b2f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\5775feda-7415-4b96-84dc-87cdb84670fd\index-dir\the-real-index~RFe58cd6d.TMP

Filesize
48B

MD5
1d49d9abe81ba25bbcfff1a3512af4e1

SHA1
c58aa485188bfb7884fb2b62992dbf1b852c550c

SHA256
f17acd2f1a4f95157e54bfb0f9307a342c8ad730ba58bc0c8c72710dc6f5c026

SHA512
682e1427ae540176e93fd6372a56cb19de234e7e48838fdb2b35cd2141a4aa6457d5bde5f68b5d7e18dcb33ba830fa03bf33f633973fc0c750ad0e429555c43b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
79782d7ce0ab82a7f02a656d0c518597

SHA1
4850897fb678810d8ae6cf93de5d266582f8935e

SHA256
3fb019e01da3842ed315d93916a537e65a2c3a54172dcd20acea2e070124e87a

SHA512
c22f960608efe5c31b04f988623c378bece5242b1d1b66ce8777efcc5a6cab77b81b4e8dbdb659186db7818acff4b69565484f52b1e998d4b580dd5a6ab57e10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
185B

MD5
1474732721eb577a24d1bf5a1ed2c2d0

SHA1
46c2059ff49d1d99f751ee378f34186c549961d1

SHA256
c86899276bad28cd0e5c5e4a3c196034676c08e6eb477a208f4960ffba50830d

SHA512
10abd20124c27380c1625d66738ddb29358164f0213ca34e9a82203364267ef2f80dd5bd79244624b5e9fefdea412b62f8fa00048b35d6fde8c7f7f6dae09a9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
183B

MD5
36ec9d9c2570f51f4a8bea71ec7ad392

SHA1
021a104e66c84a175007a1d2c6edfd653f3c1667

SHA256
47d62825f0f77ff94f70e5339b542bc4476d828fd55b5e616b6a78cacdf7890c

SHA512
82765674d99e4e32b309fe1cca895179be56fabd236118f9e85ddf0df46c86c1f53056d26fdb00fb96fe93ab18d063b7a8bb97cef6755aa05c0a8f8b2469573a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
5e226597bce75c00dbe89bc3bb2773f0

SHA1
e0aa77830da17071f89964185f84954fd0cf0206

SHA256
24ad992a9b9458aebddcfdb086276c61a15e07eccfc90bd804abc08a1a32c5f0

SHA512
0eb044b0153662c4f1b512fa290df7c674fa367f72b31e1492b32542c7cd8b5010aa0ab4528765fbace062ba59c3560b90e19e87346d1099082a706c3e68e2d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5874cd.TMP

Filesize
119B

MD5
6580ae2248cd53036c06f2dc7c36a713

SHA1
c5f23720ddfb447b1eada48d0dee58dfaf044e4d

SHA256
599c8c289b6bfdc0dd5007c6a62d99d1f19a0cae6f2964379c612760b6d522b4

SHA512
b00f25ec38f547976cafe96c9a5174c853fda2c6cbbab360eeca506105b1867113e46946ad513c88f3ed53119fc6001c05bbed9ad0e7aa82d599d7222022af59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
33fa0f65de5687598eecb5e619362159

SHA1
8ff78d909d739b804203eb4b10b8d5bd4db9a16f

SHA256
e65c7796398c80b5cc785bbdcf6d3e81a97c2badda4b7675efed1c8cd4d5d522

SHA512
3907ed0f76342ef8170e38d45b944e35fda4703da6909f8076b8db68b0f25d43c10d9c70a813c1f0d55baf58826d1072c0f0bb383b73deaaf4a582ef8b559222

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58c3e7.TMP

Filesize
48B

MD5
f9a223dc776b5e6982d4de3b9bb1736b

SHA1
cc289d18f445f2cf545c9a8ac2728c161948665f

SHA256
88c81f3b5958a9f8178ce1384da13489a9ee14afbb97ee1b485bb51fef92a979

SHA512
0f3092d9e180869dc930484e053c6111ecb1668d84afc62a0235da908f633b2efd921cfb91255f9c5ec5a3f9ef634f7babd7045ffe69a3a132152adee2cabcf8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
273KB

MD5
6f5ae0d6b93de398ba1f664977f00a05

SHA1
a7acf5abc79360b69caf419869a276d770d80f1f

SHA256
4bc3076625df9f8a4692364c5761ab0126367bdd49c67cfb05ca3b817128db99

SHA512
456a5b25c1f3c959b714aba344b01f87dc91d9bb9697a93669b179167ecc31bdad813130236f61e4c1dc9c5318a21ad4c508010598e6afd5945044211b1612ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
273KB

MD5
8f47fe6a7fe9157a472b53f4ba71ffab

SHA1
0387ae4fc7ff942ee26ae0e5c820f9a704a5a314

SHA256
8a55886aec1cb345ee3defe0595e547846267c81bfd1e616f4f200457d2d87d7

SHA512
47939a839564c5a2bab7440a812af6b510b7854fe79bd34fd24c7b46d9c00e403db113628596e4e0e5e7be986787bcadbccbc5baf98e4f590c9082899ca6c84d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
273KB

MD5
f91e0de313ac9e26fe84cec2f3e83a8c

SHA1
85be268f53cf33fc172b39cfb57ca97d2832fa78

SHA256
3156b87fda1405f55cda1e836dce501989be80816ebd2b1cb53583f993d20f30

SHA512
4e285b51e91ec229c2a591658258e4af6afd6df8ca44819bb77ad93847fa1341916ffed6b057beb73bda86258f375db09725fe5b53baf25a531410c7a458850c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
104KB

MD5
3c71b817cdcd847e07c5cae94224e4e5

SHA1
2de18e22f6b42daf2650abeb5eb8a3c1aa43193d

SHA256
16151d4e33b580f78fcbf6f9e9b91ba3a78153aa76b5a7f2683b967f42a849bf

SHA512
022583f40269aa7b26b623fb6a6150f300cacaa1ea9ae62097c011d70e53d5fc6f83b938631d01b6481ec517ad43d8112e4d5ecbaf061f1f879bd3db642cbd06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58e28b.TMP

Filesize
93KB

MD5
c16da098b25ba0559018eb19718f6ba7

SHA1
1a8119d40704d834f7ff6ac2067a83c5784cac1f

SHA256
8c7d0bb7288b62623fa795e8351d79da09c600e6f23a0afbd2df7e91b37b3630

SHA512
0aa836dd88bbfcb040d45550a11b9e264b99e2766df82ad4309c0c750b73597d65a053df66fca4fb8ca1e5d940061d1fda84e2b471137914c3f4a73dcb1b898a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BLQDLNEB\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\3C5HJJJW\www.toneden[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
4KB

MD5
1bfe591a4fe3d91b03cdf26eaacd8f89

SHA1
719c37c320f518ac168c86723724891950911cea

SHA256
9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

SHA512
02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\J66WWIB2\favicon[2].png

Filesize
1KB

MD5
4850bce0ba7f582c01c337f1aea253d7

SHA1
0e66b53f0e581c3b077fefc43607719ee9ff67c1

SHA256
6bd7cc4af4d2d9d3ffab4786eafc0b16c149c28e9ec8be9a7901316ba915c8ff

SHA512
355ff836baac03d44f5af7a6bf70b835440ffccb25ce9b94ac8797c721feba770d23edb0ac6529ad01a22ae521280b82c96e9a948f454ce422b731b686a44f48

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\J66WWIB2\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF35D1FEEC50366622.TMP

Filesize
16KB

MD5
6bdb0f912514e8798b5522c4e6215e88

SHA1
edbcc83ddc837aed5df33cf1064344a23336dc49

SHA256
c0411f25c22deadb1ffd432536cd4a6a1df5b0efe454f2e8fc15d2e8686de6e8

SHA512
26bafb4ab7716a680d456ba4d4557fda7c86bf8c94381d4b9b8bb0cdd2700416ba3a2650d622acb89192f31755da419c1aebb2707cee131f5367c378297bee43

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_store

Filesize
10KB

MD5
cea60916ad8d1f2f9601346a434cb8d7

SHA1
6bf5f7ea8e2eec677a876ce90ca0b649d12cdc46

SHA256
704f1bba337ce17d8c6b2a9711586f614581c4cc377d900d35552643de0b2a11

SHA512
8bf71828a14a5d4356122d7bfbdf49f31f84e63929899827904bae8faf213a537707d6d017fc6cbf1dc29dec0618e3994694013301ed699fbc1b5024e1d17cee

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei

Filesize
23KB

MD5
fb473a285978684d697e971e02c82e5f

SHA1
388bb890797287b1817f7cc18fc58c03581009fd

SHA256
5e958eb4c2bb502a079c2d3c063a066a3640ee14b38ee0d530d2e29778eb848f

SHA512
1e3e12be282033333affe970215300d5d37c73f2c360bc08ae95ca5c4327ea109e6bf15189e80483b5cb4fc21f74f15046d336e04cc2a298c2882d2cf4e09f0f

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei

Filesize
23KB

MD5
7948119f685fc700a609cdac924a108d

SHA1
7bba1eae00960def7b45c553206e169e23720867

SHA256
f32f2e1a6033c55c935a75b6a4148a619df4909251528fcfe5bc10cd915773ac

SHA512
52cfcb30c44cfce422c0ab684573627ae8196357f9bc77498a5f7084d0c2c52837b613edefb3a70ce2adbcbf6083f61226becc378bdcf560bada7af618b6a334

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\TMDocs.sav

Filesize
36B

MD5
5c6b932a79952b4b27833691305e61db

SHA1
09804db0986a989c2c49cdcea563567fb4c7b1a0

SHA256
dee5a5925227b125f4ac6d9b70a277e6ec8494ffc73d1cce9e08cc7a78d6208a

SHA512
4faa9585bb10156d5dea3b62d3a3a1bfa92430ba6e1e3381fc4c76c3071c85e53d5cbce0016dba1d1f9ea1b7af37b4a4efbaf4f3106b7d958b6e2e90aa0df059

Download Submit
C:\Users\Admin\Downloads\Nitro Gen V1.0 By JF.rar.crdownload

Filesize
896KB

MD5
13a99a4d50680729e184b063de8e9190

SHA1
2557e7feac1fc0e5a33a75e19308f0db76a5dffc

SHA256
a168edbf63b98d8e0dbdb524308f89ff2fd3b7226e5b9a400763d1fa357f1483

SHA512
7ad8d51b756942db12d25cbd425eaaf4560239d52278d56130bdd7b19c3c7d7217f38bfd9a72d0c6be8e1c14e64bad2b9945590ff8b10b085f53133d3bfdc57c

Download Submit
memory/1432-96-0x00000237610B0000-0x00000237610D0000-memory.dmp

Filesize
128KB

Download
memory/1432-69-0x0000023760110000-0x0000023760112000-memory.dmp

Filesize
8KB

Download
memory/1432-189-0x00000237643C0000-0x00000237643E0000-memory.dmp

Filesize
128KB

Download
memory/1432-67-0x000002375FF50000-0x000002375FF52000-memory.dmp

Filesize
8KB

Download
memory/1432-104-0x0000023761400000-0x0000023761500000-memory.dmp

Filesize
1024KB

Download
memory/1432-94-0x0000023760D90000-0x0000023760DB0000-memory.dmp

Filesize
128KB

Download
memory/1432-95-0x0000023760DF0000-0x0000023760E10000-memory.dmp

Filesize
128KB

Download
memory/1432-65-0x000002375FF30000-0x000002375FF32000-memory.dmp

Filesize
8KB

Download
memory/2364-35-0x000002160FAE0000-0x000002160FAE2000-memory.dmp

Filesize
8KB

Download
memory/2364-218-0x0000021617180000-0x0000021617181000-memory.dmp

Filesize
4KB

Download
memory/2364-0-0x0000021610820000-0x0000021610830000-memory.dmp

Filesize
64KB

Download
memory/2364-219-0x00000216171B0000-0x00000216171B1000-memory.dmp

Filesize
4KB

Download
memory/2364-16-0x0000021610920000-0x0000021610930000-memory.dmp

Filesize
64KB

Download
memory/4736-339-0x0000025535400000-0x0000025535500000-memory.dmp

Filesize
1024KB

Download
memory/4736-388-0x0000025545B10000-0x0000025545B30000-memory.dmp

Filesize
128KB

Download
memory/4736-383-0x0000025545820000-0x0000025545840000-memory.dmp

Filesize
128KB

Download
memory/4944-45-0x000001F35DB00000-0x000001F35DC00000-memory.dmp

Filesize
1024KB

Download