infinitylock | f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf

Analysis

max time kernel
189s
max time network
169s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23-07-2024 18:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

[email protected]
Size

211KB
MD5

b805db8f6a84475ef76b795b0d1ed6ae
SHA1

7711cb4873e58b7adcf2a2b047b090e78d10c75b
SHA256

f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf
SHA512

62a2c329b43d186c4c602c5f63efc8d2657aa956f21184334263e4f6d0204d7c31f86bda6e85e65e3b99b891c1630d805b70997731c174f6081ecc367ccf9416
SSDEEP

1536:YoCFfC303p22fkZrRQpnqjoi7l832fbu9ZXILwVENbM:rCVC303p22sZrRQpnviB832Du9WMON

Score

10^/10

infinitylock discovery ransomware

Malware Config

Signatures

InfinityLock Ransomware
Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.
ransomware infinitylock

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\fr-FR\MSFT_PackageManagementSource.schema.mfl.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\hi_contrast\core_icons__retina_hiContrast_wob.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\sv-se\ui-strings.js.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\it-IT\PSGet.Resource.psd1.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.371\goopdateres_lt.dll.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_sl.dll.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\playstore.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\themes\dark\nub.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Locales\eu.pak.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\sqlite.dll.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\css\main.css.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\ms_get.svg.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_zh-TW.dll.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\ja-jp\ui-strings.js.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\root\ui-strings.js.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_gridview-hover.svg.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\ca-es\ui-strings.js.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\DirectInk.dll.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\es-es\ui-strings.js.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\ja-jp\ui-strings.js.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.371\goopdateres_zh-TW.dll.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\share.svg.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\sv-se\ui-strings.js.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\eu-es\ui-strings.js.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\cstm_brand_preview2x.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\tool\plugin.js.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Common Files\System\wab32.dll.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Multimedia\MPP\Flash.mpp.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\fr-fr\ui-strings.js.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.VisualElementsManifest.xml.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\hi_contrast\core_icons_highcontrast_retina.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\nl-nl\ui-strings.js.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Locales\gl.pak.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_GB\license.txt.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\s_agreement_filetype.svg.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\en-gb\ui-strings.js.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\nb-no\ui-strings.js.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.371\goopdateres_zh-CN.dll.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\sl-si\ui-strings.js.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\css\home-selector.css.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\ui-strings.js.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\plugins\rhp\createpdfupsell-app-tool-view.js.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\fr-ma\ui-strings.js.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\es-es\ui-strings.js.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\selector.js.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_ru_135x40.svg.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Locale\en_US\stopwords.ENU.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_newfolder_18.svg.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\ar-ae\ui-strings.js.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Checkers.api.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_filter-down_32.svg.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\themes\dark\illustrations.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\es-es\PlayStore_icon.svg.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\ja-jp\ui-strings.js.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\icudt58.dll.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\it-it\ui-strings.js.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\ro-ro\ui-strings.js.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\root\ui-strings.js.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_filter-focus_32.svg.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\nl-nl\ui-strings.js.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\tools\themes\dark\check.cur.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\tr-tr\ui-strings.js.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A	[email protected]

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	[email protected]
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	[email protected]
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133662345378002201"	chrome.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
4660	WINWORD.EXE
4660	WINWORD.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
808	chrome.exe
808	chrome.exe
808	chrome.exe
808	chrome.exe
808	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4760	taskmgr.exe
Token: SeSystemProfilePrivilege	4760	taskmgr.exe
Token: SeCreateGlobalPrivilege	4760	taskmgr.exe
Token: SeDebugPrivilege	4484	[email protected]
Token: 33	4760	taskmgr.exe
Token: SeIncBasePriorityPrivilege	4760	taskmgr.exe
Token: SeDebugPrivilege	3816	taskmgr.exe
Token: SeSystemProfilePrivilege	3816	taskmgr.exe
Token: SeCreateGlobalPrivilege	3816	taskmgr.exe
Token: SeShutdownPrivilege	808	chrome.exe
Token: SeCreatePagefilePrivilege	808	chrome.exe
Token: SeShutdownPrivilege	808	chrome.exe
Token: SeCreatePagefilePrivilege	808	chrome.exe
Token: SeShutdownPrivilege	808	chrome.exe
Token: SeCreatePagefilePrivilege	808	chrome.exe
Token: SeShutdownPrivilege	808	chrome.exe
Token: SeCreatePagefilePrivilege	808	chrome.exe
Token: SeShutdownPrivilege	808	chrome.exe
Token: SeCreatePagefilePrivilege	808	chrome.exe
Token: SeShutdownPrivilege	808	chrome.exe
Token: SeCreatePagefilePrivilege	808	chrome.exe
Token: SeShutdownPrivilege	808	chrome.exe
Token: SeCreatePagefilePrivilege	808	chrome.exe
Token: SeShutdownPrivilege	808	chrome.exe
Token: SeCreatePagefilePrivilege	808	chrome.exe
Token: SeShutdownPrivilege	808	chrome.exe
Token: SeCreatePagefilePrivilege	808	chrome.exe
Token: SeShutdownPrivilege	808	chrome.exe
Token: SeCreatePagefilePrivilege	808	chrome.exe
Token: SeShutdownPrivilege	808	chrome.exe
Token: SeCreatePagefilePrivilege	808	chrome.exe
Token: SeShutdownPrivilege	808	chrome.exe
Token: SeCreatePagefilePrivilege	808	chrome.exe
Token: SeShutdownPrivilege	808	chrome.exe
Token: SeCreatePagefilePrivilege	808	chrome.exe
Token: SeShutdownPrivilege	808	chrome.exe
Token: SeCreatePagefilePrivilege	808	chrome.exe
Token: SeShutdownPrivilege	808	chrome.exe
Token: SeCreatePagefilePrivilege	808	chrome.exe
Token: SeShutdownPrivilege	808	chrome.exe
Token: SeCreatePagefilePrivilege	808	chrome.exe
Token: SeShutdownPrivilege	808	chrome.exe
Token: SeCreatePagefilePrivilege	808	chrome.exe
Token: SeShutdownPrivilege	808	chrome.exe
Token: SeCreatePagefilePrivilege	808	chrome.exe
Token: SeShutdownPrivilege	808	chrome.exe
Token: SeCreatePagefilePrivilege	808	chrome.exe
Token: SeShutdownPrivilege	808	chrome.exe
Token: SeCreatePagefilePrivilege	808	chrome.exe
Token: SeShutdownPrivilege	808	chrome.exe
Token: SeCreatePagefilePrivilege	808	chrome.exe
Token: SeShutdownPrivilege	808	chrome.exe
Token: SeCreatePagefilePrivilege	808	chrome.exe
Token: SeShutdownPrivilege	808	chrome.exe
Token: SeCreatePagefilePrivilege	808	chrome.exe
Token: SeShutdownPrivilege	808	chrome.exe
Token: SeCreatePagefilePrivilege	808	chrome.exe
Token: SeShutdownPrivilege	808	chrome.exe
Token: SeCreatePagefilePrivilege	808	chrome.exe
Token: SeShutdownPrivilege	808	chrome.exe
Token: SeCreatePagefilePrivilege	808	chrome.exe
Token: SeShutdownPrivilege	808	chrome.exe
Token: SeCreatePagefilePrivilege	808	chrome.exe
Token: SeShutdownPrivilege	808	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
4760	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe
3816	taskmgr.exe

Suspicious use of SetWindowsHookEx 60 IoCs

pid	Process
4660	WINWORD.EXE
4660	WINWORD.EXE
4660	WINWORD.EXE
4660	WINWORD.EXE
4660	WINWORD.EXE
4660	WINWORD.EXE
4660	WINWORD.EXE
4660	WINWORD.EXE
4660	WINWORD.EXE
4660	WINWORD.EXE
4660	WINWORD.EXE
4660	WINWORD.EXE
4660	WINWORD.EXE
4660	WINWORD.EXE
4660	WINWORD.EXE
3752	OpenWith.exe
3752	OpenWith.exe
3752	OpenWith.exe
3752	OpenWith.exe
3752	OpenWith.exe
3752	OpenWith.exe
3752	OpenWith.exe
3752	OpenWith.exe
3752	OpenWith.exe
3752	OpenWith.exe
3752	OpenWith.exe
3752	OpenWith.exe
3752	OpenWith.exe
3752	OpenWith.exe
3752	OpenWith.exe
3752	OpenWith.exe
3752	OpenWith.exe
3752	OpenWith.exe
3752	OpenWith.exe
3752	OpenWith.exe
3752	OpenWith.exe
4888	OpenWith.exe
4888	OpenWith.exe
4888	OpenWith.exe
4888	OpenWith.exe
4888	OpenWith.exe
4888	OpenWith.exe
4888	OpenWith.exe
4888	OpenWith.exe
4888	OpenWith.exe
4664	OpenWith.exe
4664	OpenWith.exe
4664	OpenWith.exe
4664	OpenWith.exe
4664	OpenWith.exe
4664	OpenWith.exe
4664	OpenWith.exe
4664	OpenWith.exe
4664	OpenWith.exe
4664	OpenWith.exe
4664	OpenWith.exe
4664	OpenWith.exe
4664	OpenWith.exe
4664	OpenWith.exe
4664	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3752 wrote to memory of 808	3752	OpenWith.exe	123
PID 3752 wrote to memory of 808	3752	OpenWith.exe	123
PID 808 wrote to memory of 5080	808	chrome.exe	124
PID 808 wrote to memory of 5080	808	chrome.exe	124
PID 808 wrote to memory of 4996	808	chrome.exe	125
PID 808 wrote to memory of 4996	808	chrome.exe	125
PID 808 wrote to memory of 4996	808	chrome.exe	125
PID 808 wrote to memory of 4996	808	chrome.exe	125
PID 808 wrote to memory of 4996	808	chrome.exe	125
PID 808 wrote to memory of 4996	808	chrome.exe	125
PID 808 wrote to memory of 4996	808	chrome.exe	125
PID 808 wrote to memory of 4996	808	chrome.exe	125
PID 808 wrote to memory of 4996	808	chrome.exe	125
PID 808 wrote to memory of 4996	808	chrome.exe	125
PID 808 wrote to memory of 4996	808	chrome.exe	125
PID 808 wrote to memory of 4996	808	chrome.exe	125
PID 808 wrote to memory of 4996	808	chrome.exe	125
PID 808 wrote to memory of 4996	808	chrome.exe	125
PID 808 wrote to memory of 4996	808	chrome.exe	125
PID 808 wrote to memory of 4996	808	chrome.exe	125
PID 808 wrote to memory of 4996	808	chrome.exe	125
PID 808 wrote to memory of 4996	808	chrome.exe	125
PID 808 wrote to memory of 4996	808	chrome.exe	125
PID 808 wrote to memory of 4996	808	chrome.exe	125
PID 808 wrote to memory of 4996	808	chrome.exe	125
PID 808 wrote to memory of 4996	808	chrome.exe	125
PID 808 wrote to memory of 4996	808	chrome.exe	125
PID 808 wrote to memory of 4996	808	chrome.exe	125
PID 808 wrote to memory of 4996	808	chrome.exe	125
PID 808 wrote to memory of 4996	808	chrome.exe	125
PID 808 wrote to memory of 4996	808	chrome.exe	125
PID 808 wrote to memory of 4996	808	chrome.exe	125
PID 808 wrote to memory of 4996	808	chrome.exe	125
PID 808 wrote to memory of 4996	808	chrome.exe	125
PID 808 wrote to memory of 1104	808	chrome.exe	126
PID 808 wrote to memory of 1104	808	chrome.exe	126
PID 808 wrote to memory of 3584	808	chrome.exe	127
PID 808 wrote to memory of 3584	808	chrome.exe	127
PID 808 wrote to memory of 3584	808	chrome.exe	127
PID 808 wrote to memory of 3584	808	chrome.exe	127
PID 808 wrote to memory of 3584	808	chrome.exe	127
PID 808 wrote to memory of 3584	808	chrome.exe	127
PID 808 wrote to memory of 3584	808	chrome.exe	127
PID 808 wrote to memory of 3584	808	chrome.exe	127
PID 808 wrote to memory of 3584	808	chrome.exe	127
PID 808 wrote to memory of 3584	808	chrome.exe	127
PID 808 wrote to memory of 3584	808	chrome.exe	127
PID 808 wrote to memory of 3584	808	chrome.exe	127
PID 808 wrote to memory of 3584	808	chrome.exe	127
PID 808 wrote to memory of 3584	808	chrome.exe	127
PID 808 wrote to memory of 3584	808	chrome.exe	127
PID 808 wrote to memory of 3584	808	chrome.exe	127
PID 808 wrote to memory of 3584	808	chrome.exe	127
PID 808 wrote to memory of 3584	808	chrome.exe	127
PID 808 wrote to memory of 3584	808	chrome.exe	127
PID 808 wrote to memory of 3584	808	chrome.exe	127
PID 808 wrote to memory of 3584	808	chrome.exe	127
PID 808 wrote to memory of 3584	808	chrome.exe	127
PID 808 wrote to memory of 3584	808	chrome.exe	127
PID 808 wrote to memory of 3584	808	chrome.exe	127
PID 808 wrote to memory of 3584	808	chrome.exe	127
PID 808 wrote to memory of 3584	808	chrome.exe	127
PID 808 wrote to memory of 3584	808	chrome.exe	127
PID 808 wrote to memory of 3584	808	chrome.exe	127

C:\Users\Admin\AppData\Local\Temp\[email protected]
"C:\Users\Admin\AppData\Local\Temp\[email protected]"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:4484

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4760

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Desktop\SetResolve.docx" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4660

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3816

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2760

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\jawshtml.html
  2⤵
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:808
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff9bb76cc40,0x7ff9bb76cc4c,0x7ff9bb76cc58
    3⤵
    PID:5080
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1812,i,2065165093567940189,14068495770694011982,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1800 /prefetch:2
    3⤵
    PID:4996
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2184,i,2065165093567940189,14068495770694011982,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2196 /prefetch:3
    3⤵
    PID:1104
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2276,i,2065165093567940189,14068495770694011982,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2292 /prefetch:8
    3⤵
    PID:3584
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,2065165093567940189,14068495770694011982,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3156 /prefetch:1
    3⤵
    PID:3900
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3160,i,2065165093567940189,14068495770694011982,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3180 /prefetch:1
    3⤵
    PID:4988
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4604,i,2065165093567940189,14068495770694011982,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4632 /prefetch:8
    3⤵
    PID:3284
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4756,i,2065165093567940189,14068495770694011982,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4880 /prefetch:8
    3⤵
    PID:4304
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4624,i,2065165093567940189,14068495770694011982,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4924 /prefetch:1
    3⤵
    PID:2760
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4680,i,2065165093567940189,14068495770694011982,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4916 /prefetch:1
    3⤵
    PID:4660
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3404,i,2065165093567940189,14068495770694011982,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3424 /prefetch:1
    3⤵
    PID:4548

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:1368

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4936

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4888

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Microsoft .NET Framework 4.7.2 Setup_20240709_141137174.html
  2⤵
  PID:856
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9bb76cc40,0x7ff9bb76cc4c,0x7ff9bb76cc58
    3⤵
    PID:4540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudtl.dat.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
16B

MD5
ac780db5649d9b357added6edd3e1188

SHA1
133a334b1519600a9d4390e0aa3ffe31f41a6915

SHA256
6978b512a87a68e89a3d9fb99ab04f6a3024e98ec6ec1cfde4d38509d63fc288

SHA512
9264d6c07b6c5c9a0d09df69f5a66a887634aa7ad8ffefbbe4e781d35df46f0bde2ea8f2836b9a0ce60a083a38eba5802fde8e278386eaf2707157305607efe0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
720B

MD5
3dc257c3a4e3fab289bc1f653f92e550

SHA1
f64e6cd3c5710ad55e3384429eccbf078a9802ce

SHA256
395d1f3660edd6f95d5e0cf8d3a1d13ea475fce07d6f67d7212b7a7c7827d218

SHA512
4b03a6922894703935ab2758eb8fa33f955e5303d933330c772354cc39085cdc721573e10c1453de1849c9e51f04eca936c42f3892298bee582bd1ed1aad156f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
688B

MD5
a241c98679cc50b083ab790f5818c44f

SHA1
f8b92530d78fb120adcba5dcac7a9219acdaeba0

SHA256
63064ab8ecf2d1ed6ab7e9eac989f58d92162def005b204040ed176cfed74b55

SHA512
c3af8cc3b6a9a27b1712869ce4d31da13b2843472f16940cdc5c809c129012e5e706f77ddf5447d078ad34ab83128ffa3b3c03b806be4c3aa33967476a8474cf

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons2x.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
1KB

MD5
1c3aedcf5123b5b41a823ab95ced0f26

SHA1
589456f7dfe564fb08711dbd7ab8bdcf60f9426b

SHA256
231ef1f9fa6178720d85bf224df4bb2de851e1cf9cd7b4b280c37c344e583a81

SHA512
6df1da6ebb1fc8649f7fd3b33a66637a3573fd32dbf4acd8b027a6134714856ab1535ada2521e0319e073cf8d09825e8a5d4f1c7d1084976b50aec2c12b9d9d0

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
448B

MD5
d8008affbd13c8165db989f69bf19877

SHA1
5cf2c57da8f1f5bc02d15fc456d192dd70586ef5

SHA256
26e12e63ea03192e019f73c2f355cff70aa8581dcb238cff8793080096ce3683

SHA512
135cc9b38b29d8716ac343c58cadd372c9ba75d54d64663b6a31b6dceb4b29bf45b106f23c153dd9331037333fa8bc36da6e2fb48b384994612be317e824e8b3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
624B

MD5
180bc9ded2f4a36798e37028dc51a03e

SHA1
ea3ffc8873b5bbd80a41b28a7c73ad09a7103d6a

SHA256
138798bc9e1b01236c430a8de6d19722d2dfd25ee0681cf305c511a59cce2110

SHA512
987fcb0237d56d663a0372597cb8089fcd7e7d495c8e1a3bdbb155de4ec48b5c5b325ba006317a9343f24b956884430cf9caf57a4dba051db6cb9346184f54f9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
400B

MD5
cf9ec67be60427f0c3e65a251171ddb2

SHA1
abdd182523b2b05391b93cb900ce2f03d0c3e131

SHA256
c9e20afef331c19e45964e0d70708ef7e5a5333c8add39429e2cf4e47f42595b

SHA512
a1747b67ee8660e465b7a1a73365fb59e9b8d13198b655f45e262e3d12561c6dfe69f974a7b5de75f6512f078200df95e42d365745f0b624852ecd0d8676c27e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
560B

MD5
cadf5ffcef89524c3117fac224cb0038

SHA1
d73f000166f4b679251212cb9ecfce5b101a396d

SHA256
89fb2fd81262d167e2633014cdfec2fe454ac134c6e135ddb001c7a5934a2523

SHA512
cc972d4b7cff65ec988a1ff5fbe451c5eda2e757610ee810a886030c7584d8cec125f491bc8044405e9ed01232496cd44499446beee129933d83ae5388fe7439

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
400B

MD5
cebbf728e743e20c5170d9ad26d6eeba

SHA1
352e55c2741288d44367db0e9d14842920ed287e

SHA256
1d7a64b75f652bb54e5ce1c311f85a161c9d6931e796745b2eeab7614a37ff10

SHA512
63da39d20c7a80aa684482a50a1f2454843621067d9055116af2a4bbf77cd2172176c2e9e080dfe3f983db06166778b6be9a1e10c3b2f5feef5eac2696852dcf

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
560B

MD5
6a0d49593fb53f45aaffa72a26c5ff32

SHA1
26aa3dde61fd5ce7c0153d757113d1ae8ecd8014

SHA256
a2146ce676796d498c82660b5ebef35ea86a4dd57bfddd2f9b1b9fcaea6413f3

SHA512
7924157253adc8c5fff09ffc43935426d7eb80c5b0e21e188692232d4bc02e42f2cade1c07b665adf87ee5e15ed02f4e1e084ccaf0b9703b3feaa7284816b4bc

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
400B

MD5
5225ee951669a5f546b4fe33455fd173

SHA1
1ca97887939196d14c745fce0da862d6ee966d3b

SHA256
28a539c46d4df20ed999d7a2aa30663219bc2691bb0ea90a57c04bb1aeb4dcca

SHA512
d3b65bbaaee04eda37e8776a84f313ded10cf6befdea17b93e9f5f8d29c8eaa397613a800d197b87c926714d94d1fc025190effe958ed08f1d68a81f483b1125

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
560B

MD5
2a8cc3163866d6a47f05e55269178e0d

SHA1
be785cdee8695ac3b2e74baf76b2ab65b970d518

SHA256
fdaa1e0344416acfc92918e2a5fc445b4ded2f4f51ec4aabe80dbe97f6e7c59b

SHA512
6b1db056e1820f57cb3c841368a7e7f5b1c381af5ecf2637577e62fbe62cfac1fb980f3dda808662c83a0ec5da9052044d638ebf5124abd22b3f00f49fff3f11

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
7KB

MD5
6b092f94cf70ced43113a2d08692bb8a

SHA1
d560e76198dca6c4408582bcb3b950a0ce704357

SHA256
be2654cf2bb2198a6975f964567ec65214143642a0e5ec7915c054a644c3d578

SHA512
d7e0f0e0e7f34b9c753665876baf6d88dd4e4720ba4e015a08d6040328a239c726af5de202f148b3f817ccb192edbac04322737cfbeaf20fb919f43d12ee1c44

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
7KB

MD5
414b7dcf84ae8c108f030d786f394e02

SHA1
438e4461e8c30a304c25a10faa3b83fb20f3f79c

SHA256
525b4a04e2de7fcb9e72935d45e2dbffc2c44e296db33b70748f674c1dccdf63

SHA512
e4e40d3061cc9b6fbafa28c899baf441d8fdcd57bd479237e11c825e2f9d9674bbe4b7e8f493c10d3b03c7cb871341e3c07ee41a214b19a0d9947ed0d7b4defd

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_retina.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
15KB

MD5
942e5d0a1243fd1f975ad05feddb11fb

SHA1
90c44edb64c5a3fbf24ce29e98513c6cbba936bc

SHA256
38c06e2b242ad0dbce094b279f09327bafa456606dd0e827e63a2b2b6a92ecb5

SHA512
65dd3c74f8d4d2bf47f4ccb16cf4b32a27fc2adec685290ab1aa415e84f6dc338807ed5aadd4c4cc1ea0a0d2aeaeffef5362bdfe8b008ff7aaf384b038581161

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
8KB

MD5
abe4651f2951e130c7438c2235d6a892

SHA1
15f73419cefa5025cf21e2d05008390e637d1c8a

SHA256
2941f552ad5fb4ee71205f68f8805047b5cbf151023a1336ba9605a1c9ab96ea

SHA512
90bb4f6a22309510cd1b906bb9bae65184711bae3782ef2a5d6d9ac9e4ae81a2b0e071e8a9496377b2fff67ca462e3946071a29bb71e8b8701c123b0b88738f9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons_retina.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
17KB

MD5
adf6ecf45d65dfddbe9428213c4e0c31

SHA1
3aed35e666cb771977315c08aeb633f9bad3a50d

SHA256
3c9228ceb0bf1fea83bbc0922d3db8f865a409dc8ca3a6be271ddfbfd257395c

SHA512
4994bb6e427dedde17f301ea249b2b14094bcadfc97a03806f33eddfcf90a40ef1e8b89c3c92cdcecad76e9717912e0249e4a4c85de0a0415453342461acb301

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_pattern_RHP.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
192B

MD5
a04ee9d2a7ea99eb0e877e71715cebb7

SHA1
9026c1fe43824235a581de08be2ada9348990725

SHA256
f94bc8091b2f79aa4a6890d10b861f3a6e74cc4b65f3b710a673c7a7c6703218

SHA512
b050a8bc7f82cee8f019f4ad4a3f3b9d6c9c149a51fcf1defc8cb00816fcf4457caa712fdd086ba79b88cea46b3e067a2873484170b797ffcd86361f12730dc7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_patterns_header.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
704B

MD5
1a417d37d06edc3c29053bab51a1fac9

SHA1
5c3dec2dbb1cbd43c9faf24aeeef2009687eec0c

SHA256
074abc5b799d359aee3cddad8b70d8d49756a4090c16d985e6e70703521b08cd

SHA512
0c0877c08f21d1e4fff51b13bdc4ec6e2da045c708f217e5fafebf5935babd0d789e15a10580f5ebd27642fad271c60caac98cc8317ff9f6622b1392e07748c6

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
8KB

MD5
9d489209abf0b87199ebfef5ac57bbef

SHA1
c15281e53841cfdbf0d5168911cd3c3ba03fff0a

SHA256
e1c755474cc9f8306278b6e42736ea98adfb0043c70c811271e5a89833302c4e

SHA512
9fefb150b6c241e785e607fbd4c21eef03122ab3d3a0c50092cf73ebc8d08d2a1ffa5cb53c1a33afe9c79516a1ba15534c0644d79fcec7ccc4a05cd0046ab08f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations_retina.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
19KB

MD5
54ffd5c26d417a57e04b8af0284cfae5

SHA1
c210ef21b9408defb1d367736d8db4a582f80ca7

SHA256
3f774bf5114d16aac0363e78468cdeb80b5d0c22141188e326cc6c620040f5ca

SHA512
68a1bc28824f39e53d671bde4fe8b1a91fe70554f08f29cf8dc923133c3f48067df8d9a5ba609336edb67eb7a9a788723c2d013f7647c2bd72d6130e418a4bf3

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
832B

MD5
b106c809b8216dfd6c3a62a76d6830b2

SHA1
033081d683b116626b8410ac2428d4524c3c9dfe

SHA256
42a80c72a02a7d481a33c9cdc038c25ea3a066a74e56fdb0d312b5caa9c5a9e3

SHA512
a7a48a432d488252c81d52a12491e8b824375849728bc7dcbd4d8da520bf5b1cc8bb7fe801aeb02fb1503459a3a76fc9a6924896856b88a0e9936654b1360509

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
1KB

MD5
630a323f00c34cf2fea5db8656cd1b46

SHA1
8d50285b81ecf13a0863cbb0b90726d88252823c

SHA256
d2530d1a71cdd240303825710e30a302696946e359748622e120c5c3892c5a64

SHA512
36bc55913eb4a9a31d79b6f6139ac7ba92872665f6ddcc5fc9f39973cbf514e64129add226d18632a03be63cfc935b2b64e88190225ee0c291e98d179176abf4

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
1KB

MD5
aa7d581a336eeb96f9a1049953b5ce44

SHA1
491183db405ef4d1c2c8a8e444307cb370f842b0

SHA256
8cfa272ad7bebe71119c8b432612e7ca7ab855126ca04cedbf094a2f12c42ace

SHA512
696545d6958d71bf2b1f14002bb7ca289771a55948de98f7806f96c9fe1e7b92a0247ad3e240b2422e33a3cf797a0cab650324290c6d234ed7a3980092625923

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\css\main.css.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
816B

MD5
eb06f8185c575270bc9c02ea856321a6

SHA1
fb514ab7a48b74f596e52de9a6a727628bef092b

SHA256
9e686d2392381a46ce7a4ce648e7bccffd0e171232a7d1e9e0286c50fb7f6f11

SHA512
8abb10a2ffce1d5683e38aa1a7bdc572eb27bbd8780d48a5079392be3191c83526e59b7b30ef649e07b5dffad7b9df5fa3d43700c4f39606440a0fa6e3d9c613

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
2KB

MD5
31a46e606847e8e4352b4756b83197c8

SHA1
064a8abf6a7bb7b67c252fb8334ed944732de3ee

SHA256
2e7535330637643ecf90f3b56468de9fce43f2403561bb28b1e72ae6ceb6e194

SHA512
d8bdd1584e6f41c7b94e0b9ddeb8e6e25815f050c3aa909d5cf7afc08d3cae335a3c3d06ccf4e5bdc5c25da758cff33d24531b6e2ef12af9ab1cbf8129993630

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
2KB

MD5
7ada5af3361a77e3ea667f0eda6ec011

SHA1
f7ca2a11c5708e6d19d80bef59fc654c2514b373

SHA256
26076d93268198f6ee736c8f47b5f6b0712b8ea8b424fe9ee047a1b8972402d4

SHA512
f7136e8a258b74028a9baf291f89ea56e4d86690dfd26d64b6c39f31bbd312004d3d5a62633ba3826abd80786a712d15942b643eec0b109fac6b63504e6be49c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
4KB

MD5
094a13e9f33a3f13516dc5a47ce2b520

SHA1
fbc8333c221a62e513140c9676664544d7ce8fd2

SHA256
18adfab003c1300911e92a3818d6223f4ae532c5a6b657a9cc46d3b6f0060a71

SHA512
ec9ce6fb3566fead957862ebc10abfe9892db65eecc9ed19316f4b5702b454b25035514df14c545268e4eee66c94001ef91b665bb2ac6e010f2bd08bae6ccafe

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
304B

MD5
5bc931b26a98ffe6704a18541d65282e

SHA1
7d85e7855320fb4440d4d14ba8270c135efc58f0

SHA256
7a5aa72b34757f2637d724bd37ba5cec335cbd9253f905caebdf5f998abdf9ac

SHA512
205914372ad400168998a22f7229783e0d7a9a8ae4a428961f2101c6547ee42c7fcd300359d5f4adfbcd1c0e3ab72eb0c02d38302238d90b93d1fbb12f058de8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
400B

MD5
0f9f1e361a7f044e42aea4c0f23b48b7

SHA1
22f3fd025eba5236fd2299484653a3375a5f4f2b

SHA256
819e6608ddcf45293a400fbb5e796595ad83482f9c5617c44b33ed3bb876150f

SHA512
e092b88ba6fd3fd4d43ba6806015c65e89780238f7f8889698af17f6983e97b88bad60585dc3400c3617680d5261dcf9bca523ca1087650afebf24d5a3ad6469

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
1008B

MD5
4520b4db21e21437522624aae8858870

SHA1
a466c19070173d66aa7fada7bc79c724da19d8a2

SHA256
25a9a7f7dcdbf1bf98d83ef959fa672ca6c1332563ee5e4ab913572208ab4a70

SHA512
2dc469ae999c6c3c4b5fc13af9cb4a4897652fb2e4ad89257e4cd57df9a4e954cae24cc23c9cedc9e0cad97ec5aa2068043c56128948de5834136562c9c65872

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
1KB

MD5
b9fa25db97617f6d191ddeaf7a0f1c03

SHA1
44328b6a06cb763167a3b7d3360c4d8acf3b2e12

SHA256
1f015552897d8af96f0d1691a1db3ba894a9a49b0d86e80e6d662fb0ee3cc703

SHA512
5b87e0348c5a5236eb544dcfe06e4468123f982203b4f4c968546ba8b22dd7e1ea885922564f7245bfb256fc158c119da773aaae0d1684bd9227188ff20c1a37

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
2KB

MD5
1f6fd20f907ccc978012393cb07d6f22

SHA1
b58e0071b892ccf593248ec84139f90ecfb40869

SHA256
2d6b4d8a974210b742e26b6c69ae20932a465c046e77bfd00ddf7e4ebef6a299

SHA512
89adfd3c56a8e56e22e4172ee9a90c18f5bf9b139db10b03a7d13e21a4d7a846323a92c8bd4d95a90cd530bb510e1dbef48e1da4fe1115d0e78482f1add5fb6c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
848B

MD5
686de875825dcafc7b9cf0b95d7c82d4

SHA1
08519bee2e6bfd105f3f713ce46f131f53adba11

SHA256
a9e8e28badd90c099e6b1fbdbfe52501df6ec52ba747096b48dd5a1ac766f472

SHA512
864e35547fe714b6cb85a5b7b6748cb35f54c204ba2eed1b7c52cc7536a72cd6dea598d480601fca4293368f033a66a8cd18f8b32b1e8a18fef0d8437795b667

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.0F1780630CEFE14EC4C262D0AE3F969EC609F061484468350F1499ACCBABFB2A

Filesize
32KB

MD5
614b7e0a36cf994fcc4d02c9ecefe7ea

SHA1
f11e19d4618dd7612d7219eb1a68573f43dd0155

SHA256
3fa56d04b3eae82a082cb7b5c2a379171faa3a2afc60a6586f2da8b8d5871ba3

SHA512
97b64687225d5c266659f79074d2d7ae1e82caed128d0d1b74b6e9a5874888d6e83b1208ce72122089de66f6ad66517642c86fe739dcfceeeb1d6301d3972c47

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
d2fb266b97caff2086bf0fa74eddb6b2

SHA1
2f0061ce9c51b5b4fbab76b37fc6a540be7f805d

SHA256
b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a

SHA512
c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
944B

MD5
6bd369f7c74a28194c991ed1404da30f

SHA1
0f8e3f8ab822c9374409fe399b6bfe5d68cbd643

SHA256
878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d

SHA512
8fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
e3faae888a316c260164bc30a8f471b4

SHA1
aed88e961f931b0f12aef10c478dbf015de3c13c

SHA256
a5784cf93fb52e3413e4baaf74de43acf8c62443118d1eb8b61369bb565b0e76

SHA512
5f1b18894f99f47026568280a82ddbd731a76979589810caeabc75d09ce3ca86601ea782e412fa2a5c2bfb8f775960984e3c32b8b10bd2843b36ae7c9f526829

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
96bb39695ef423dd56163ad0dac70f84

SHA1
25de4ba3ccb9bb5ef77c02d6dbdcd945b69c77fa

SHA256
8f69af695df81f7177c82bbdf1e74e9d298a99e9edc7ecb5a5530a2bad0ac303

SHA512
53773690951b397bba31a96bbf2b33bd9c6a212b532d7028fbdc6fc4db228ca0d2d3d6adac17d7bbc9277fa156ec42636dcc600c86bb425d02cab5ef385eb8c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
016c87e183f8ccaa41c88a6ca901b4b3

SHA1
1862254d96ffebe717fac99d8810f92b752ec2bb

SHA256
58a9771108ae029c0797f91fd079997e5a6ca94725cdcb3313f61c4cf2b34f09

SHA512
637f25b71c1f4390d14f9e1063b8b717c9d5a0b384d2cf37f380263e77751bccb922574d8eb1e9bc1d65b2f55462e98fcfdc3644dfb37514b2a9e86c5d923297

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
49b3f03aff96265747c8853836c000f1

SHA1
d74d60a41b61db25e4ba9fa4d80c05744a39cffc

SHA256
dc452fae7844fc5720ccbda113a2325d3b4aaa5933bb58ef7e9fd49d84db2618

SHA512
bb8f8d2d3352af6f47b5dc8e77979b3d67611644527f6eaa6c3b90411e99330bdcf8ffd8bad59ffeecdc87913f86721ec47b7de584c7b3da6a212ef3b0d25c6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
fe638c25237d1b5c87d87a9c9797da8b

SHA1
c9069f5b4ada84583bb0babd333c227717d02be4

SHA256
4f4072ddeccea3a76cd78946593f7e7a06d0170d084bde502e35dcd08c4dcedf

SHA512
b0fa384b35f8962193cf22522d23093709a019acf9d1420ade43adaf6dae534c3867448752b7cf948363d309775a1c9c43e632106b59a749f8d9b1161cf37e99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
91a9604cc2b60bcc922802823fbd2e45

SHA1
0c9191f82ed53becdd377b2553c2f4ebc27f7058

SHA256
4ab16ab2251740e0cf38337f2f97d6b356c5073088120d1d52496c89a67d7fd9

SHA512
c68ebc806fae235c06171b39ad55e8816dfdea5856ea23b1c9db3a5af6237744769cfe6e6b3eeb18ac189b1298998404f3203fc90273b5283204fb8bf639dbb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
d2ee32c1c77385a43e3e2d56d2b1535b

SHA1
8054700bbe57ade88a80fca79a0dbcb6f8dddb90

SHA256
e32a42fa6e2b20a55bda4a155ac75c395bd7ec30221c91bd085804a453f4b575

SHA512
c3ea876caee80fb066a51089d57e82c791698710644dd957c8ab59f3f7e64ccaee6ee07900f84cf021695c9dda4d8d8bd0886f4b2e02a0923817c119e56b91d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
185KB

MD5
a591230f0535ab63ca46ad070cacfe21

SHA1
dc76a2dedbb6bb41db2156cbb553d9dd81ba46a1

SHA256
d9bf49d47761951b4ba80d21422c5c2117093b03a841bedd809a22dfa08b8594

SHA512
3d5fcf2cb29aafd8b37040ac5bea89087d1a6ac668a4363815bf3dc96cb7cb1261ca1824004fe07c63f42f2f6dc3f89a5d5a28db44073a365779e2a85fc272ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
185KB

MD5
2ab5c16df088f2d0bf2646ef54532406

SHA1
d644821f6dd09ad1b8addf1b1d7e1aaf186ff320

SHA256
f54d9b2d2c3edd5e7f385808c7a04024a9d8656d4b6c21b9aed2554e8cff0866

SHA512
3383c0bf46ec6aa0754d54e4257a786cc461d8b0e7e0ef7d8623f4ed4eedd1d381a2026d5ef89a9abaa36512f38c581176e8b2f9db419eeeae5f43939ddffeef

Download Submit
C:\Users\Admin\AppData\Local\Temp\TCD30E1.tmp\gb.xsl

Filesize
262KB

MD5
51d32ee5bc7ab811041f799652d26e04

SHA1
412193006aa3ef19e0a57e16acf86b830993024a

SHA256
6230814bf5b2d554397580613e20681752240ab87fd354ececf188c1eabe0e97

SHA512
5fc5d889b0c8e5ef464b76f0c4c9e61bda59b2d1205ac9417cc74d6e9f989fb73d78b4eb3044a1a1e1f2c00ce1ca1bd6d4d07eeadc4108c7b124867711c31810

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Word\AutoRecovery save of Document1.asd

Filesize
27KB

MD5
9104494fc32ba76e373ebbd2d65440b8

SHA1
ab627cb87a6dc0519ed6b69f576306e17dd9e4e3

SHA256
6f5d511dc61da905ea059ab4d2de7e9d914d3fa75dafa8adbb2d89c428065b49

SHA512
288e83cd837c35fa9ec57ba00de916e59542b519785df1e7b09fc30d6a183e068639715233a67c4f9b55583b915e7ba90afcada3d0b7b4a4af46f2cbecf77704

Download Submit
memory/3816-3619-0x00000203D6B90000-0x00000203D6B91000-memory.dmp

Filesize
4KB

Download
memory/3816-3616-0x00000203D6B90000-0x00000203D6B91000-memory.dmp

Filesize
4KB

Download
memory/3816-3617-0x00000203D6B90000-0x00000203D6B91000-memory.dmp

Filesize
4KB

Download
memory/3816-3608-0x00000203D6B90000-0x00000203D6B91000-memory.dmp

Filesize
4KB

Download
memory/3816-3609-0x00000203D6B90000-0x00000203D6B91000-memory.dmp

Filesize
4KB

Download
memory/3816-3615-0x00000203D6B90000-0x00000203D6B91000-memory.dmp

Filesize
4KB

Download
memory/3816-3614-0x00000203D6B90000-0x00000203D6B91000-memory.dmp

Filesize
4KB

Download
memory/3816-3618-0x00000203D6B90000-0x00000203D6B91000-memory.dmp

Filesize
4KB

Download
memory/3816-3607-0x00000203D6B90000-0x00000203D6B91000-memory.dmp

Filesize
4KB

Download
memory/4484-5-0x0000000004EF0000-0x0000000004EFA000-memory.dmp

Filesize
40KB

Download
memory/4484-6-0x0000000075240000-0x00000000759F0000-memory.dmp

Filesize
7.7MB

Download
memory/4484-2-0x0000000004E20000-0x0000000004EBC000-memory.dmp

Filesize
624KB

Download
memory/4484-1-0x0000000000420000-0x000000000045C000-memory.dmp

Filesize
240KB

Download
memory/4484-2744-0x000000007524E000-0x000000007524F000-memory.dmp

Filesize
4KB

Download
memory/4484-7-0x0000000005000000-0x0000000005056000-memory.dmp

Filesize
344KB

Download
memory/4484-4-0x0000000004F60000-0x0000000004FF2000-memory.dmp

Filesize
584KB

Download
memory/4484-0-0x000000007524E000-0x000000007524F000-memory.dmp

Filesize
4KB

Download
memory/4484-3-0x0000000005470000-0x0000000005A14000-memory.dmp

Filesize
5.6MB

Download
memory/4484-3424-0x0000000006450000-0x00000000064B6000-memory.dmp

Filesize
408KB

Download
memory/4484-2901-0x0000000075240000-0x00000000759F0000-memory.dmp

Filesize
7.7MB

Download
memory/4660-3604-0x00007FF999470000-0x00007FF999480000-memory.dmp

Filesize
64KB

Download
memory/4660-3603-0x00007FF999470000-0x00007FF999480000-memory.dmp

Filesize
64KB

Download
memory/4660-3605-0x00007FF999470000-0x00007FF999480000-memory.dmp

Filesize
64KB

Download
memory/4660-3606-0x00007FF999470000-0x00007FF999480000-memory.dmp

Filesize
64KB

Download
memory/4660-3431-0x00007FF996C20000-0x00007FF996C30000-memory.dmp

Filesize
64KB

Download
memory/4660-3430-0x00007FF996C20000-0x00007FF996C30000-memory.dmp

Filesize
64KB

Download
memory/4660-3429-0x00007FF999470000-0x00007FF999480000-memory.dmp

Filesize
64KB

Download
memory/4660-3428-0x00007FF999470000-0x00007FF999480000-memory.dmp

Filesize
64KB

Download
memory/4660-3425-0x00007FF999470000-0x00007FF999480000-memory.dmp

Filesize
64KB

Download
memory/4660-3427-0x00007FF999470000-0x00007FF999480000-memory.dmp

Filesize
64KB

Download
memory/4660-3426-0x00007FF999470000-0x00007FF999480000-memory.dmp

Filesize
64KB

Download
memory/4760-2754-0x000001C352890000-0x000001C352891000-memory.dmp

Filesize
4KB

Download
memory/4760-2755-0x000001C352890000-0x000001C352891000-memory.dmp

Filesize
4KB

Download
memory/4760-2756-0x000001C352890000-0x000001C352891000-memory.dmp

Filesize
4KB

Download
memory/4760-2757-0x000001C352890000-0x000001C352891000-memory.dmp

Filesize
4KB

Download
memory/4760-2758-0x000001C352890000-0x000001C352891000-memory.dmp

Filesize
4KB

Download
memory/4760-2759-0x000001C352890000-0x000001C352891000-memory.dmp

Filesize
4KB

Download
memory/4760-2760-0x000001C352890000-0x000001C352891000-memory.dmp

Filesize
4KB

Download
memory/4760-2746-0x000001C352890000-0x000001C352891000-memory.dmp

Filesize
4KB

Download
memory/4760-2747-0x000001C352890000-0x000001C352891000-memory.dmp

Filesize
4KB

Download
memory/4760-2748-0x000001C352890000-0x000001C352891000-memory.dmp

Filesize
4KB

Download