hxxps://drive[.]google[.]com/file/d/1oCGtzrzqZsju5x6hv9lEAIXSo_k_Q2E8/view

Analysis

max time kernel
53s
max time network
53s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
03-12-2024 03:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1oCGtzrzqZsju5x6hv9lEAIXSo_k_Q2E8/view

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
5	drive.google.com
2	drive.google.com
4	drive.google.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 22 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133776716479478114"	chrome.exe

Modifies registry class 12 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\ahk_auto_file\shell\Read	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\ahk_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\AcroRd32.exe\" \"%1\""	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\.ahk\ = "ahk_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\ḉ쀀	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\ḉ쀀\ = "ahk_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\.ahk	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\ahk_auto_file	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\ahk_auto_file\shell	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\ahk_auto_file\shell\Read\command	OpenWith.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Fisch Macro V11.ahk:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\Fisch Macro V11 (1).ahk:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
2136	chrome.exe
2136	chrome.exe
4684	AcroRd32.exe
4684	AcroRd32.exe
4684	AcroRd32.exe
4684	AcroRd32.exe
4684	AcroRd32.exe
4684	AcroRd32.exe
4684	AcroRd32.exe
4684	AcroRd32.exe
4684	AcroRd32.exe
4684	AcroRd32.exe
4684	AcroRd32.exe
4684	AcroRd32.exe
4684	AcroRd32.exe
4684	AcroRd32.exe
4684	AcroRd32.exe
4684	AcroRd32.exe
4684	AcroRd32.exe
4684	AcroRd32.exe
4684	AcroRd32.exe
4684	AcroRd32.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe
Token: SeShutdownPrivilege	2136	chrome.exe
Token: SeCreatePagefilePrivilege	2136	chrome.exe

Suspicious use of FindShellTrayWindow 41 IoCs

pid	Process
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
4684	AcroRd32.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe
2136	chrome.exe

Suspicious use of SetWindowsHookEx 27 IoCs

pid	Process
1892	OpenWith.exe
2556	OpenWith.exe
2556	OpenWith.exe
2556	OpenWith.exe
2556	OpenWith.exe
2556	OpenWith.exe
2556	OpenWith.exe
2556	OpenWith.exe
2556	OpenWith.exe
2556	OpenWith.exe
2556	OpenWith.exe
2556	OpenWith.exe
5060	AcroRd32.exe
5060	AcroRd32.exe
5060	AcroRd32.exe
5060	AcroRd32.exe
480	AcroRd32.exe
480	AcroRd32.exe
480	AcroRd32.exe
480	AcroRd32.exe
480	AcroRd32.exe
4684	AcroRd32.exe
4684	AcroRd32.exe
4684	AcroRd32.exe
4684	AcroRd32.exe
4684	AcroRd32.exe
4684	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2136 wrote to memory of 4688	2136	chrome.exe	77
PID 2136 wrote to memory of 4688	2136	chrome.exe	77
PID 2136 wrote to memory of 1144	2136	chrome.exe	78
PID 2136 wrote to memory of 1144	2136	chrome.exe	78
PID 2136 wrote to memory of 1144	2136	chrome.exe	78
PID 2136 wrote to memory of 1144	2136	chrome.exe	78
PID 2136 wrote to memory of 1144	2136	chrome.exe	78
PID 2136 wrote to memory of 1144	2136	chrome.exe	78
PID 2136 wrote to memory of 1144	2136	chrome.exe	78
PID 2136 wrote to memory of 1144	2136	chrome.exe	78
PID 2136 wrote to memory of 1144	2136	chrome.exe	78
PID 2136 wrote to memory of 1144	2136	chrome.exe	78
PID 2136 wrote to memory of 1144	2136	chrome.exe	78
PID 2136 wrote to memory of 1144	2136	chrome.exe	78
PID 2136 wrote to memory of 1144	2136	chrome.exe	78
PID 2136 wrote to memory of 1144	2136	chrome.exe	78
PID 2136 wrote to memory of 1144	2136	chrome.exe	78
PID 2136 wrote to memory of 1144	2136	chrome.exe	78
PID 2136 wrote to memory of 1144	2136	chrome.exe	78
PID 2136 wrote to memory of 1144	2136	chrome.exe	78
PID 2136 wrote to memory of 1144	2136	chrome.exe	78
PID 2136 wrote to memory of 1144	2136	chrome.exe	78
PID 2136 wrote to memory of 1144	2136	chrome.exe	78
PID 2136 wrote to memory of 1144	2136	chrome.exe	78
PID 2136 wrote to memory of 1144	2136	chrome.exe	78
PID 2136 wrote to memory of 1144	2136	chrome.exe	78
PID 2136 wrote to memory of 1144	2136	chrome.exe	78
PID 2136 wrote to memory of 1144	2136	chrome.exe	78
PID 2136 wrote to memory of 1144	2136	chrome.exe	78
PID 2136 wrote to memory of 1144	2136	chrome.exe	78
PID 2136 wrote to memory of 1144	2136	chrome.exe	78
PID 2136 wrote to memory of 1144	2136	chrome.exe	78
PID 2136 wrote to memory of 1584	2136	chrome.exe	79
PID 2136 wrote to memory of 1584	2136	chrome.exe	79
PID 2136 wrote to memory of 3788	2136	chrome.exe	80
PID 2136 wrote to memory of 3788	2136	chrome.exe	80
PID 2136 wrote to memory of 3788	2136	chrome.exe	80
PID 2136 wrote to memory of 3788	2136	chrome.exe	80
PID 2136 wrote to memory of 3788	2136	chrome.exe	80
PID 2136 wrote to memory of 3788	2136	chrome.exe	80
PID 2136 wrote to memory of 3788	2136	chrome.exe	80
PID 2136 wrote to memory of 3788	2136	chrome.exe	80
PID 2136 wrote to memory of 3788	2136	chrome.exe	80
PID 2136 wrote to memory of 3788	2136	chrome.exe	80
PID 2136 wrote to memory of 3788	2136	chrome.exe	80
PID 2136 wrote to memory of 3788	2136	chrome.exe	80
PID 2136 wrote to memory of 3788	2136	chrome.exe	80
PID 2136 wrote to memory of 3788	2136	chrome.exe	80
PID 2136 wrote to memory of 3788	2136	chrome.exe	80
PID 2136 wrote to memory of 3788	2136	chrome.exe	80
PID 2136 wrote to memory of 3788	2136	chrome.exe	80
PID 2136 wrote to memory of 3788	2136	chrome.exe	80
PID 2136 wrote to memory of 3788	2136	chrome.exe	80
PID 2136 wrote to memory of 3788	2136	chrome.exe	80
PID 2136 wrote to memory of 3788	2136	chrome.exe	80
PID 2136 wrote to memory of 3788	2136	chrome.exe	80
PID 2136 wrote to memory of 3788	2136	chrome.exe	80
PID 2136 wrote to memory of 3788	2136	chrome.exe	80
PID 2136 wrote to memory of 3788	2136	chrome.exe	80
PID 2136 wrote to memory of 3788	2136	chrome.exe	80
PID 2136 wrote to memory of 3788	2136	chrome.exe	80
PID 2136 wrote to memory of 3788	2136	chrome.exe	80
PID 2136 wrote to memory of 3788	2136	chrome.exe	80
PID 2136 wrote to memory of 3788	2136	chrome.exe	80

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/1oCGtzrzqZsju5x6hv9lEAIXSo_k_Q2E8/view
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa3c49cc40,0x7ffa3c49cc4c,0x7ffa3c49cc58
  2⤵
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1940,i,12377738499880859946,2026838363516012870,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1936 /prefetch:2
  2⤵
  PID:1144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1696,i,12377738499880859946,2026838363516012870,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1972 /prefetch:3
  2⤵
  PID:1584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2168,i,12377738499880859946,2026838363516012870,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2176 /prefetch:8
  2⤵
  PID:3788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,12377738499880859946,2026838363516012870,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3096 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3084,i,12377738499880859946,2026838363516012870,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3128 /prefetch:1
  2⤵
  PID:388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4436,i,12377738499880859946,2026838363516012870,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4512 /prefetch:1
  2⤵
  PID:1688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5028,i,12377738499880859946,2026838363516012870,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5132 /prefetch:8
  2⤵
  - NTFS ADS
  PID:3896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5104,i,12377738499880859946,2026838363516012870,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5116 /prefetch:8
  2⤵
  PID:3940
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\Fisch Macro V11.ahk"
  2⤵
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:480
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4804
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B2A7CB74CA918D011BB5B518DD795F97 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:1888
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=BDAD39211FB9079CA2DB51A894F5EA59 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=BDAD39211FB9079CA2DB51A894F5EA59 --renderer-client-id=2 --mojo-platform-channel-handle=1720 --allow-no-sandbox-job /prefetch:1
      4⤵
      System Location Discovery: System Language Discovery
      PID:1476
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F402E66715E32E6A2681E4629C24AB7B --mojo-platform-channel-handle=2320 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:900
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=7B0EF7DC0EF507E0946CEB2ACB1E66B8 --mojo-platform-channel-handle=2520 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:3000
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=3C75DF43675003E806CAADD21166FEB0 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5172,i,12377738499880859946,2026838363516012870,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5388 /prefetch:8
  2⤵
  - NTFS ADS
  PID:2000
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\Fisch Macro V11 (1).ahk"
  2⤵
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Modifies Internet Explorer settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:4684
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3816
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=896DF09E3CBB1A65ADC5B6CC2D00EFB6 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=896DF09E3CBB1A65ADC5B6CC2D00EFB6 --renderer-client-id=2 --mojo-platform-channel-handle=1664 --allow-no-sandbox-job /prefetch:1
      4⤵
      System Location Discovery: System Language Discovery
      PID:1884
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=5EC5F81848D8530D446B5D9A777EEC4B --mojo-platform-channel-handle=1852 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:2072
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F6D295DF4CC993851F2CEFE130519241 --mojo-platform-channel-handle=2284 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:4796
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=93DCCE41CAEC567D3956B5680E0899B9 --mojo-platform-channel-handle=1960 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:1204
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=DDC4F3EFB8F37FA2A763988987F44416 --mojo-platform-channel-handle=2304 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:2556
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=43BC85B3EA694EBD4E898B93C53E3869 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=43BC85B3EA694EBD4E898B93C53E3869 --renderer-client-id=8 --mojo-platform-channel-handle=2372 --allow-no-sandbox-job /prefetch:1
      4⤵
      System Location Discovery: System Language Discovery
      PID:4088

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:900

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3228

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1892

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2556
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\Fisch Macro V11.ahk"
  2⤵
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:5060
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
    3⤵
    - System Location Discovery: System Language Discovery
    PID:916
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=FA9183E9E0B34499014935F9E0E3F88C --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:4696
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=0BCBCF9E884FF4D8D8F40C292953ED20 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=0BCBCF9E884FF4D8D8F40C292953ED20 --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:1
      4⤵
      System Location Discovery: System Language Discovery
      PID:4700
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=61C02AA52DDA556607EE08ECD995D047 --mojo-platform-channel-handle=2288 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:4480
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=3DF876AB4F855CB9AE54577F7B5ACABD --mojo-platform-channel-handle=2416 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:1724
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8D17D51BBA2761B2DC6B0EAC141E0DF3 --mojo-platform-channel-handle=2532 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:3068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1

Filesize
264KB

MD5
57a5cf2600ca9f7acfe80d3cf7153435

SHA1
e429024a7d01268d56b8436ba4bca2ee1f91e27b

SHA256
dd4f400404e0b0045cd69cf18e80931ae8aaf06c04881d1bf8af48433052d84f

SHA512
9f3add6a4d0c5606bb17159132680addb0491a3394541593c778c069a9e1e6888d0f7152b2a1a4877db7b7216c2f947d076369558805b2bf87705fcba5cf3f78

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1

Filesize
264KB

MD5
6bb7247b67a46496bd82d58212f5da5b

SHA1
142aeab69dba52c6802504961f3e3742b24081c4

SHA256
c2fa8eba8003db57e694ae7b74449cc032514ba96a7cd37ec97dca622cc4380f

SHA512
ba0163e5e36673d59a433cf89cd26c641718e5fc8f7340afba5c8836d78f09dc312fb6763616b34fed5f474a7be6ac08ee6919aeb182d9acfa40f84eb389ae24

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1

Filesize
264KB

MD5
1ebd4a40547b247928cff10804710294

SHA1
d22395f133441a11aa13a932abd74f7c798b6ccf

SHA256
3ad84c67ba94ad09a1f2bb87cc567fdcadbc7e41a1625836e3cf05047876c9a2

SHA512
d9bb2d13dda9b91a35df83597f221093975c29ade113cf738371b4a11749508a9750d794d70126b665b13b55b0253571396bdb929eb0c57ab6adfcb6cf0e8e23

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Filesize
289B

MD5
41fec0c88fa82e554dfa8e40f28acb49

SHA1
b343dd6604f25481186cc99550f48b4dca503072

SHA256
ed75439b7ef9041224190245ae6297865106b71cec076f13b1d2d58e75a93e37

SHA512
5ad3c8664842b8584c8d45e88c31959ed5cb1473c083819091e6c715888c845ada595e8daaf660156dee73adfbc3c844de15d8c6705bea676e54d7b5f526d2c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Filesize
292B

MD5
ff7dec53f8ac90a9fbee68e5b5dd56c6

SHA1
c365bd458240dd3ee60cc38e640a23b908274af8

SHA256
bf240825a0dae02ca9992e73fdba30ee47ee315351aec433509331497d56e12e

SHA512
890724590b570afca1ba23f1cee39d961c95a13d2821d59549cb782db11b706027b8f707d5986897f84d00be56e8e4e39f04a83fb551755a0e57e5fdb48f7719

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links

Filesize
128KB

MD5
d5d824b44cf4b8829bd1ed72f2034bdc

SHA1
fa731182693ad78c09f59ff6cca6717f4e8e2209

SHA256
70026d5eed2af4e1c52c5dcee5fbe3a38a2fa4ba8da6e2e88d68d654fbea6a9a

SHA512
820c8e8b2723aa5abf1ad2af5cea7e2576d439b03e88586542f13bd281e19fda318d8d6e1551d69b8eaa468bd672e20b47693eab667b82fdbea411b1f225d2bb

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat

Filesize
153KB

MD5
84bbda7e2f809254e7f6f84d3e63e1b4

SHA1
e27adf592ecd2901582873d49502a03731d1bc14

SHA256
e048f69469b57b73a3c8209bf6646a135729f7dbc5a6a1d95ad72318bcbd42d5

SHA512
6f54120f550b2fef8da6bc13e6b3b3c8d3b616a79390bdaafd104a84743e2b23bec1d011a3de13bcf5d572ee5818a42523d511b6863d8fb07513b5d4db11916f

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat

Filesize
153KB

MD5
7c601e12e6bf3d50cb53b9ede129560a

SHA1
8205706feee9b68d5e0a201a42f609cde6f5bb1f

SHA256
88e1b4ee89754129fb9175b12728e15648fa0361380fbdee697015b7f0038b99

SHA512
75cbf7eb25e4d924bf5e1cdf2ca14125743b7e7d84061d959e37734c30eb8571d17d47d28d50e9d85076321d33db56b2fec98320b5025a77e7e708ea82cdbc57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
25dc68930d598be5dd5ed726ae436096

SHA1
60918a6fc29c64afc61e225fc7ec151093886531

SHA256
63655cb2c942d536946fbd97654de4bdd04524543a67fadc49944e8507e5b510

SHA512
f0f517d5007569a9239b9ce11e76426015009ff47de6c37a2c8349fb2438c225f1d87adbda2cf0bcf448dd3b63e5849af47e22fd9abaf1b7b61021da0162b8c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
be9a1f65ab003ca9041f6f4c672ef41d

SHA1
b10e0b030daeaf9c9c4270c1a476d58e41bc1019

SHA256
e63e950bdf3fdb3233195691511fb6d1c3fcebf6153c3e2e41097890d35dad95

SHA512
2d6ac6eaf566b3e37466660e51d726375313eb7b263e6efe92d0e4abc1981a4568e5f659668c394db1648e9aba3bbe2357d7bf988de2b41cfedc9928aa3983ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
1e0339e2d8baad8d05ae0b610dca6f7b

SHA1
67c846b8f4a56156e1e6902d9ac9ab85660c226f

SHA256
524872a0812706c4450f497332c9ec046d427d2abd2ca9993356b40d8480a67e

SHA512
1dd1a05974c3e6542fe77bf6beb12535e887cfbe381a314372110fbc56c12e989ee2a098a23283ed3cea02f83e0b8a7bde37e62e1477d3507b350ba747bdf4ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
535969d618a10310be9eb4088f9ddf56

SHA1
ff2fedca04e143d278b02eb287c23c06405bb5f1

SHA256
803448ee69b647d156183f847c71d2b0725620b498ce91734115215c94483b83

SHA512
af67058a0e1abd5291c4eb60bd65397931391b4a90022457e46780cb4db954d419631189ac4db93246735464951beb0edd95cce2e4d118093a9ec2d6f1037b8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
429e78df5a9c30ef3c238224dc41df9f

SHA1
53afb268f8a1dd89dfed17ffa45ffcf1e04ef65a

SHA256
a72299b5c52addbcee895c03733c2e1ffa75454290fce2a73457e54b71a5f10b

SHA512
e08c1cdf4894c0d69e27715863ee459d5606b99bc71fa90d3dc81962329d5878903446d4c4a6aa58ce08f03be6b3d7e7988723f861010f435d94fcf21d5cbc84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
eb5c57626f5829a50264e940b0927006

SHA1
0a43e2bc30c40a5918e16945c93cec29eb0d8e08

SHA256
1281c8fd6205664a385bd54e473e233c20826a0d6fc3cb8a1701ad3ac22e3953

SHA512
8ac896c4139ee0df99604b0f227de7c1e97b2235163afac687196f0ff1f089de0710ba45ecf1613c818d5b2a538191f4008d4e0dda9f7afc270fb20e90566785

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
4985b76719f38852fdecb5aa1e9fc90b

SHA1
a12e3af58ff6359a426c01fe53da9b8c44a199e1

SHA256
7deacb019a1e1113b29e1ca0a63e414f6f994218c865d2469b77b174572d179a

SHA512
75d1f8c6217e7749e65e794abdaf6404bb20f46517f65149f54ec3cf5a45aadf536832ec0a989c62e1dcb8e9ae95539a180e83daeea49cd947bf5b6dfb27d5d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
1cad8fe8fb3fc4878360fec69f7f945c

SHA1
9dcfb121e7188c71b1eca07645276efebe1ee2e5

SHA256
73c675fbd00201e2558528c778a89636336f83853c592b30837d40c00a489a8b

SHA512
2dd23d6ed88910f57d5ff6312b0086c8725a119029ffc0d599e3ebafe01fac3d6e188d43edb42e5d7fb11139ccbb853f5a4ac2f11cecaec697a037178ba9ba85

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_store

Filesize
10KB

MD5
c3c6b3f8296ee0464e2957e7ed77b527

SHA1
24d7d914835515766dca91b45e99923212fe27f7

SHA256
88d6865978ed46cf26439760cfaa30e67dcd4ae0c7f2f40894d2d5aa23e08c44

SHA512
6a85e78bf5b411e6a3d0bc83e813eb22615ea00a89704f3e5b26286dc272793ad8cb47aaee12cfcf009c3c6124e32640acf6f966d61dce44f8978671aa54f7d6

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei

Filesize
23KB

MD5
011bada08d600540d409517b7f2098cc

SHA1
20ceffe8c18855cfe8ae42eb221fca20b6e8fd84

SHA256
45b908cd6088404cf9d6e0521495ac6e4ed3976a30c97322cd521c1da8f04734

SHA512
3d87859b48c84565caf29db45115a198abe24afc8c5cccfba845b20e7a076158e1df572b71683e6bd971fce720835a65aa90c9e9fb1ead8f38edb8ce83765055

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei

Filesize
23KB

MD5
12f143a7d821245ebd8eb67cc2a250ba

SHA1
1abdf7a0b8d3c2737a6eb975ed8c5c6d708c4cc3

SHA256
46f2440eb9c49a8a9405d3ba34c3dc4a05e96c9cad6f250f4b9183760e8570b6

SHA512
105b13c5586aac7e375dce622d780c50ddb6c7c1d7dbd096ca94f6fa1e0a719673afe1540af77e52383f7f71ba43babaaae73d4567b8be10248ce22c7aa4404a

Download Submit
C:\Users\Admin\Downloads\Fisch Macro V11 (1).ahk:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Fisch Macro V11.ahk

Filesize
25KB

MD5
36ddfbe29f2fd3366ca298b350a6cb19

SHA1
0b5c4d270dc47b4ae1b1f59f85b8617bf8a7b036

SHA256
4acb8e96da33a31d5f8384635cc994bebac071f16093ae6ed7f909f6a3bf7218

SHA512
54760d5e130e90a07c238fceee800da27d567671a22bdf6ab7f6f21a148f072e7b2f07d7e74e55f32d7d8e4c52779882ae6681a0653e2fcd564a7dafc94593ae

Download Submit
C:\Users\Admin\Downloads\Fisch Macro V11.ahk:Zone.Identifier

Filesize
173B

MD5
8cd59ea06f0b27f8ac4873886ef72a27

SHA1
43faee3a59fb959bb94f8805c91ddc59d2878c71

SHA256
ed82cc8e0fdf750e0b98036242bb852e6d0d5e6f53c819410fbbc265fb10bccc

SHA512
672bd231ccc330c2db5123cf1f2dcb11aad6de6c0cca6d936edbedb486d275f6f3658f40e98835cc7b99278aaabd54dd061b1e2ee148605d7b3a93e760adc5bc

Download Submit
C:\Users\Admin\Downloads\eada3757-b9c1-43c3-99c4-fdb40a51378f.tmp

Filesize
10KB

MD5
fd40612c8b8cb6d1eac7b7b2efe4cfcb

SHA1
f0872422e461d687a60bb3dda055619bb2d5c25a

SHA256
f60e20d897e887e89955efadfa878cd2397f770c12dce78cfa7e93aa0bb1a7c3

SHA512
ac5b54820ceefc1b355e347b70f294a84e71c080965964baad26a23dbfe25029c00e338fd95f0b1609d945f83c4817cf5765afcc270bb6e4a58df405ab9d32df

Download Submit