hxxps://drive[.]google[.]com/file/d/1f3u17D8mvcd5q7F7mPdIZStIfAGif1z4/view

Resubmissions

08-02-2025 14:04

250208-rdlwxsypav 8

08-02-2025 14:02

250208-rcl6asynfv 6

Analysis

max time kernel
401s
max time network
403s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250207-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250207-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
08-02-2025 14:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1f3u17D8mvcd5q7F7mPdIZStIfAGif1z4/view

Score

8^/10

defense_evasion discovery persistence privilege_escalation

Malware Config

Signatures

Downloads MZ/PE file 1 IoCs

flow	pid	Process
102	3980	Process not Found

Modifies Windows Firewall 2 TTPs 2 IoCs

defense_evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
4028	netsh.exe
4884	netsh.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-808110790-2952985133-1854531158-1000\Control Panel\International\Geo\Nation	setup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-808110790-2952985133-1854531158-1000\Control Panel\International\Geo\Nation	setup.exe

Executes dropped EXE 5 IoCs

pid	Process
1968	Set-up.exe
3508	Set-up.exe
1728	Set-up.exe
4492	setup.exe
1868	setup.exe

Unexpected DNS network traffic destination 24 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	flow	ioc	pid	Process
Destination IP	160	205.251.195.233	3744	nslookup.exe
Destination IP	171	205.251.199.90	2112	nslookup.exe
Destination IP	181	205.251.197.135	3192	nslookup.exe
Destination IP	182	205.251.197.135	3192	nslookup.exe
Destination IP	183	205.251.197.135	3192	nslookup.exe
Destination IP	156	205.251.196.135	2696	nslookup.exe
Destination IP	175	205.251.193.84	1232	nslookup.exe
Destination IP	176	205.251.193.84	1232	nslookup.exe
Destination IP	177	205.251.193.84	1232	nslookup.exe
Destination IP	191	205.251.198.118	380	nslookup.exe
Destination IP	192	205.251.198.118	380	nslookup.exe
Destination IP	155	205.251.196.135	2696	nslookup.exe
Destination IP	158	205.251.195.233	3744	nslookup.exe
Destination IP	163	205.251.192.67	3508	nslookup.exe
Destination IP	164	205.251.192.67	3508	nslookup.exe
Destination IP	169	205.251.199.90	2112	nslookup.exe
Destination IP	186	205.251.195.194	2580	nslookup.exe
Destination IP	193	205.251.198.118	380	nslookup.exe
Destination IP	154	205.251.196.135	2696	nslookup.exe
Destination IP	161	205.251.195.233	3744	nslookup.exe
Destination IP	165	205.251.192.67	3508	nslookup.exe
Destination IP	170	205.251.199.90	2112	nslookup.exe
Destination IP	185	205.251.195.194	2580	nslookup.exe
Destination IP	187	205.251.195.194	2580	nslookup.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
13	drive.google.com
14	drive.google.com
15	drive.google.com
3	drive.google.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\eventvwr.msc	mmc.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Netsh Helper DLL 1 TTPs 6 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
2116	1968	WerFault.exe	115
3228	3508	WerFault.exe	122
2144	1728	WerFault.exe	126

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Set-up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Set-up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Set-up.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
4824	MicrosoftEdgeUpdate.exe
236	PING.EXE

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-808110790-2952985133-1854531158-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Set-up.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-808110790-2952985133-1854531158-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\Set-up.exe = "11001"	Set-up.exe
Key created	\REGISTRY\USER\S-1-5-21-808110790-2952985133-1854531158-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Set-up.exe
Key created	\REGISTRY\USER\S-1-5-21-808110790-2952985133-1854531158-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	Set-up.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133834971433350407"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-808110790-2952985133-1854531158-1000_Classes\Local Settings	chrome.exe

Modifies system certificate store 2 TTPs 3 IoCs

defense_evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	Set-up.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	Set-up.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	Set-up.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
236	PING.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4976	chrome.exe
4976	chrome.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
1748	taskmgr.exe
640	mmc.exe
2180	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe
1748	taskmgr.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
640	mmc.exe
640	mmc.exe
1968	Set-up.exe
1968	Set-up.exe
3508	Set-up.exe
3508	Set-up.exe
1728	Set-up.exe
1728	Set-up.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4976 wrote to memory of 836	4976	chrome.exe	87
PID 4976 wrote to memory of 836	4976	chrome.exe	87
PID 4976 wrote to memory of 2016	4976	chrome.exe	88
PID 4976 wrote to memory of 2016	4976	chrome.exe	88
PID 4976 wrote to memory of 2016	4976	chrome.exe	88
PID 4976 wrote to memory of 2016	4976	chrome.exe	88
PID 4976 wrote to memory of 2016	4976	chrome.exe	88
PID 4976 wrote to memory of 2016	4976	chrome.exe	88
PID 4976 wrote to memory of 2016	4976	chrome.exe	88
PID 4976 wrote to memory of 2016	4976	chrome.exe	88
PID 4976 wrote to memory of 2016	4976	chrome.exe	88
PID 4976 wrote to memory of 2016	4976	chrome.exe	88
PID 4976 wrote to memory of 2016	4976	chrome.exe	88
PID 4976 wrote to memory of 2016	4976	chrome.exe	88
PID 4976 wrote to memory of 2016	4976	chrome.exe	88
PID 4976 wrote to memory of 2016	4976	chrome.exe	88
PID 4976 wrote to memory of 2016	4976	chrome.exe	88
PID 4976 wrote to memory of 2016	4976	chrome.exe	88
PID 4976 wrote to memory of 2016	4976	chrome.exe	88
PID 4976 wrote to memory of 2016	4976	chrome.exe	88
PID 4976 wrote to memory of 2016	4976	chrome.exe	88
PID 4976 wrote to memory of 2016	4976	chrome.exe	88
PID 4976 wrote to memory of 2016	4976	chrome.exe	88
PID 4976 wrote to memory of 2016	4976	chrome.exe	88
PID 4976 wrote to memory of 2016	4976	chrome.exe	88
PID 4976 wrote to memory of 2016	4976	chrome.exe	88
PID 4976 wrote to memory of 2016	4976	chrome.exe	88
PID 4976 wrote to memory of 2016	4976	chrome.exe	88
PID 4976 wrote to memory of 2016	4976	chrome.exe	88
PID 4976 wrote to memory of 2016	4976	chrome.exe	88
PID 4976 wrote to memory of 2016	4976	chrome.exe	88
PID 4976 wrote to memory of 2016	4976	chrome.exe	88
PID 4976 wrote to memory of 520	4976	chrome.exe	89
PID 4976 wrote to memory of 520	4976	chrome.exe	89
PID 4976 wrote to memory of 3772	4976	chrome.exe	90
PID 4976 wrote to memory of 3772	4976	chrome.exe	90
PID 4976 wrote to memory of 3772	4976	chrome.exe	90
PID 4976 wrote to memory of 3772	4976	chrome.exe	90
PID 4976 wrote to memory of 3772	4976	chrome.exe	90
PID 4976 wrote to memory of 3772	4976	chrome.exe	90
PID 4976 wrote to memory of 3772	4976	chrome.exe	90
PID 4976 wrote to memory of 3772	4976	chrome.exe	90
PID 4976 wrote to memory of 3772	4976	chrome.exe	90
PID 4976 wrote to memory of 3772	4976	chrome.exe	90
PID 4976 wrote to memory of 3772	4976	chrome.exe	90
PID 4976 wrote to memory of 3772	4976	chrome.exe	90
PID 4976 wrote to memory of 3772	4976	chrome.exe	90
PID 4976 wrote to memory of 3772	4976	chrome.exe	90
PID 4976 wrote to memory of 3772	4976	chrome.exe	90
PID 4976 wrote to memory of 3772	4976	chrome.exe	90
PID 4976 wrote to memory of 3772	4976	chrome.exe	90
PID 4976 wrote to memory of 3772	4976	chrome.exe	90
PID 4976 wrote to memory of 3772	4976	chrome.exe	90
PID 4976 wrote to memory of 3772	4976	chrome.exe	90
PID 4976 wrote to memory of 3772	4976	chrome.exe	90
PID 4976 wrote to memory of 3772	4976	chrome.exe	90
PID 4976 wrote to memory of 3772	4976	chrome.exe	90
PID 4976 wrote to memory of 3772	4976	chrome.exe	90
PID 4976 wrote to memory of 3772	4976	chrome.exe	90
PID 4976 wrote to memory of 3772	4976	chrome.exe	90
PID 4976 wrote to memory of 3772	4976	chrome.exe	90
PID 4976 wrote to memory of 3772	4976	chrome.exe	90
PID 4976 wrote to memory of 3772	4976	chrome.exe	90
PID 4976 wrote to memory of 3772	4976	chrome.exe	90

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/1f3u17D8mvcd5q7F7mPdIZStIfAGif1z4/view
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffab742cc40,0x7ffab742cc4c,0x7ffab742cc58
  2⤵
  PID:836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1868,i,11363079491600990074,10990112888920620281,262144 --variations-seed-version=20250206-180041.353000 --mojo-platform-channel-handle=1860 /prefetch:2
  2⤵
  PID:2016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2136,i,11363079491600990074,10990112888920620281,262144 --variations-seed-version=20250206-180041.353000 --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  PID:520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2280,i,11363079491600990074,10990112888920620281,262144 --variations-seed-version=20250206-180041.353000 --mojo-platform-channel-handle=2456 /prefetch:8
  2⤵
  PID:3772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3132,i,11363079491600990074,10990112888920620281,262144 --variations-seed-version=20250206-180041.353000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3144,i,11363079491600990074,10990112888920620281,262144 --variations-seed-version=20250206-180041.353000 --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:2460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4880,i,11363079491600990074,10990112888920620281,262144 --variations-seed-version=20250206-180041.353000 --mojo-platform-channel-handle=4388 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5080,i,11363079491600990074,10990112888920620281,262144 --variations-seed-version=20250206-180041.353000 --mojo-platform-channel-handle=5148 /prefetch:8
  2⤵
  PID:1764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4812,i,11363079491600990074,10990112888920620281,262144 --variations-seed-version=20250206-180041.353000 --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5500,i,11363079491600990074,10990112888920620281,262144 --variations-seed-version=20250206-180041.353000 --mojo-platform-channel-handle=4764 /prefetch:8
  2⤵
  PID:2600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4808,i,11363079491600990074,10990112888920620281,262144 --variations-seed-version=20250206-180041.353000 --mojo-platform-channel-handle=5544 /prefetch:8
  2⤵
  PID:1280

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4568

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3840

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7MTdCRjY0NEEtRTA5Ri00NjQ3LUFGQzQtNzA4N0VEQzZFMDNDfSIgdXNlcmlkPSJ7QTBFRTFCNTctNkIyMS00MEU0LUJCQTUtRTlDNzZGMDU5N0FFfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7QkI3N0Q1RUMtQTUzRi00M0NCLThBRUEtN0IyRjJGNUQ5QkQ2fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0NC40NTI5IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iMTI1IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtyNDUydDErazJUZ3EvSFh6anZGTkJSaG9wQldSOXNialh4cWVVREg5dVgwPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins4QTY5RDM0NS1ENTY0LTQ2M2MtQUZGMS1BNjlEOUU1MzBGOTZ9IiB2ZXJzaW9uPSIxMjMuMC42MzEyLjEyMyIgbmV4dHZlcnNpb249IiIgbGFuZz0iZW4iIGJyYW5kPSJHR0xTIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMSIgaW5zdGFsbGRhdGV0aW1lPSIxNzM4OTM1NTAwIiBvb2JlX2luc3RhbGxfdGltZT0iMTMzODM0MDgwNDYzMTQwMDAwIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMjE3OTg2MiIgc3lzdGVtX3VwdGltZV90aWNrcz0iNDk5ODA1NTMzOCIvPjwvYXBwPjwvcmVxdWVzdD4
1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:4824

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
PID:1748

C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\system32\eventvwr.msc" /s
1⤵
- Drops file in System32 directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:640

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2168

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Adobe Lightroom Classic v13.5.0 Multilingual.rar"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:2180

C:\Users\Admin\Desktop\Adobe 2024\Set-up.exe
"C:\Users\Admin\Desktop\Adobe 2024\Set-up.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies system certificate store
- Suspicious use of SetWindowsHookEx
PID:1968
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 2504
  2⤵
  - Program crash
  PID:2116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 1968 -ip 1968
1⤵
PID:1356

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
PID:1644

C:\Users\Admin\Desktop\Adobe 2024\Set-up.exe
"C:\Users\Admin\Desktop\Adobe 2024\Set-up.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3508
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 2228
  2⤵
  - Program crash
  PID:3228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 3508 -ip 3508
1⤵
PID:4008

C:\Users\Admin\Desktop\Adobe 2024\Set-up.exe
"C:\Users\Admin\Desktop\Adobe 2024\Set-up.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1728
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 2220
  2⤵
  - Program crash
  PID:2144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 1728 -ip 1728
1⤵
PID:2960

C:\Users\Admin\Desktop\Adobe 2024\packages\setup.exe
"C:\Users\Admin\Desktop\Adobe 2024\packages\setup.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
PID:4492
- C:\Users\Admin\Desktop\Adobe 2024\packages\setup.exe
  "C:\Users\Admin\Desktop\Adobe 2024\packages\setup.exe" -sfxwaitall:1 "BlockIPs.cmd"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:1868
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Adobe Temp\BlockIPs.cmd" "
    3⤵
    PID:3228
  - - C:\Windows\system32\netsh.exe
      netsh advfirewall firewall delete rule name="Adobe Unlicensed Pop-up" dir=out
      4⤵
      Modifies Windows Firewall
      Event Triggered Execution: Netsh Helper DLL
      PID:4028
  - - C:\Windows\system32\PING.EXE
      ping -4 -n 2 8.8.8.8
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      Runs ping.exe
      PID:236
  - - C:\Windows\system32\findstr.exe
      findstr /i /l /c:"TTL="
      4⤵
      PID:4140
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c 2>nul nslookup -type=ns adobe.io 8.8.8.8|findstr /i /l /c:"nameserver = "
      4⤵
      PID:4884
    - - C:\Windows\system32\nslookup.exe
        
        nslookup -type=ns adobe.io 8.8.8.8
        5⤵
        
        PID:3192
    - - C:\Windows\system32\findstr.exe
        
        findstr /i /l /c:"nameserver = "
        5⤵
        
        PID:1356
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c 2>nul nslookup adobe.io ns-1159.awsdns-16.org|findstr /r /c:"[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*"|findstr /i /v /c:"Address:"
      4⤵
      PID:4504
    - - C:\Windows\system32\nslookup.exe
        
        nslookup adobe.io ns-1159.awsdns-16.org
        5⤵
        Unexpected DNS network traffic destination
        
        PID:2696
    - - C:\Windows\system32\findstr.exe
        
        findstr /r /c:"[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*"
        5⤵
        
        PID:4472
    - - C:\Windows\system32\findstr.exe
        
        findstr /i /v /c:"Address:"
        5⤵
        
        PID:1344
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" echo ,"
      4⤵
      PID:1192
  - - C:\Windows\system32\findstr.exe
      findstr /l /c:",52.6.155.20,"
      4⤵
      PID:1624
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" echo ,52.6.155.20,"
      4⤵
      PID:2144
  - - C:\Windows\system32\findstr.exe
      findstr /l /c:",3.233.129.217,"
      4⤵
      PID:1728
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" echo ,52.6.155.20,3.233.129.217,"
      4⤵
      PID:3008
  - - C:\Windows\system32\findstr.exe
      findstr /l /c:",3.219.243.226,"
      4⤵
      PID:1572
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" echo ,52.6.155.20,3.233.129.217,3.219.243.226,"
      4⤵
      PID:2316
  - - C:\Windows\system32\findstr.exe
      findstr /l /c:",52.22.41.97,"
      4⤵
      PID:3344
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c 2>nul nslookup adobe.io ns-1001.awsdns-61.net|findstr /r /c:"[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*"|findstr /i /v /c:"Address:"
      4⤵
      PID:4792
    - - C:\Windows\system32\nslookup.exe
        
        nslookup adobe.io ns-1001.awsdns-61.net
        5⤵
        Unexpected DNS network traffic destination
        
        PID:3744
    - - C:\Windows\system32\findstr.exe
        
        findstr /r /c:"[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*"
        5⤵
        
        PID:1516
    - - C:\Windows\system32\findstr.exe
        
        findstr /i /v /c:"Address:"
        5⤵
        
        PID:4608
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" echo ,52.6.155.20,3.233.129.217,3.219.243.226,52.22.41.97,"
      4⤵
      PID:3984
  - - C:\Windows\system32\findstr.exe
      findstr /l /c:",18.213.11.84,"
      4⤵
      PID:348
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" echo ,52.6.155.20,3.233.129.217,3.219.243.226,52.22.41.97,18.213.11.84,"
      4⤵
      PID:3372
  - - C:\Windows\system32\findstr.exe
      findstr /l /c:",34.237.241.83,"
      4⤵
      PID:1824
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" echo ,52.6.155.20,3.233.129.217,3.219.243.226,52.22.41.97,18.213.11.84,34.237.241.83,"
      4⤵
      PID:1116
  - - C:\Windows\system32\findstr.exe
      findstr /l /c:",54.224.241.105,"
      4⤵
      PID:4084
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" echo ,52.6.155.20,3.233.129.217,3.219.243.226,52.22.41.97,18.213.11.84,34.237.241.83,54.224.241.105,"
      4⤵
      PID:1484
  - - C:\Windows\system32\findstr.exe
      findstr /l /c:",50.16.47.176,"
      4⤵
      PID:3472
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c 2>nul nslookup adobe.io ns-67.awsdns-08.com|findstr /r /c:"[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*"|findstr /i /v /c:"Address:"
      4⤵
      PID:1544
    - - C:\Windows\system32\nslookup.exe
        
        nslookup adobe.io ns-67.awsdns-08.com
        5⤵
        Unexpected DNS network traffic destination
        
        PID:3508
    - - C:\Windows\system32\findstr.exe
        
        findstr /r /c:"[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*"
        5⤵
        
        PID:4216
    - - C:\Windows\system32\findstr.exe
        
        findstr /i /v /c:"Address:"
        5⤵
        
        PID:3748
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" echo ,52.6.155.20,3.233.129.217,3.219.243.226,52.22.41.97,18.213.11.84,34.237.241.83,54.224.241.105,50.16.47.176,"
      4⤵
      PID:4552
  - - C:\Windows\system32\findstr.exe
      findstr /l /c:",34.237.241.83,"
      4⤵
      PID:4140
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" echo ,52.6.155.20,3.233.129.217,3.219.243.226,52.22.41.97,18.213.11.84,34.237.241.83,54.224.241.105,50.16.47.176,"
      4⤵
      PID:2920
  - - C:\Windows\system32\findstr.exe
      findstr /l /c:",50.16.47.176,"
      4⤵
      PID:3192
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" echo ,52.6.155.20,3.233.129.217,3.219.243.226,52.22.41.97,18.213.11.84,34.237.241.83,54.224.241.105,50.16.47.176,"
      4⤵
      PID:5088
  - - C:\Windows\system32\findstr.exe
      findstr /l /c:",18.213.11.84,"
      4⤵
      PID:2116
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" echo ,52.6.155.20,3.233.129.217,3.219.243.226,52.22.41.97,18.213.11.84,34.237.241.83,54.224.241.105,50.16.47.176,"
      4⤵
      PID:4472
  - - C:\Windows\system32\findstr.exe
      findstr /l /c:",54.224.241.105,"
      4⤵
      PID:5108
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c 2>nul nslookup adobe.io ns-1882.awsdns-43.co.uk|findstr /r /c:"[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*"|findstr /i /v /c:"Address:"
      4⤵
      PID:2360
    - - C:\Windows\system32\nslookup.exe
        
        nslookup adobe.io ns-1882.awsdns-43.co.uk
        5⤵
        Unexpected DNS network traffic destination
        
        PID:2112
    - - C:\Windows\system32\findstr.exe
        
        findstr /r /c:"[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*"
        5⤵
        
        PID:2420
    - - C:\Windows\system32\findstr.exe
        
        findstr /i /v /c:"Address:"
        5⤵
        
        PID:1560
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" echo ,52.6.155.20,3.233.129.217,3.219.243.226,52.22.41.97,18.213.11.84,34.237.241.83,54.224.241.105,50.16.47.176,"
      4⤵
      PID:4256
  - - C:\Windows\system32\findstr.exe
      findstr /l /c:",18.213.11.84,"
      4⤵
      PID:3128
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" echo ,52.6.155.20,3.233.129.217,3.219.243.226,52.22.41.97,18.213.11.84,34.237.241.83,54.224.241.105,50.16.47.176,"
      4⤵
      PID:4928
  - - C:\Windows\system32\findstr.exe
      findstr /l /c:",54.224.241.105,"
      4⤵
      PID:2316
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" echo ,52.6.155.20,3.233.129.217,3.219.243.226,52.22.41.97,18.213.11.84,34.237.241.83,54.224.241.105,50.16.47.176,"
      4⤵
      PID:936
  - - C:\Windows\system32\findstr.exe
      findstr /l /c:",34.237.241.83,"
      4⤵
      PID:4568
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" echo ,52.6.155.20,3.233.129.217,3.219.243.226,52.22.41.97,18.213.11.84,34.237.241.83,54.224.241.105,50.16.47.176,"
      4⤵
      PID:1516
  - - C:\Windows\system32\findstr.exe
      findstr /l /c:",50.16.47.176,"
      4⤵
      PID:640
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c 2>nul nslookup -type=ns adobestats.io 8.8.8.8|findstr /i /l /c:"nameserver = "
      4⤵
      PID:4792
    - - C:\Windows\system32\nslookup.exe
        
        nslookup -type=ns adobestats.io 8.8.8.8
        5⤵
        
        PID:3984
    - - C:\Windows\system32\findstr.exe
        
        findstr /i /l /c:"nameserver = "
        5⤵
        
        PID:1380
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c 2>nul nslookup 3u6k9as4bj.adobestats.io ns-340.awsdns-42.com|findstr /r /c:"[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*"|findstr /i /v /c:"Address:"
      4⤵
      PID:3372
    - - C:\Windows\system32\nslookup.exe
        
        nslookup 3u6k9as4bj.adobestats.io ns-340.awsdns-42.com
        5⤵
        Unexpected DNS network traffic destination
        
        PID:1232
    - - C:\Windows\system32\findstr.exe
        
        findstr /r /c:"[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*"
        5⤵
        
        PID:4984
    - - C:\Windows\system32\findstr.exe
        
        findstr /i /v /c:"Address:"
        5⤵
        
        PID:1116
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" echo ,52.6.155.20,3.233.129.217,3.219.243.226,52.22.41.97,18.213.11.84,34.237.241.83,54.224.241.105,50.16.47.176,"
      4⤵
      PID:3264
  - - C:\Windows\system32\findstr.exe
      findstr /l /c:",18.245.162.94,"
      4⤵
      PID:672
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" echo ,52.6.155.20,3.233.129.217,3.219.243.226,52.22.41.97,18.213.11.84,34.237.241.83,54.224.241.105,50.16.47.176,18.245.162.94,"
      4⤵
      PID:664
  - - C:\Windows\system32\findstr.exe
      findstr /l /c:",18.245.162.79,"
      4⤵
      PID:2796
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" echo ,52.6.155.20,3.233.129.217,3.219.243.226,52.22.41.97,18.213.11.84,34.237.241.83,54.224.241.105,50.16.47.176,18.245.162.94,18.245.162.79,"
      4⤵
      PID:3748
  - - C:\Windows\system32\findstr.exe
      findstr /l /c:",18.245.162.90,"
      4⤵
      PID:1544
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" echo ,52.6.155.20,3.233.129.217,3.219.243.226,52.22.41.97,18.213.11.84,34.237.241.83,54.224.241.105,50.16.47.176,18.245.162.94,18.245.162.79,18.245.162.90,"
      4⤵
      PID:4552
  - - C:\Windows\system32\findstr.exe
      findstr /l /c:",18.245.162.16,"
      4⤵
      PID:4140
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c 2>nul nslookup 3u6k9as4bj.adobestats.io ns-1415.awsdns-48.org|findstr /r /c:"[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*"|findstr /i /v /c:"Address:"
      4⤵
      PID:1252
    - - C:\Windows\system32\nslookup.exe
        
        nslookup 3u6k9as4bj.adobestats.io ns-1415.awsdns-48.org
        5⤵
        Unexpected DNS network traffic destination
        
        PID:3192
    - - C:\Windows\system32\findstr.exe
        
        findstr /r /c:"[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*"
        5⤵
        
        PID:3076
    - - C:\Windows\system32\findstr.exe
        
        findstr /i /v /c:"Address:"
        5⤵
        
        PID:1620
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" echo ,52.6.155.20,3.233.129.217,3.219.243.226,52.22.41.97,18.213.11.84,34.237.241.83,54.224.241.105,50.16.47.176,18.245.162.94,18.245.162.79,18.245.162.90,18.245.162.16,"
      4⤵
      PID:4472
  - - C:\Windows\system32\findstr.exe
      findstr /l /c:",18.245.162.94,"
      4⤵
      PID:5108
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" echo ,52.6.155.20,3.233.129.217,3.219.243.226,52.22.41.97,18.213.11.84,34.237.241.83,54.224.241.105,50.16.47.176,18.245.162.94,18.245.162.79,18.245.162.90,18.245.162.16,"
      4⤵
      PID:4876
  - - C:\Windows\system32\findstr.exe
      findstr /l /c:",18.245.162.90,"
      4⤵
      PID:4732
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" echo ,52.6.155.20,3.233.129.217,3.219.243.226,52.22.41.97,18.213.11.84,34.237.241.83,54.224.241.105,50.16.47.176,18.245.162.94,18.245.162.79,18.245.162.90,18.245.162.16,"
      4⤵
      PID:2112
  - - C:\Windows\system32\findstr.exe
      findstr /l /c:",18.245.162.79,"
      4⤵
      PID:2056
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" echo ,52.6.155.20,3.233.129.217,3.219.243.226,52.22.41.97,18.213.11.84,34.237.241.83,54.224.241.105,50.16.47.176,18.245.162.94,18.245.162.79,18.245.162.90,18.245.162.16,"
      4⤵
      PID:1572
  - - C:\Windows\system32\findstr.exe
      findstr /l /c:",18.245.162.16,"
      4⤵
      PID:4256
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c 2>nul nslookup 3u6k9as4bj.adobestats.io ns-962.awsdns-56.net|findstr /r /c:"[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*"|findstr /i /v /c:"Address:"
      4⤵
      PID:3532
    - - C:\Windows\system32\nslookup.exe
        
        nslookup 3u6k9as4bj.adobestats.io ns-962.awsdns-56.net
        5⤵
        Unexpected DNS network traffic destination
        
        PID:2580
    - - C:\Windows\system32\findstr.exe
        
        findstr /r /c:"[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*"
        5⤵
        
        PID:1840
    - - C:\Windows\system32\findstr.exe
        
        findstr /i /v /c:"Address:"
        5⤵
        
        PID:3056
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" echo ,52.6.155.20,3.233.129.217,3.219.243.226,52.22.41.97,18.213.11.84,34.237.241.83,54.224.241.105,50.16.47.176,18.245.162.94,18.245.162.79,18.245.162.90,18.245.162.16,"
      4⤵
      PID:3744
  - - C:\Windows\system32\findstr.exe
      findstr /l /c:",18.245.162.90,"
      4⤵
      PID:4608
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" echo ,52.6.155.20,3.233.129.217,3.219.243.226,52.22.41.97,18.213.11.84,34.237.241.83,54.224.241.105,50.16.47.176,18.245.162.94,18.245.162.79,18.245.162.90,18.245.162.16,"
      4⤵
      PID:4176
  - - C:\Windows\system32\findstr.exe
      findstr /l /c:",18.245.162.16,"
      4⤵
      PID:3984
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" echo ,52.6.155.20,3.233.129.217,3.219.243.226,52.22.41.97,18.213.11.84,34.237.241.83,54.224.241.105,50.16.47.176,18.245.162.94,18.245.162.79,18.245.162.90,18.245.162.16,"
      4⤵
      PID:1380
  - - C:\Windows\system32\findstr.exe
      findstr /l /c:",18.245.162.94,"
      4⤵
      PID:4792
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" echo ,52.6.155.20,3.233.129.217,3.219.243.226,52.22.41.97,18.213.11.84,34.237.241.83,54.224.241.105,50.16.47.176,18.245.162.94,18.245.162.79,18.245.162.90,18.245.162.16,"
      4⤵
      PID:2572
  - - C:\Windows\system32\findstr.exe
      findstr /l /c:",18.245.162.79,"
      4⤵
      PID:4084
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c 2>nul nslookup 3u6k9as4bj.adobestats.io ns-1654.awsdns-14.co.uk|findstr /r /c:"[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*"|findstr /i /v /c:"Address:"
      4⤵
      PID:4820
    - - C:\Windows\system32\nslookup.exe
        
        nslookup 3u6k9as4bj.adobestats.io ns-1654.awsdns-14.co.uk
        5⤵
        Unexpected DNS network traffic destination
        
        PID:380
    - - C:\Windows\system32\findstr.exe
        
        findstr /r /c:"[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*"
        5⤵
        
        PID:1832
    - - C:\Windows\system32\findstr.exe
        
        findstr /i /v /c:"Address:"
        5⤵
        
        PID:3264
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" echo ,52.6.155.20,3.233.129.217,3.219.243.226,52.22.41.97,18.213.11.84,34.237.241.83,54.224.241.105,50.16.47.176,18.245.162.94,18.245.162.79,18.245.162.90,18.245.162.16,"
      4⤵
      PID:2796
  - - C:\Windows\system32\findstr.exe
      findstr /l /c:",18.245.162.90,"
      4⤵
      PID:3304
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" echo ,52.6.155.20,3.233.129.217,3.219.243.226,52.22.41.97,18.213.11.84,34.237.241.83,54.224.241.105,50.16.47.176,18.245.162.94,18.245.162.79,18.245.162.90,18.245.162.16,"
      4⤵
      PID:1988
  - - C:\Windows\system32\findstr.exe
      findstr /l /c:",18.245.162.16,"
      4⤵
      PID:1544
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" echo ,52.6.155.20,3.233.129.217,3.219.243.226,52.22.41.97,18.213.11.84,34.237.241.83,54.224.241.105,50.16.47.176,18.245.162.94,18.245.162.79,18.245.162.90,18.245.162.16,"
      4⤵
      PID:4140
  - - C:\Windows\system32\findstr.exe
      findstr /l /c:",18.245.162.94,"
      4⤵
      PID:2896
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" echo ,52.6.155.20,3.233.129.217,3.219.243.226,52.22.41.97,18.213.11.84,34.237.241.83,54.224.241.105,50.16.47.176,18.245.162.94,18.245.162.79,18.245.162.90,18.245.162.16,"
      4⤵
      PID:3076
  - - C:\Windows\system32\findstr.exe
      findstr /l /c:",18.245.162.79,"
      4⤵
      PID:3192
  - - C:\Windows\system32\netsh.exe
      netsh advfirewall firewall add rule name="Adobe Unlicensed Pop-up" dir=out action=block remoteip=52.6.155.20,3.233.129.217,3.219.243.226,52.22.41.97,18.213.11.84,34.237.241.83,54.224.241.105,50.16.47.176,18.245.162.94,18.245.162.79,18.245.162.90,18.245.162.16 enable=yes
      4⤵
      Modifies Windows Firewall
      Event Triggered Execution: Netsh Helper DLL
      PID:4884
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c IF DEFINED InstChk ( START "" "C:\Users\Admin\Desktop\Adobe 2024\packages\..\Set-up.exe" )
  2⤵
  PID:4708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Peripheral Device Discovery

T1120

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DA3B6E45325D5FFF28CF6BAD6065C907_EA01B8AC2C0BE6E5850A0487D704D929

Filesize
471B

MD5
d01889a8340c47928c727f6f5c314c74

SHA1
76560425778c748430d7d96e747e89faffc2b694

SHA256
7b28d4f1bc454f5214defd2f42d8ed7215d8eeef2e179e57f6e3fff8ef925810

SHA512
5730a5fbcffa615f38f44f40e6b87162a47cfbb3bf5a1bb3ac91aa08a8a26ee4dcb58ae668927118324aca364ce2e5513adfbdae49b95881d34e888a939e9dd7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DA3B6E45325D5FFF28CF6BAD6065C907_EA01B8AC2C0BE6E5850A0487D704D929

Filesize
408B

MD5
5507abcf175bb7bc28e9b6dcea0a3412

SHA1
9e1c556a1dd1e70aee8a2765f53b332950a44a6a

SHA256
c6ab4ccd443ce3df636b2b2011de950b995c12b1de89f25b6655082d482fc60e

SHA512
6b704806396ff13067ff69506cc69e6ca8b54f0503601b6c08b7e7e7a459576e923cf58705f104421c3a187b2c4ebebeed9c7579f5c970c3a5ca36935d951129

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
d2fb266b97caff2086bf0fa74eddb6b2

SHA1
2f0061ce9c51b5b4fbab76b37fc6a540be7f805d

SHA256
b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a

SHA512
c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
944B

MD5
6bd369f7c74a28194c991ed1404da30f

SHA1
0f8e3f8ab822c9374409fe399b6bfe5d68cbd643

SHA256
878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d

SHA512
8fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
0f9d49f90793ecac96ee40c36e7dbcc9

SHA1
cb37e61f569ed8e9f8c9d70b08dbe4430b1f2170

SHA256
4f8aafd88d1ec6c049bd465c730f1653ec2056de916fab95ff4e9672da1e7e17

SHA512
27995ffedbd239abdcb05cb84cf3a3cd889330f0e84cda55cdf675a644d382fc0b3e8c1d2470e783b142180ab940f8ccc626664185dabde54845137fc9412f1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
963dff5ab6bc93871b4ed8d29450721c

SHA1
de20ed41024bca95030c8227bffe3d42345dad91

SHA256
e99b04c749956800ea19257c11195177cdc9e19a10ed7a8f77186acafb5147c0

SHA512
d7494dd808ee40d78a28c587f3b81a1d1651176a21a8f1e5eb527db03508020bba037a3dab76fefdc620fc0ec34dff7f027581318e1770701dc13a58b6a5352b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
d0cc2dc5c58739212578fe8619b1aaab

SHA1
2fa7a8075f1c3727c3ea345e3544ab70232e9dd5

SHA256
14a5929a0ef0d10ff72cda46dc22e4a8102185a7413c67bf320391c5b48cfd1c

SHA512
95c49db3c94e93343de77686e482c3ff96c1be2997556cd60155d69c3672a072aaad0d6442cb83811e46f69ab9329ea950b32106f1f56781ec5cc64499f94b2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
4fa6bb592401c6b5ed3fde9776a659ff

SHA1
f68096292bee3adcd5d40162a360dd0e625e5779

SHA256
6480842fd5a775368e0440c1e1e893a67f521a8a4018dafddd7e6f7d476860a5

SHA512
c4fdfc73783dbc47d398b73924554afa9fc735a4aff94425c6929ffc27558976d630ed84238e4c29dacbcae79928aa77d231d0af4c6b4b737ad1ee181af8613e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
6672f0a4814fb27696bb6e7586672e10

SHA1
eebccf245047ae1c31c6045a1d269a296e0e53b3

SHA256
680bb710fe2a812cd5b249d55aa1dbbb0c47c85a58ffc7fb8f15895dbd5f0376

SHA512
877286a812c14b9eb667015bc4789c98a0cdf32bbd487a298d4ea2f98c87c0406f9898f4fd0e56804cfdbbb773d9e58121f29c9725a733520666c7f0a651dc88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
becedf581a6ef8289c42dea5968e9d02

SHA1
dc1032551e2c65f14f515e167ec3e7d68687d755

SHA256
571238f11de931c33c648182c44b193bd27fc99d857145d3b97691ec9bf5f92e

SHA512
95e912d597ba3ddbaa835e4678959f1d274c6b4af1de4cb90075177fc0e484d91e60d5677c547c7314c0198ac78e358c8ebf22a9f8c707c4db86f9b6fc906069

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9611ea38a0031a2476cdb581fda31c9c

SHA1
de238bb5df190cfe3a4abd562261852908537630

SHA256
050d60400ed30a126c17937be290f3de97dd0daf4f496f92c3b3ff71e8af2d63

SHA512
1a37f0289fce242837275417492e5aeb141943f290c87154b27e26caaaf5dc28ac309e168f42b725fa2889593d0a9728b15b9c77a6a5ac0ce419cdc2b66a0a42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fa5f495204aab38dd4fd8b0a8cbce87b

SHA1
890e035e5369918bd8412e232995c857de5453c5

SHA256
b291e3f8ce26b0b907db83204692cd849e556e17f950b16559502db4ab1d00e2

SHA512
1904b7e15da674a58bb1f92871b73aed89fe8fb6ebd606cf61002d28607968cb49c5c72562a3a1ef9f8ea9ee4409b01caa4622cc626885c36293110789eab2a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d9919d309a57076fabecc2ba2801394e

SHA1
53aa3815588d40bb843450ab8d80a727a00dcc34

SHA256
5624482daa8e82091154a87b131fb9e6e45de1b045d25d245f13aa03d10bf44e

SHA512
380a7eb25dfc509297572b77f569373ee02dce48ba9cc3ab62d334657c6cf5c252c7eb5c38c528f94f105cfc22a86d966966a2eaa1ccbfa777aa273dbc3d0781

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
10762fcc2e97f525d9ce95e3a3fbb860

SHA1
3e33dc3276b3b6a852801c2b1fbc34913be8622a

SHA256
4dcd4fc367eb08db50fcf48869d1166619846e6eb075c54dda93cb320de5cd3b

SHA512
e44e517c3c1fa908286db97bb1ca2d30c3678b2f34e5e055b09c974308a28483ee977624b2e30239fa0f9bf0799007092a6c90329841f6de57dca759b5160111

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
42d5a8c2bd41457c0a29abbb88baec82

SHA1
1694d8b807081e08b70163cd3653b7708b45e882

SHA256
ba499438ce2b2d07b1752cacfd422d4649ba0f587667ae8a9f6ba1f016486e46

SHA512
fa376ba14d311bf4e50bc8ee270d14f3d32b06ea2f81091e3988e0020d990e40e0713c2f5c4dfe7954eb5c0e396b0edf691231c3ec0c5be553e135290833c7c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
384ffe66b17957a95ff8e82eea13160d

SHA1
79beb782d4b902854e0d648b606129ee23778e55

SHA256
f498167ca2480ce514a3bab8a9b8e5c9620e09907cf13842cc1fc160dcdff862

SHA512
2830d044167cd197dbf4354278b2215904773b4bde4bb9c5ece7b85e873c16a44674ecca866446ca20f68d29e10d481029986c4ed9730d5c62c13ccc560665c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9106050ba537f8c72159f7ef43b0a7ba

SHA1
bf2c51c24fb147675f17fd196c048c410bcaf975

SHA256
41dbcefb45d548977350e4b289c9f3daf1fabf9b05132ecb3a6b6f6dca4bcdd3

SHA512
1b4cdf4e5f181ddce8124d8b7c38c0c8650172475aaed6e6284ff43f8fbd9cfb1edd590874c1ffd8cbec309fe1f77055c9cca77585505399e197ac401ae5f2b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
0cef801fa346c87993f1015d547ce7f1

SHA1
009dbc8af6cafba894bf0cf2dace4e50e991a65c

SHA256
cff4fd7f3442cf5280496afb8a166ead0f3f7937bdee504d410e465cdc494b86

SHA512
c00a0f5281d40cf5e142a1a0a719d03a0bd91ae5295fd5c99349b7ff85eb3ddc7a47956516fc8c7c27296c4f23af07bc159f6c7c653bb282d059a04c7feb2f86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ee3eb69215ac07e5f120d0e8a46ed8fb

SHA1
9fa1ab6a3435668a8b5fd5ad5c4542b10647c5d0

SHA256
ef17bc6fdd7ce40f3a5420eee843c81b533c6961fdfb94a4ad84b5ee3f965acf

SHA512
3bb903476afc2686a91b6d8537ad40325bf1aba4135312f90559e3f4e7611f47b69b2b7b11d501552c23b383d42f8f52cc914ae4f44d5fa06ea53d93b7e62c9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
029ce2d0d2bae25de7d3c2ef09579d8b

SHA1
b0bf70093311d406274a74975435920b5c615310

SHA256
6d96f08d9e0d953e41cf66328d7ba25f843295d34fa87d068704a1416023279e

SHA512
6c3ebd33a6fcd245b71f5168deb48ae54aa02f8b087f00b5b55d83697f98a51be78ab11d2bbc9c42750448a85e6467193e2d484507c6d0207fc453d62370fc49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
46e2e9dccc6fde7f49a361fca07bf8a7

SHA1
c65e7cd44600f0278fc7032b615734a2a2b7b838

SHA256
2926ea5475e9c6ec4f6b760cf159b6dee5485d7bbf030d95cb1c504e7a919b0e

SHA512
4aaac40ed272e8cef904843e6fc950a5b1a20b827654939184e42a58c12d8665133bac390d8f6a51c05674d26f8e727f44ff5a3428a56e5903fd4ab53fa4cbf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a0a8a78ab00284f79183f7f3e70bbbec

SHA1
c87d102946c42a972f27c2457907f7612e27411d

SHA256
577473e135202364d33ed538155cf6f3d346e3a0d3e19e9dcf7ff6e035982b2f

SHA512
1603aa3f86d271463d26d6c35243037bc532157816a03bf4d0b33e65ad569d5282d3dcfebc75ef440f3e149436a9b302a8376697811cbea09b4ca6f213fcfc36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e8c033e46a2401f3295f2ef6becc204e

SHA1
b28d3e87fca6f45ed1d4c8802aab2059f9273001

SHA256
2ea0eb56af85e632bcef1116c0a907216ae7da6f9a39ba329a4705726dd3d201

SHA512
f66fbebed3a7a7f9c1967a8e75ec63352daad0283d116fd297842a7e188f3045c9388c8718afc3df987d229a58d3be371f34ad1306d6850edbe73e10fdcaa489

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
05fb27e6a86cb03cf277384e950defff

SHA1
d1a3d43d0d3e16aad7dd7a14427b8ad4f1200301

SHA256
ee4ef83a4702eaff3cd27b7f48eb2064e8d9b9732491b3d53809b973bbb549ea

SHA512
f2bba26505ae23d8484c7c91f3cc0ebe6d95808215bf502acb4cd626cec2fe0258bd24a036a951906c283cf989d41ac02aaf30c885e6cb43c80c566151b2317c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
928071abccc0c4e50ab4e37261cbb3e9

SHA1
38f97f582ccf7a359a8a24eac94b2477ca28b388

SHA256
d2cd93e54bbb33c337f9cf5077714ff26efc6650d171ea688915c4ba21b87a68

SHA512
3ffae17f1a3fc904e544d8bb3eb7e5391b99c65a90f3d5b4e79b66947a3a326f7d64cfb0883b622f8c9b06efb4471ead7f7f59776985150dcc017684eec21456

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7e0d2ac5f35f8a55a94b0897377da4fb

SHA1
7d6573cb145a11fb9d13caf662e6939120f9ac0d

SHA256
becb388f29a06233c3b99638d40a02c28183dc3e1da5976d099904b638a819ce

SHA512
403a5ba6e1f9a63a98c486d7aa85b6a4175638cdbfd31a4a061f63aa30c36ba3ddf69022bb8f8f52dc9bce36e51efa552f66c0c5daccef6c12b0bf3af5d65b3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
940f6e03c0a16a6ffc93cae2a83af67e

SHA1
f66791595acab5d612f6e4a6cb0790b1388c907c

SHA256
9bb16809045a94447d6910f5f976ec39dfb61677c55bd67e9253a181cd090250

SHA512
737524b8d2458caeb9f9f4ab95ac9ca557738f25a0789cd4a5e0a16ada4a8b17783d63d818c58ef227b0644cb0dffb11f2c009be9f77f127771a61f05cfc8a0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
22e3650072a22010a9f5d648af8657a1

SHA1
d64cf57f6f52ee1ed0b81099e2c337db752768c9

SHA256
114c21882fc64598a28839775666121d3d11e2ce38e2ec8e57bae716f04b4af4

SHA512
92a57133a88e9080064754eb5b94f5f6f4409c3a2a8b2541b90475f65966dff01fb879721413bf4d43cbdae91ae325b2b76544502dec6d53898349a2d09d8465

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
22907593b27ecd90e36dffd3088d59f0

SHA1
7abe7babc96d8316c78f608d201b33da629c020b

SHA256
ad090f7615d9b18d8b4fe93614a321bd125405e890f51d791934b50451742e09

SHA512
aa5bbd0010b0edf4d8de3666bdf03d8e4e397532abd31ce341dbc749b47076470fcb90ca7d898b01f86a4448501aad9264ad0d4629827c3a44f3318908b6c1f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6e2bebaf1d7f256ee0e4f8d9737ce346

SHA1
5225d8fd452e10f646eefb994c828171a408f07d

SHA256
0bbb134f7a508f7834e3c3364ca0b9517571152f0725e5bffe3eb3c55bffd7ac

SHA512
e481d0031343bbae5a3fd6ffd8cd65bb88759609e9f96869a618f48addf2a55a652a16d07a8bc9fffada2e4c6405cad0cc09c22b73606f3dd653aa90f22e79b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f59dc7d06ccfe4427691ac60a0fc88de

SHA1
36ff4813c047b57478e0f9ca90bcdcef46b6afa7

SHA256
58e9a4ba5d1d08cba757a915576dad598a131f4c0ccbfce6dea3383912a54bb6

SHA512
b702a8c0b98800799cd9b6324082a62a9bfe8dccef15ee042285c33405e7748777fcaf0305d89a472562a5639e78b6d017ba07da8c54b4b3ec3a2c98baa13003

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c98d49e287dcc3735c15c91cc9714d9a

SHA1
5a77f011d7f916746750f2206f1c5908c711aac0

SHA256
33f888c4d5091012d09b55adc7016cf11a18f71b93b949a90e4b9c5fc6ee2a57

SHA512
4a53959e5d5163a039d8f613324122d70b7358459a081668608f650973af56cd838a9dcbd94945810ea22c2b00baa9ff77c82f440f1d726be40ff4ad806aa905

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
45d911a1c75453d301900a25e09edb2b

SHA1
0eb2316c55303a62df18d51c87d1f18f9f390815

SHA256
ab7ca0ef92deb1d2ffb760e18b31de6fe2caae0edb53461de45eef601a03e1f2

SHA512
57c36ed2ab1dc176fe903915f44d24d4efaf9f27fba06203aae6bb7d4ba0575e68ac751a1bacc976d603a86a1f18f274de3717b27cc79160de856780538c7897

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fca7709745d971b5745f95993edefd4f

SHA1
90cd51bd52832e2e6f8bd423db4fb011254a6f35

SHA256
505301484d8c33da49aeb56b54b2e33cb9c0b5c798b4a7300af41d876814f9b9

SHA512
8545c905533faa6cb496a1c5df3e89099c19c8dff1311b9fe78b1caed29d9d45eb013398c2a2e685ede1557088024c9bd254e65400f255104d1f557421184e2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ca790e528db8a930a5f98b695bdf427a

SHA1
0f88c0f8e67bb82888264b2c8e73cc8da8d1650f

SHA256
8ad04283942eece3fb15a8bdc48835969dba68d3a1538ccfe14561932250b8d2

SHA512
b36b055ee833f2dce75d8c3b33cdb242e0c543ebc07a808c7421af6d2f54decf97c0fd47de03facf11d90822bc50f7f0df012b52feb7bc41c2260234e8c29179

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0f305c6009bd6c81fe8a8d779cada0be

SHA1
0e45421932c96d0be87d6a14a29496079b4b4748

SHA256
0425200334766ad197076a328521b97c66c10f4d514b455a2d02ac52091cb4fe

SHA512
e7723733104f9eb67e47b63dee2a32d33f5532be4ef419ce535ab1f580e255bfe423a847e7e3c34253c7988c56b0482968636521ec06c89d1d52f0bfaf9b02b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a9e8e0ee722bf64edbbed290b9b4cdfb

SHA1
5774ed6b53fdf9b2f2b78291434c6f08145d9236

SHA256
89876ed34438e8e472eb6e342dab92cd857b76fb6f9495662d0d68e69d4c3c9e

SHA512
4fc042832824e326264ee016099735021bbc94201af8db723a2006beaf38f7d8353bdcc203cd1f193c3e59472a59d5574349e511bc7fd58f015410996f85d68d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
123KB

MD5
ed7fa20d9efb46639c54569683a22325

SHA1
1309c3350a73bf246b4f5377628a30895db8d243

SHA256
c7a303d3d3843c2d190accd5679d224cebcb27f89297aaec4d2e51b00302cc53

SHA512
f51e3902c373523d14215bac210ad7f921a3b323cbf690701bf34ff274023844563f52ded1c45ae1d28021ef931994cdac216e978b4930da576e52efcbf3b056

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
123KB

MD5
f9350d08b573efbf77ab311482d597f6

SHA1
43ff06660b83133ace2aa1a33b825ad30d94c6da

SHA256
669c77befc2483c22a2875899c2215fc9e8115a1a91b139c8e35ebb148c12cf2

SHA512
30cfa31fdafd259ea2430028bfc99579b42a3d743298c58d2370a9d1ab3e8e69fe2d38cbe2ab20af669c76198fb4531ff793b922b860833fe189501dfd32c451

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
123KB

MD5
9659cc4f8db9f1c153c62140cefe9d8d

SHA1
cf551f297e61b187e2e155f27d5d4dba20d6039e

SHA256
0f087bd0eea2eb72d18ed434e93caad003b1ff68cddfa4d5d109e7c9aaa0cdb4

SHA512
03b076008c8ade9b2e85faf448263be1279f5acfae65f17fb10cd5bbc1320b9d673bbc2ac204ce0677c7c8f5fc0b612091e9ffee3fc6f464d6467159fe221a7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE488254FB\Adobe 2024\packages\ACC64\Apps\Apps.pima

Filesize
190B

MD5
bfa2825492d0d648a227b6d8a0662e83

SHA1
0c3f1c5fba466792398104812e944a6cd3a9b78d

SHA256
95514c3e12a559ee471e63b22b1b00aff1afe2e0fc60415d022be23df676bc1d

SHA512
68159d2ebc5b4416e448f0fc6960703e826bd01137d18a7a4616619a2090a903ccad1059e29941b08d9c2c881dbb9051ef2d91fa58472dfae1c28ab6da4a62f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Adobe Temp\BlockIPs.cmd

Filesize
1KB

MD5
5bf86b36831f185cbdee9e11df180b13

SHA1
d75d431c3ab21493b987b709e9fe08e280ee7beb

SHA256
2149cd60b38b5179fa7ca29a52dca133e32b1361896e2eee9c06516bceefff25

SHA512
d7dd87cd8f378e28507d68a0e57eac9bc43362da0df8c43e65c10872757facdad1c1fc006b20ceaa9e0ddaae0ca2a6478bff82f80cc9a9cbbe3f809831b57e6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\CreativeCloud\ACC\AdobeDownload\HDInstaller.log

Filesize
5KB

MD5
9edc2ddb2f4a06b4265c85c1b94e91b2

SHA1
c36ad6043692a01daad48fc4a1f40411169154b3

SHA256
45278581bcecad4f0359c0ccb24905a6ba70ef87bacf749f1e93d2711722b634

SHA512
be8eb3e5d62b3b81833b63875e33010dc9d12fb22fa45f530c4d429438512148b14bdc3de11789eaf087c5a3327ca6fc1cc919c52c3ca044e60a05f80c0fcbb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\CreativeCloud\ACC\AdobeDownload\HDInstaller.log

Filesize
9KB

MD5
2656228892efbf9ef2d5e30d87ff9b6e

SHA1
7a65eb40f9825bf82973178021d01944fb9b7215

SHA256
65f54c8d7315bc74b5520e9e3382440cbe0307ba388f42200e6e99dcb077b363

SHA512
e6ba930b0e4700aeae87b1f6c0e2da845a9e13ad9e02b3e4875f036e243fb07a9bc6724dc4d3dfe407184306ef3d12a2731b860811b2253cde20b5776e70f661

Download Submit
C:\Users\Admin\AppData\Local\Temp\NGLClient_HDESD15.3.0.468.log

Filesize
1KB

MD5
978c25c9f0198fa5d2ba50c709de3a98

SHA1
d7c0c11e34f8d09051091b78c3e881b044135ca5

SHA256
f908f77837dbeea823a050e3c9f51f85734def649dbc9c43fae23b4f0b7218d5

SHA512
b40a923d514e9e8da0b8de9a0de734d3d9c6cfc76c5f18c26b47a19f563f06cfb5752ad78ab4edc52053e6d10862a9b1af709bc297cff6c906fe5e15b97bbdff

Download Submit
C:\Users\Admin\AppData\Local\Temp\NGLClient_HDESD15.3.0.468.log

Filesize
1KB

MD5
b8409a88680f495ee5ab6c821c7bee43

SHA1
3be6a956d5d150716626080336097b5326d05bbc

SHA256
a16b06152bcbf79206b66b0680e32df62fd3431497589591d436ea2b32e4a530

SHA512
ec5a1e2e87865f82f529ff34ea7525c70c4ca062067a1add7cb82785790b73660a9761d154fafdde4c5ea2fdd8360c91a2bff67f780dbd3bd5b93dd53befc5d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\dat67E9.tmp

Filesize
140KB

MD5
d070306a9062178afdfa98fcc06d2525

SHA1
ba299b83eb0a3499820fddcf305af0ddbda3e5d0

SHA256
8f5ccdfd3da9185d4ad262ec386ebb64b3eb6c0521ec5bd1662cec04e1e0f895

SHA512
7c69e576b01642ecd7dd5fe9531f90608fa9ade9d98a364bcc81ccd0da4daef55fd0babc6cb35bff2963274d09ef0cd2f9bce8839040776577b4e6a86eb5add5

Download Submit
C:\Users\Admin\AppData\Local\Temp\dat67EA.tmp

Filesize
140KB

MD5
e204643042591aeec2043c5eae255099

SHA1
ba5f2f94740400f540befc89f1c4d022a26faa84

SHA256
7f58f56a7a353f8fc78ec2757394a7c7f28165e6bbf2a37d6a6e48e845874f3e

SHA512
7196c5b8e88100a08eb296be7570df4d045268ad6bab1c45ebaa9063aa9b46b8896886e24a9f861e322b167dd95e18d5a18abb76f1bb01c8bc85c36bead855ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\dat680A.tmp

Filesize
139KB

MD5
dfce51814cf6d2f42375f948602cd99d

SHA1
766e162ff305343010b67fbaa28b36af277c5b34

SHA256
7a8a945586a1d21d2922cb4aed9e28d872129f6c396ac69f47ef3e32ea972ba0

SHA512
2c9489c18719ad29928e86a9e631e080b024c882a77a582f40f4f86f625de9b08ad3c09710d5ee32b5cae5284fd960f412f05290bdb3b4709f097b269b99ce21

Download Submit
C:\Users\Admin\AppData\Local\Temp\dat680B.tmp

Filesize
103KB

MD5
fa794ec12d353c26805ff53821331fc2

SHA1
cbc6658badeda2ad9b0d2e03a0a35ff7fbba542a

SHA256
cfdbd8a2aa463c11e483dc10c480acd274e9786632f5571a3970e8a20a2d8237

SHA512
1161afdbf6fc9b74421031fe6e139587f291ffaec03cae4aa76c1a86e10a69c7b1602ecbfbf60287ce8ed926377ad159992cde605ba98e75b212e971b7e14f18

Download Submit
C:\Users\Admin\AppData\Local\Temp\{72E2B033-6F9C-4ED8-8409-274C8C4DC153}\clean.css

Filesize
702KB

MD5
4f3364af3e396f92a8826532bfb1a7e5

SHA1
7f7b613435ece78a358f2066287c2f2c3c6aa168

SHA256
45b9b77499356527e9047256db96a542a720bf075d67e9f6ba55d51fd562339e

SHA512
c022a28656483106095967ec4d57eb743d04f029406c2c553c9d19c103520e274c0eea19f411bdb7ae16f388211c456a413df5a0a6097036deb0010573d49c72

Download Submit
C:\Users\Admin\AppData\Local\Temp\{72E2B033-6F9C-4ED8-8409-274C8C4DC153}\common.css

Filesize
2KB

MD5
1265d497504870d225452b3309b0e06b

SHA1
29a3b783e6f2f2cd3f6d08833b83c7848f8e3450

SHA256
4273a5d4ef990dead6cabe760c27b25f7fcf8a51177f1b31813ad8866a565330

SHA512
9aa8b24e800a619651699c193a7747b8673a3cd4f8a5d3b16ee35f5ef6161f953a904631b97d118339332a3d2c7292c910802f6e1518db18d48fab5e9eb91681

Download Submit
C:\Users\Admin\AppData\Local\Temp\{72E2B033-6F9C-4ED8-8409-274C8C4DC153}\common.js

Filesize
2KB

MD5
d98f70ffd105672292755a37f173c2ec

SHA1
c0154add295ac052f234a0282a62b704cdd01998

SHA256
257a42f797f140667c81930001e73943bfc243d50bcc775f75d0334a2d2cf2c3

SHA512
1909cc7e4da0949a469852240be2205209968b18b99f7d967bc0231de33d03c7cbaa9578972e30e95e6d7017aebf9cd70a55ba22cdc9d5774d2a237d3eb0971b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{72E2B033-6F9C-4ED8-8409-274C8C4DC153}\lib\jquery.custom-scrollbar.min.js

Filesize
14KB

MD5
ab3adf4aff09a1c562a29db05795c8ab

SHA1
f6c3f470aea0678945cb889f518a0e9a5ce44342

SHA256
d05e193674c6fc31de0503cbc0b152600f22689ad7ad72adb35fcc7c25d4b01b

SHA512
44dfc748d0bd84f123f9d3f62d5ea137d9128d5bdbe45da9a8666d09039eb179acf0dbb3030e09896fd61e7aa5ae6dfaffe9258d80949a64d0a7e45037791fb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\{72E2B033-6F9C-4ED8-8409-274C8C4DC153}\lib\jquery.placeholder.min.js

Filesize
3KB

MD5
e13f16e89fff39422bbb2cb08a015d30

SHA1
e7cacaf84f53997dd096afd1c5f350fd3e7c6ce9

SHA256
24320add10244d1834052c7e75b853aa2d164601c9d09220a9f9ac1f0ae44afe

SHA512
aad811f03f59f799da4b8fc4f859b51c39f132b7ddbffadabe4ec2373bd340617d6fe98761d1fb86d77606791663b387d98a60fba9cee5d99c34f683bcb8d1f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\{72E2B033-6F9C-4ED8-8409-274C8C4DC153}\main.css

Filesize
16KB

MD5
ee23e36c90c9fccd530504285d371ac3

SHA1
7a4e24d18ec723d38cd922e3845ff290f0299e15

SHA256
32616e0764c80efb4607a0dccfec7cf7862886c4ae80e6405dc3cc5c62cd0f82

SHA512
542937075a96f6afb8170c6f41915efeec5e067803606c2a26d29e6c990d93a255ad8cea18600cd0825a0c91ff935d057870a1724062543a8e2bc09c4041b375

Download Submit
C:\Users\Admin\AppData\Local\Temp\{72E2B033-6F9C-4ED8-8409-274C8C4DC153}\main.html

Filesize
8KB

MD5
f4b7942d6563727bd614f10da0f38445

SHA1
84f22240f7a5ed1c23b09e8677ac2ac3cd4e26f9

SHA256
e4bedde22ed405d291c746440a824d5f8527fb232e7a6be2ed9a76465d82f8dc

SHA512
f79b24ac78863a4ed87d41f37b2a5bc27017ebc5317f0a305d676090a16aee8a61384b476e7e9a68a024aa8da4784c1bd4f118766caf4450ec97af430e7074af

Download Submit
C:\Users\Admin\AppData\Local\Temp\{72E2B033-6F9C-4ED8-8409-274C8C4DC153}\main.js

Filesize
58KB

MD5
a8f9eb478c7512c98ca1ad46dbcc298a

SHA1
454226dc42b911caafc9a1e56d8ad0000bbb7643

SHA256
1df6cbdc80c1df47d93d6e7516a2d7017362413a6b9d93634e143856695c3645

SHA512
ae3198cc6ae739f3009359988f5c090664e5fe8422ad1cf739fe316e66f344c10385d1f841c7b0e3ca9f7997c79d95fa0559386b6dec10641ceb8c290b14f5b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\{F62A9A8C-27E1-4D5D-AED7-7E9050D0B7DB}\Dictionary\en_US.json

Filesize
72KB

MD5
c693e1bd4feda683ae5c71f2bd6b9de8

SHA1
2f3c32dbb95623c52ebf3b608074afdfbcbf050a

SHA256
5dffe13d4c72f59dbc6f8efb439350518acd4e8e07efa124973cfd1a625f60d4

SHA512
a48c520b1432f208f7494759d316cf2411163373ef7ba5bb2b2121b4520beb2932d4ea612e9d2dc8997b6221fa2d44c9312928c79394a5d8c577fa39aa5007d6

Download Submit
C:\Users\Admin\Desktop\Adobe 2024\Set-up.exe

Filesize
7.3MB

MD5
46a2a1c109c11cf35a878c939373824c

SHA1
d99c137c0c75d90c898964f51d567a1b8a01b1db

SHA256
603c4e18b36c46325121c35128da7ba0a94b673ff30437f9b33a69e9ce5110e7

SHA512
be477cd922f129cd51cf029fee9905d01aa251c8e699244751f29609e32cb375a1580bb53e39a6c245198a37ac3af40c0cda32134a252acf4c79e1cfd6b9d65c

Download Submit
C:\Users\Admin\Desktop\Adobe 2024\packages\setup.exe

Filesize
1006KB

MD5
41f9f25fc494b5f7fd2d9b05741a52c6

SHA1
737bc4736b76690f388768ce137171e42dc7a1af

SHA256
e53db0398967e9642400c3c0c3ce05acff9a725a523598014271e54072b46832

SHA512
7d2ebd2dd7ff9b25a17caf0b1b4a32b74df0faa0b1ab359ca05bb27deee333280cf027326838882b3a4491e1857a8ae567b9cfaf582a2757dc789ed16a21c1ca

Download Submit
C:\Users\Admin\Desktop\Adobe 2024\products\LTRM\Application.json

Filesize
26KB

MD5
16890a0309b2c998df6490388c59f234

SHA1
17f524e108579a50c9d27f7fd4298e25ba4d9685

SHA256
4f22cf44db57a0c6d4f806309c283d28524b73f1bd1b6d3ce6d286f3db07074c

SHA512
c0ce195a0c7443c436189d6a9e8d39d495345e88decc5932da0bda2f9cc5990b79ca47d4b1f1892d437553a9b6405e03236ee0afe9aae4cc9036ea36e5ef0926

Download Submit
C:\Users\Admin\Desktop\Adobe 2024\products\driver.xml

Filesize
235B

MD5
3a7cce05dddcb240f36fed86984e679d

SHA1
e625c513059e7b9ea0a3f84961842342170ef1ea

SHA256
ee19824c396c2164e42515b12039357009e30315bf7922a1aadd8e9aabcde637

SHA512
229610413c56c2a4989bd1626081ba1f53380edb4e3fcfd82c31efccdbd42c57b93a1027fcf80be234dc8ad73c504bc3017dd24c395bc70a33c83a9ce7378f97

Download Submit
C:\Users\Admin\Desktop\Adobe 2024\resources\carousel\Dictionary\cs_cz\locale.json

Filesize
405B

MD5
0e66bd0983b2c3516613cc751d69971b

SHA1
551c857dad708f8e0ddc6b618de7966c254abe0e

SHA256
7d3aecdf9b1ea5128ef87a1e6e74dc3e283fb28dd6af8113b4e99040b15747d4

SHA512
44779ee6d29d2747774726b2c3f76a41e6775548d57705f16d59ad3a4ca1be44fb6cd12d1ef0f6f8f228911fc317f6451c403d04f6f1fefb097c8763d5801087

Download Submit
C:\Users\Admin\Desktop\Adobe 2024\resources\carousel\Dictionary\de_de\locale.json

Filesize
386B

MD5
d3f198446f78d6e17d85882563ea6b36

SHA1
3bc7c9cc9182935e4ea000ff951ce9493b99fd70

SHA256
e683843b5ecbe6bafd03c26c3762e9e4fe37cb5dc1d9a7188c9158553f3ccdca

SHA512
d3516f25c4f62a5f0787a173f73e001a149e9fbead9ca85964b94f1786635b246ddf182cbf6a46607938c24928939f41c1812db6b9260a81b70cc20b8722d046

Download Submit
C:\Users\Admin\Desktop\Adobe 2024\resources\carousel\Dictionary\en_US\locale.json

Filesize
353B

MD5
031aa6225b953a69e223fc71566058b7

SHA1
45a89a91cc432bdb698be076c8cc1db027b3d50c

SHA256
b754524e0f798d8db77bc777a0fed09978fd3fc9d4494f227b7fe07185efd9ce

SHA512
e61497f74508016c8ad755701c907d2d5e053f6e2d7b1228feb0b9276b8ad202975d81ab2806d5c3593adf6ca1bd320d6bbd6a59e565ed300060e851867b52d3

Download Submit
C:\Users\Admin\Desktop\Adobe 2024\resources\carousel\Dictionary\es_es\locale.json

Filesize
390B

MD5
592ebf7fadf7792f05ddae25d75a9d59

SHA1
2853af5a44ee3163261bb471cb7a33f0a0bb2ed6

SHA256
1f10dc92034244bbe5435c8d0029773025b929a36f3d30a4a5a3a4526d8a874e

SHA512
59ebddad4576a121b43181547cf0f806e7fc1192428e782233f3e20c4b75e0e7a2febfa809efe7f9296eed38ccc63f9d4f6850c8cdbaabf06ae99d80c93f2f9b

Download Submit
C:\Users\Admin\Desktop\Adobe 2024\resources\carousel\Dictionary\fr_fr\locale.json

Filesize
383B

MD5
47c7066b8c2d86ae7047ba355e57230a

SHA1
5702d5eae9b69896db0e2c9ebe8d6f7b83abc6c1

SHA256
e9c432fa590566d463502adcd51a129f789ebc01c59f6409c5734a0109f05156

SHA512
58a0da179b19c507f1ffe8fe4ca1312f2f0c8799c8f4f53a279b1bdfde311105c76bac187ea179598dc7d13fd32fd002fe0f06f5aa1b1a67cf147e7a02dd9f9f

Download Submit
C:\Users\Admin\Desktop\Adobe 2024\resources\carousel\Dictionary\it_it\locale.json

Filesize
495B

MD5
78d8a38ab29f2c70fc0552038763561c

SHA1
51ef11689a9e8fd6cf629e2c0238e12d59341e72

SHA256
2c5ffe288391affe2accc1988900d02c3517b652881fba852994d459434239ac

SHA512
969cabda8324cdf3a9cbe0b0b8fdd2a611ef3b813c012a749a89d792c9a9c6ef3ee513c53b76065efd6d1e93ddfa5c31510bf3e25be2fcb86592988cb4abe591

Download Submit
C:\Users\Admin\Desktop\Adobe 2024\resources\carousel\Dictionary\ja_jp\locale.json

Filesize
435B

MD5
8eefa1bb3912183d9e3438f91c098841

SHA1
d06c23d25afc8672eace3d214798c5122b664ca7

SHA256
919cba4b8a59f6b69ce16011e50f3bafc76efe58b21032501626cac364d48e9d

SHA512
5027e49717b19842438388b57232b8739e8a1cf15642bf9806e7eb5a749ed9c7a102d2c876cc8d9cf2113558509965cd638b128519071ff6cb06e1b4d5ac7af7

Download Submit
C:\Users\Admin\Desktop\Adobe 2024\resources\carousel\Dictionary\ko_kr\locale.json

Filesize
406B

MD5
3a504ea81ba343fab1ebe2a10efaa1a2

SHA1
eddd814cf6ba568a80553a5516bd588b18ce5a52

SHA256
9b4e351eb416e95f6843224227857c528dce2d7a8bd64876204879138208951e

SHA512
57a52b016801fef387c8d33b483dce4d5bd518bd9989ffaf775df4b4dd1bc83e614bf3ace69f779c5047b0bde6b7b4db861530700523acf25110d8846b7e13e4

Download Submit
C:\Users\Admin\Desktop\Adobe 2024\resources\carousel\Dictionary\nl_nl\locale.json

Filesize
386B

MD5
c4d0d42780213ddf399e83c60e8f25ca

SHA1
55c4589f3d9a514dee78fd47e7c3696b3df60c79

SHA256
416b4f94812ac0b6bbeb1a5e4f06e587f4ecad75b8efa02072eb7ae92b622b34

SHA512
74edb2fdbdb07a4fef43f3b61bf08188f4ba24cabd75c50c2e53210ea38e345ac7211dab5e761dccb6e0aadfe901b81cf27ec851b640474ab9979996c8841398

Download Submit
C:\Users\Admin\Desktop\Adobe 2024\resources\carousel\Dictionary\pl_pl\locale.json

Filesize
415B

MD5
440e7340c381b936d04d8206e966d44b

SHA1
3f5743e2392c734a546f7b9f75b616ae4a121f40

SHA256
7aa4d5a764e0f0a9649a5faa24f14206d0ae44f3e386ed002df2e6f5d359f0a3

SHA512
3adac1c7c6dffd76f6196414919b051cb9152ea073df1313aaff549b7d8d77b73683a83ce03fd87af6a10a6c9223a07c05130d8e96b9d998dc0104fdadee5b80

Download Submit
C:\Users\Admin\Desktop\Adobe 2024\resources\carousel\Dictionary\ru_ru\locale.json

Filesize
626B

MD5
3f1235f9c362e368fe52fd708da455b5

SHA1
88bb2da22e940527b61ceceb4d78c992af78126f

SHA256
454f7fe589e1e08f2cf112eddaa839b60951698a84ba87e7767d4dbbcb3a038b

SHA512
d1dce3df39db2db386545f71a5a67b0725906878983944bc97ddb3c95f706cdc71a7a04d717a28428a7e682adcaf40f2f94561c681f4790989876f5c1bdb2bc5

Download Submit
C:\Users\Admin\Desktop\Adobe 2024\resources\carousel\Dictionary\sv_se\locale.json

Filesize
378B

MD5
690dbabeee5810ae5b68027eeb148f1a

SHA1
f1624c92497acdfbc53ffb5a891c545b293d01c7

SHA256
270157002492ad80fff2d47f9cdc0257b72bafed053556ddd5b14c910c6a9a8e

SHA512
01f685608ffe85b4beb4bdf20b701944f7b83ab0fbb90b39f379053285e058610fa9f4c6671f4055586674a9a3a849a2784ddede476e4677be9667f3faad8b14

Download Submit
C:\Users\Admin\Desktop\Adobe 2024\resources\carousel\Dictionary\zh_cn\locale.json

Filesize
360B

MD5
9fcab8f3d4f4840c927531f5975109c9

SHA1
d433d4dfc1fdac136057f8fd551db01727a749bb

SHA256
b103e04a7ddbeefb389641dd93fafee6119f3316f4133702bb3af38bae92fb4f

SHA512
05a947de06e5594ff031fa4b9aeea39725db4648308ebe7bf12d4db875abadfa4f3982b77c5435de9d498da905ae8c8c69b96bc1dda954288b7f9d7a66701496

Download Submit
C:\Users\Admin\Desktop\Adobe 2024\resources\carousel\Dictionary\zh_tw\locale.json

Filesize
361B

MD5
bebb9ba86d130666f1dcaf88abac5d9a

SHA1
e07ea165fdfcaa1b073f77f891c248b1669235cb

SHA256
efc69bc38f34fccaaa7fa985dfbd75c0196da23971fba3df349cb8953657e7b0

SHA512
aedd79f53b6f2a923714965320db4e648f8560b6a6d3e53d39b36d16a55d1f9f19bc898b9aad4efe441392dc424936d0b7e04d0a15f1423dd5dec81a7a55d90a

Download Submit
C:\Users\Admin\Desktop\Adobe 2024\resources\carousel\carousel.js

Filesize
2KB

MD5
7057230be26daa442c50dcd741b52651

SHA1
6efaa1da034b8168668fdd687f59686976151c08

SHA256
9ad3b97180465322d3ba05f9714fa9f20128a89050a4e02ca3a90b5dea761043

SHA512
03a3df382d0a0c512a30bff830dd154eed44ba1f2cc22a001358073207a7cd91efa49aa87b95cd3e7e4ff1cdbee0f096cfed82f8ac129e39c4063f34beee8d1b

Download Submit
C:\Users\Admin\Desktop\Adobe 2024\resources\carousel\css\fonts\adobeclean\adobeclean-regular-webfont.woff

Filesize
30KB

MD5
6af297e58edc414ee90c76c2d3ea8678

SHA1
7497d181cd6fe3a4b01a4f8b6ba6a47d3fa54333

SHA256
3e8f59db6dfae287af8dccc0fdf5e15a8aa2a954c2c232bc6c64536e1a27eaa5

SHA512
61e14f8e605c4d2b52c9a874f40e73fde43625bc468ba3c7316e7672cffd05b7c1766c875fc1b48218bd2b6856226645ee9bcb45810eb7121c5dbd0c184b7d0a

Download Submit
C:\Users\Admin\Desktop\Adobe 2024\resources\carousel\css\styles.css

Filesize
189B

MD5
3a0ec2d2c5020a3cf45c13a87434b285

SHA1
12275d4d51de801ce28c88a0c246de22c6d08120

SHA256
406288e48ced388744e5165a1ec4266f419cc409e4a70036e4b15a93af5c42ab

SHA512
a7c6d55f64d91e5d71661e040f4d06d2c873e0b2d2a3b2e52ff60d230a7c7c0924cd0ddc4dc124d53736c934023a27d6ed77c1266732f0b5de5dc75b02715c8b

Download Submit
C:\Users\Admin\Desktop\Adobe 2024\resources\carousel\images\01_creativity_for_all_445x239.mp4

Filesize
963KB

MD5
6538f09fdddedc522290e8cf470e1499

SHA1
a3e642419bd22bab0179c20874ef635c037fa1eb

SHA256
77ccbce8f436442013eb0e700f296bfd32c5ef9e98361b758a571953aa330c85

SHA512
4fc83c14fab02b89d5b09c1679bab5fe4867258a8b5597a3127214abb334c9028331d5d80e1be4676c04e913917a74e60e2bcca4acf13b92f69e0dd23873734b

Download Submit
C:\Users\Admin\Desktop\Adobe 2024\resources\carousel\index.html

Filesize
2KB

MD5
4ae648f880552834e7b1eb9cd143c974

SHA1
41b24162122c6f4a284e7fd48d95b3a600edb638

SHA256
3272e9022f5f25c56d7a54df2f03aafcb1cc8519e9db41af7d8d3a3c63e88cc2

SHA512
9ed106d6a490c195c708700a48bbf447ee46f496e6e53ab5ece90d5bc1cb18638b53ceea289a1b5b482f0c8bb7fbaa735f6eee7d8bcdec75c8c4f09464b1de3b

Download Submit
C:\Users\Admin\Desktop\Adobe 2024\resources\carousel\lib\jquery.min.js

Filesize
91KB

MD5
e1288116312e4728f98923c79b034b67

SHA1
8b6babff47b8a9793f37036fd1b1a3ad41d38423

SHA256
ba6eda7945ab8d7e57b34cc5a3dd292fa2e4c60a5ced79236ecf1a9e0f0c2d32

SHA512
bf28a9a446e50639a9592d7651f89511fc4e583e213f20a0dff3a44e1a7d73ceefdb6597db121c7742bde92410a27d83d92e2e86466858a19803e72a168e5656

Download Submit
C:\Users\Admin\Desktop\Adobe 2024\resources\config.xml

Filesize
269B

MD5
fc6656e65cbdbc92cc24b60eec7a3d72

SHA1
db7e3089c668bbbbad152acb66e9cf488708d70a

SHA256
2f917740b60e016b74a1388f71bccc5437d65b3a7feb3f89868a827ea04ab530

SHA512
ed7931a25b58fa3118770e3b585760275c0f07b9191396fc5ce5aba7366f0a4f47f84fc687393b600d2837969f8c77194b37cf6ab6c2691461c689a5b1e0e87c

Download Submit
C:\Users\Admin\Desktop\Adobe 2024\resources\content\images\appIcon.png

Filesize
2KB

MD5
eb2e3fad972c2a813249d62efa9c5e4d

SHA1
c8157f01a4971078942208647633f3c42bfb9945

SHA256
5ded5d398014ad787845f8a82697e1a4b645df58f10658e4f6e2140f3d6e9003

SHA512
c3659577f3af9b8d29189c27e475d3e56a1e0279159c572f6557e23f97d6a09c338f4cd3df871979a5ce73828ae1f4e37b60c7cd1ae23aa72025c3816538066b

Download Submit
C:\Users\Admin\Desktop\Adobe 2024\resources\content\images\appIcon2x.png

Filesize
5KB

MD5
1ac8880ba8b88b522867b307ef82af4b

SHA1
20f6cad40533139611058f985d9a388e2e1ab08f

SHA256
03198342c1e9273a8ba7e9e603990316e5401b8c0793e4b96e6e642bc588329e

SHA512
9f24b2ca43e7a45d43495c7e87026415c6ee175c7f013a058070173343be913c9c67b7d3c7b925d81f47c484a73348e81862244bd7a3e3c4912a71584e3be7ae

Download Submit
memory/640-210-0x0000000020590000-0x0000000020AB8000-memory.dmp

Filesize
5.2MB

Download
memory/1644-679-0x000002161B0C0000-0x000002161B0C1000-memory.dmp

Filesize
4KB

Download
memory/1644-689-0x000002161B0C0000-0x000002161B0C1000-memory.dmp

Filesize
4KB

Download
memory/1644-688-0x000002161B0C0000-0x000002161B0C1000-memory.dmp

Filesize
4KB

Download
memory/1644-687-0x000002161B0C0000-0x000002161B0C1000-memory.dmp

Filesize
4KB

Download
memory/1644-686-0x000002161B0C0000-0x000002161B0C1000-memory.dmp

Filesize
4KB

Download
memory/1644-685-0x000002161B0C0000-0x000002161B0C1000-memory.dmp

Filesize
4KB

Download
memory/1644-684-0x000002161B0C0000-0x000002161B0C1000-memory.dmp

Filesize
4KB

Download
memory/1644-678-0x000002161B0C0000-0x000002161B0C1000-memory.dmp

Filesize
4KB

Download
memory/1644-677-0x000002161B0C0000-0x000002161B0C1000-memory.dmp

Filesize
4KB

Download
memory/1748-123-0x00000217A8390000-0x00000217A8391000-memory.dmp

Filesize
4KB

Download
memory/1748-122-0x00000217A8390000-0x00000217A8391000-memory.dmp

Filesize
4KB

Download
memory/1748-124-0x00000217A8390000-0x00000217A8391000-memory.dmp

Filesize
4KB

Download
memory/1748-132-0x00000217A8390000-0x00000217A8391000-memory.dmp

Filesize
4KB

Download
memory/1748-134-0x00000217A8390000-0x00000217A8391000-memory.dmp

Filesize
4KB

Download
memory/1748-133-0x00000217A8390000-0x00000217A8391000-memory.dmp

Filesize
4KB

Download
memory/1748-128-0x00000217A8390000-0x00000217A8391000-memory.dmp

Filesize
4KB

Download
memory/1748-129-0x00000217A8390000-0x00000217A8391000-memory.dmp

Filesize
4KB

Download
memory/1748-130-0x00000217A8390000-0x00000217A8391000-memory.dmp

Filesize
4KB

Download
memory/1748-131-0x00000217A8390000-0x00000217A8391000-memory.dmp

Filesize
4KB

Download