dfbad09167fdd673ea872393a942c6783b2efc4028ac222eb18cfd1a13ada912

Resubmissions

10/10/2023, 14:36

231010-ryp43sea7y 7

10/10/2023, 14:33

231010-rwtz9aea6x 1

10/10/2023, 14:29

231010-rt355sga56 7

Analysis

max time kernel
307s
max time network
310s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
10/10/2023, 14:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Kicks-99-Guitar-Pull-Ticket-Stop-Contest-OFFICAL-CONTEST-RULES.exe
Size

303.1MB
MD5

774d5c3333bc4da827ea23cd6eb9eb64
SHA1

8428e8b833629ef35203ca4a137ce3a39d39c856
SHA256

3d75fae9f48bf6fe98339815159b75b3275bb0931b188806677a56503d53705e
SHA512

5c873bc7d767b60693a74bded8fe64b4e25527123b0fe59aaa9e662b00ff07af3f855db86b3482b88e94bed4d60cd7be782b21147395f4a8d7542c879fbe49f7
SSDEEP

49152:zA0C+Dp12tY44KJrhv5hbrSs6ygKo/dWlNSHkkkkkkkkkkkkkkkkkkkkkkkkkkk/:ze

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Control Panel\International\Geo\Nation	Kicks-99-Guitar-Pull-Ticket-Stop-Contest-OFFICAL-CONTEST-RULES.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings\MuiCache	AdobeCollabSync.exe
Key created	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings	Kicks-99-Guitar-Pull-Ticket-Stop-Contest-OFFICAL-CONTEST-RULES.exe

Suspicious behavior: EnumeratesProcesses 21 IoCs

pid	Process
4684	Kicks-99-Guitar-Pull-Ticket-Stop-Contest-OFFICAL-CONTEST-RULES.exe
2640	AcroRd32.exe
2640	AcroRd32.exe
2640	AcroRd32.exe
2640	AcroRd32.exe
2640	AcroRd32.exe
2640	AcroRd32.exe
2640	AcroRd32.exe
2640	AcroRd32.exe
2640	AcroRd32.exe
2640	AcroRd32.exe
2640	AcroRd32.exe
2640	AcroRd32.exe
2640	AcroRd32.exe
2640	AcroRd32.exe
2640	AcroRd32.exe
2640	AcroRd32.exe
2640	AcroRd32.exe
2640	AcroRd32.exe
2640	AcroRd32.exe
2640	AcroRd32.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4684	Kicks-99-Guitar-Pull-Ticket-Stop-Contest-OFFICAL-CONTEST-RULES.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2640	AcroRd32.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
2640	AcroRd32.exe
2640	AcroRd32.exe
2640	AcroRd32.exe
2640	AcroRd32.exe
2640	AcroRd32.exe
2640	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4684 wrote to memory of 2640	4684	Kicks-99-Guitar-Pull-Ticket-Stop-Contest-OFFICAL-CONTEST-RULES.exe	90
PID 4684 wrote to memory of 2640	4684	Kicks-99-Guitar-Pull-Ticket-Stop-Contest-OFFICAL-CONTEST-RULES.exe	90
PID 4684 wrote to memory of 2640	4684	Kicks-99-Guitar-Pull-Ticket-Stop-Contest-OFFICAL-CONTEST-RULES.exe	90
PID 2640 wrote to memory of 4360	2640	AcroRd32.exe	93
PID 2640 wrote to memory of 4360	2640	AcroRd32.exe	93
PID 2640 wrote to memory of 4360	2640	AcroRd32.exe	93
PID 4360 wrote to memory of 772	4360	AdobeCollabSync.exe	94
PID 4360 wrote to memory of 772	4360	AdobeCollabSync.exe	94
PID 4360 wrote to memory of 772	4360	AdobeCollabSync.exe	94
PID 772 wrote to memory of 2672	772	AdobeCollabSync.exe	96
PID 772 wrote to memory of 2672	772	AdobeCollabSync.exe	96
PID 772 wrote to memory of 2672	772	AdobeCollabSync.exe	96
PID 2640 wrote to memory of 2156	2640	AcroRd32.exe	99
PID 2640 wrote to memory of 2156	2640	AcroRd32.exe	99
PID 2640 wrote to memory of 2156	2640	AcroRd32.exe	99
PID 2156 wrote to memory of 3912	2156	RdrCEF.exe	100
PID 2156 wrote to memory of 3912	2156	RdrCEF.exe	100
PID 2156 wrote to memory of 3912	2156	RdrCEF.exe	100
PID 2156 wrote to memory of 3912	2156	RdrCEF.exe	100
PID 2156 wrote to memory of 3912	2156	RdrCEF.exe	100
PID 2156 wrote to memory of 3912	2156	RdrCEF.exe	100
PID 2156 wrote to memory of 3912	2156	RdrCEF.exe	100
PID 2156 wrote to memory of 3912	2156	RdrCEF.exe	100
PID 2156 wrote to memory of 3912	2156	RdrCEF.exe	100
PID 2156 wrote to memory of 3912	2156	RdrCEF.exe	100
PID 2156 wrote to memory of 3912	2156	RdrCEF.exe	100
PID 2156 wrote to memory of 3912	2156	RdrCEF.exe	100
PID 2156 wrote to memory of 3912	2156	RdrCEF.exe	100
PID 2156 wrote to memory of 3912	2156	RdrCEF.exe	100
PID 2156 wrote to memory of 3912	2156	RdrCEF.exe	100
PID 2156 wrote to memory of 3912	2156	RdrCEF.exe	100
PID 2156 wrote to memory of 3912	2156	RdrCEF.exe	100
PID 2156 wrote to memory of 3912	2156	RdrCEF.exe	100
PID 2156 wrote to memory of 3912	2156	RdrCEF.exe	100
PID 2156 wrote to memory of 3912	2156	RdrCEF.exe	100
PID 2156 wrote to memory of 3912	2156	RdrCEF.exe	100
PID 2156 wrote to memory of 3912	2156	RdrCEF.exe	100
PID 2156 wrote to memory of 3912	2156	RdrCEF.exe	100
PID 2156 wrote to memory of 3912	2156	RdrCEF.exe	100
PID 2156 wrote to memory of 3912	2156	RdrCEF.exe	100
PID 2156 wrote to memory of 3912	2156	RdrCEF.exe	100
PID 2156 wrote to memory of 3912	2156	RdrCEF.exe	100
PID 2156 wrote to memory of 3912	2156	RdrCEF.exe	100
PID 2156 wrote to memory of 3912	2156	RdrCEF.exe	100
PID 2156 wrote to memory of 3912	2156	RdrCEF.exe	100
PID 2156 wrote to memory of 3912	2156	RdrCEF.exe	100
PID 2156 wrote to memory of 3912	2156	RdrCEF.exe	100
PID 2156 wrote to memory of 3912	2156	RdrCEF.exe	100
PID 2156 wrote to memory of 3912	2156	RdrCEF.exe	100
PID 2156 wrote to memory of 3912	2156	RdrCEF.exe	100
PID 2156 wrote to memory of 3912	2156	RdrCEF.exe	100
PID 2156 wrote to memory of 3912	2156	RdrCEF.exe	100
PID 2156 wrote to memory of 3912	2156	RdrCEF.exe	100
PID 2156 wrote to memory of 3912	2156	RdrCEF.exe	100
PID 2156 wrote to memory of 3912	2156	RdrCEF.exe	100
PID 2156 wrote to memory of 3912	2156	RdrCEF.exe	100
PID 2156 wrote to memory of 3884	2156	RdrCEF.exe	101
PID 2156 wrote to memory of 3884	2156	RdrCEF.exe	101
PID 2156 wrote to memory of 3884	2156	RdrCEF.exe	101
PID 2156 wrote to memory of 3884	2156	RdrCEF.exe	101
PID 2156 wrote to memory of 3884	2156	RdrCEF.exe	101
PID 2156 wrote to memory of 3884	2156	RdrCEF.exe	101
PID 2156 wrote to memory of 3884	2156	RdrCEF.exe	101
PID 2156 wrote to memory of 3884	2156	RdrCEF.exe	101

C:\Users\Admin\AppData\Local\Temp\Kicks-99-Guitar-Pull-Ticket-Stop-Contest-OFFICAL-CONTEST-RULES.exe
"C:\Users\Admin\AppData\Local\Temp\Kicks-99-Guitar-Pull-Ticket-Stop-Contest-OFFICAL-CONTEST-RULES.exe"
1⤵
- Checks computer location settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4684
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\~~privacy-policy.pdf"
  2⤵
  - Checks processor information in registry
  - Modifies Internet Explorer settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2640
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4360
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c --type=collab-renderer --proc=4360
      4⤵
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:772
    - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe
        
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe" GetChannelUri
        5⤵
        
        PID:2672
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2156
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B9AE8BD6C1F9294A598AB67069953765 --mojo-platform-channel-handle=1724 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:3912
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=0F452FBED5B1B11CD562199FCD7D35C7 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=0F452FBED5B1B11CD562199FCD7D35C7 --renderer-client-id=2 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job /prefetch:1
      4⤵
      PID:3884
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=F3C557949E68422D623950519D2B944A --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=F3C557949E68422D623950519D2B944A --renderer-client-id=4 --mojo-platform-channel-handle=2172 --allow-no-sandbox-job /prefetch:1
      4⤵
      PID:1808
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=131167A3B0D6F3A17A647D6DA355EB26 --mojo-platform-channel-handle=2688 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:5548
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=4BDE50FC285BF813899B251233BE28A3 --mojo-platform-channel-handle=2944 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:6276
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=560FBAEF8E49D26126746EC4F3B45DCA --mojo-platform-channel-handle=1712 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:6512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
36KB

MD5
b30d3becc8731792523d599d949e63f5

SHA1
19350257e42d7aee17fb3bf139a9d3adb330fad4

SHA256
b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

SHA512
523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
82cb9bcc56520c3b3ed485801a43b146

SHA1
3fa945bf5f07a1d751fd2bb8cdba81f07571c1a8

SHA256
41fe214f23f153f321fa91c78753cf8924cae013a2f8cd548a741877d4579922

SHA512
0e2298fc85085cb2cbedb44b01de374b54cce3c8c34fb344a4fffd95967b81272f73cf548c51d0ee5915bcfd57764b245bc8a511d4c9478f60c5957d93ea1fae

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
245950c48f668cf2fcb3c64778e64089

SHA1
3a5a14c820f58e35a3fc6f5de29669f0840587d8

SHA256
a027cf12f2055635a3020f08e0448b2f0314791260ccd25570426088c5b0e307

SHA512
4fc8448536663b551cc716d78715f06d4ed217fbdf755924f0b30aebbb6212798a61c6638f919d5c14bdb6998d6a12f0ca37281f3c7f484c1821fbfc98d4a24d

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
245950c48f668cf2fcb3c64778e64089

SHA1
3a5a14c820f58e35a3fc6f5de29669f0840587d8

SHA256
a027cf12f2055635a3020f08e0448b2f0314791260ccd25570426088c5b0e307

SHA512
4fc8448536663b551cc716d78715f06d4ed217fbdf755924f0b30aebbb6212798a61c6638f919d5c14bdb6998d6a12f0ca37281f3c7f484c1821fbfc98d4a24d

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
aebe0d2eb7a2077a55e57a955e62406a

SHA1
3f811b8148f12220f4b45699135e6d21c9847d8a

SHA256
87aa4c64348b534771f03919b5bdca09596e89f6e0cca0a992bb3d290ec4155a

SHA512
efa1b082925a4e478fcea74764bbacb91d43da8c01c4b360a34e6f7402af23f91c93b5e91c6266120e144b5300e8dae73a62a7b6d7c4328410128f6a72a7baed

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
c411bd60388bdca703fcb3284378b4a3

SHA1
9b815f8da0d292f19a899eb6f567f93102c54017

SHA256
3e847729be3a45ad7a0293cab01a6494e4a4edaa5cb7dbe1b4bbb777cdce38cd

SHA512
3968578c9cafb7275ba7af3cf642678907300d4961976e093d1f5d65c9dc4cfe0418f334d862107e978d35ba4497a7caa112067a56744b53b20d7aa0801d94ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
6a0475cc511b800133348772fb65786c

SHA1
30c421c2572b9a8c92770ac677e607a5121967e7

SHA256
836aca2ba359f8cecc8ed7451e49edbe590dd54925aada6ba4fc8e1290a4d01c

SHA512
208354c1d35461a1bcbda6530d1ebae92dad74b6557c5c7e6abe5ce9d2c43c6bffcbf57747fce7d2bb4817cb593bc1dd9b05b981658e9d49072cd909575a84cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
6a0475cc511b800133348772fb65786c

SHA1
30c421c2572b9a8c92770ac677e607a5121967e7

SHA256
836aca2ba359f8cecc8ed7451e49edbe590dd54925aada6ba4fc8e1290a4d01c

SHA512
208354c1d35461a1bcbda6530d1ebae92dad74b6557c5c7e6abe5ce9d2c43c6bffcbf57747fce7d2bb4817cb593bc1dd9b05b981658e9d49072cd909575a84cd

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\resources\resource-18

Filesize
3.4MB

MD5
44047c4b3f1013d694b5d01098c8a0a8

SHA1
236b4716b08b4f4d031d9d55eb46b37d3c8ca6b9

SHA256
eaebc3b6731ad0d4eea255da74d0c5e6babb22dee4e558644a5fa0fa9a9c5fbf

SHA512
cc99e8877c77f65bf05e50cc64a25bdfaea3370be503151a24026977a6b9e80cf2c585081cc21cb1ce0bf93c776e1b452972dcb19d6ca1a1ff01474332079ed1

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\resources\resource-18

Filesize
3.4MB

MD5
44047c4b3f1013d694b5d01098c8a0a8

SHA1
236b4716b08b4f4d031d9d55eb46b37d3c8ca6b9

SHA256
eaebc3b6731ad0d4eea255da74d0c5e6babb22dee4e558644a5fa0fa9a9c5fbf

SHA512
cc99e8877c77f65bf05e50cc64a25bdfaea3370be503151a24026977a6b9e80cf2c585081cc21cb1ce0bf93c776e1b452972dcb19d6ca1a1ff01474332079ed1

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Filesize
12KB

MD5
bb6b6f0fbd2639b7477a4c75bdce8736

SHA1
2d67d980a42dbd01df64a78dc67e4d748a77ae9f

SHA256
7c776d48bdfe0e14e7df60689491945ad204864be4e0603a60062b508041fe43

SHA512
1dd6139090838a079de65caaf198c111e85ed6b6e3b33f250beaccef31e4d2807c625ea325792143e367f68876e674ab5f9c2d5ac91ea188be3d080a100836ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_is2bm50q.dcl.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\~~privacy-policy.pdf

Filesize
395KB

MD5
748680f296ceb8161ab55bf52bca9af8

SHA1
0d77a7df1876eef9c657a407c0e23ef55c509db5

SHA256
d385829753e49f43f5596ebf30726f45d126ab013e7adc984961203b6d2cb9bf

SHA512
e03d0be8e72536a12332a08cd837b2a0a093301d8f3852587e13674aae2b24604ba4eb574720c3659ad5c421fa503034cd1945bc1749c98a62d1a2a92f36f143

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata

Filesize
14KB

MD5
947f93fe0eed44767626846f28cfde05

SHA1
f6276d2a2b4a9d8a8e23c84019cd3961e9d60e88

SHA256
06a576fc14e995c437b26c0d150b4e84cd745e7cedfd972a84b42b51c842fc9b

SHA512
f97739eb0d22a99b06ef340aefb0d5a5b45b679d28accff3de2565166392c7d2fabaa33f945696f7d456ba2ef323f48e43eb26578f71c8b2e8ed32fb4dc69bc9

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata

Filesize
5.0MB

MD5
76b38860f377c77e2f952fbf8b9c3efe

SHA1
4165433fcccc6254b9154c0e8c695525bddd85d9

SHA256
592e16600eeaba7f3bb4823764799bae23c0eb5bc8ae151257c97038547bf7a9

SHA512
96cd363f7e2e66138ebea2a488eb457ef2cf1c40b621f80cf713267493816b246548a1fd33119f7f79b7bffb5f47408d6a7a96ecf67b3b81a74663f333eb0fca

Download Submit
memory/2640-174-0x00000000100F0000-0x00000000101BB000-memory.dmp

Filesize
812KB

Download
memory/4684-38-0x00007FF8136B0000-0x00007FF814171000-memory.dmp

Filesize
10.8MB

Download
memory/4684-0-0x00007FF8136B0000-0x00007FF814171000-memory.dmp

Filesize
10.8MB

Download
memory/4684-73-0x00000000160B0000-0x00000000160C0000-memory.dmp

Filesize
64KB

Download
memory/4684-15-0x0000000033430000-0x00000000334F0000-memory.dmp

Filesize
768KB

Download
memory/4684-12-0x0000000016010000-0x0000000016032000-memory.dmp

Filesize
136KB

Download
memory/4684-11-0x00000000160B0000-0x00000000160C0000-memory.dmp

Filesize
64KB

Download
memory/4684-1-0x00000000005B0000-0x00000000015B0000-memory.dmp

Filesize
16.0MB

Download