dfbad09167fdd673ea872393a942c6783b2efc4028ac222eb18cfd1a13ada912

Resubmissions

10/10/2023, 14:36

231010-ryp43sea7y 7

10/10/2023, 14:33

231010-rwtz9aea6x 1

10/10/2023, 14:29

231010-rt355sga56 7

Analysis

max time kernel
215s
max time network
202s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
10/10/2023, 14:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Kicks-99-Guitar-Pull-Ticket-Stop-Contest-OFFICAL-CONTEST-RULES.exe
Size

303.1MB
MD5

774d5c3333bc4da827ea23cd6eb9eb64
SHA1

8428e8b833629ef35203ca4a137ce3a39d39c856
SHA256

3d75fae9f48bf6fe98339815159b75b3275bb0931b188806677a56503d53705e
SHA512

5c873bc7d767b60693a74bded8fe64b4e25527123b0fe59aaa9e662b00ff07af3f855db86b3482b88e94bed4d60cd7be782b21147395f4a8d7542c879fbe49f7
SSDEEP

49152:zA0C+Dp12tY44KJrhv5hbrSs6ygKo/dWlNSHkkkkkkkkkkkkkkkkkkkkkkkkkkk/:ze

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\Control Panel\International\Geo\Nation	Kicks-99-Guitar-Pull-Ticket-Stop-Contest-OFFICAL-CONTEST-RULES.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings	Kicks-99-Guitar-Pull-Ticket-Stop-Contest-OFFICAL-CONTEST-RULES.exe
Key created	\REGISTRY\USER\S-1-5-21-919254492-3979293997-764407192-1000_Classes\Local Settings\MuiCache	AdobeCollabSync.exe

Suspicious behavior: EnumeratesProcesses 21 IoCs

pid	Process
4088	Kicks-99-Guitar-Pull-Ticket-Stop-Contest-OFFICAL-CONTEST-RULES.exe
2116	AcroRd32.exe
2116	AcroRd32.exe
2116	AcroRd32.exe
2116	AcroRd32.exe
2116	AcroRd32.exe
2116	AcroRd32.exe
2116	AcroRd32.exe
2116	AcroRd32.exe
2116	AcroRd32.exe
2116	AcroRd32.exe
2116	AcroRd32.exe
2116	AcroRd32.exe
2116	AcroRd32.exe
2116	AcroRd32.exe
2116	AcroRd32.exe
2116	AcroRd32.exe
2116	AcroRd32.exe
2116	AcroRd32.exe
2116	AcroRd32.exe
2116	AcroRd32.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4088	Kicks-99-Guitar-Pull-Ticket-Stop-Contest-OFFICAL-CONTEST-RULES.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2116	AcroRd32.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
2116	AcroRd32.exe
2116	AcroRd32.exe
2116	AcroRd32.exe
2116	AcroRd32.exe
2116	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4088 wrote to memory of 2116	4088	Kicks-99-Guitar-Pull-Ticket-Stop-Contest-OFFICAL-CONTEST-RULES.exe	94
PID 4088 wrote to memory of 2116	4088	Kicks-99-Guitar-Pull-Ticket-Stop-Contest-OFFICAL-CONTEST-RULES.exe	94
PID 4088 wrote to memory of 2116	4088	Kicks-99-Guitar-Pull-Ticket-Stop-Contest-OFFICAL-CONTEST-RULES.exe	94
PID 2116 wrote to memory of 1516	2116	AcroRd32.exe	97
PID 2116 wrote to memory of 1516	2116	AcroRd32.exe	97
PID 2116 wrote to memory of 1516	2116	AcroRd32.exe	97
PID 1516 wrote to memory of 4808	1516	AdobeCollabSync.exe	98
PID 1516 wrote to memory of 4808	1516	AdobeCollabSync.exe	98
PID 1516 wrote to memory of 4808	1516	AdobeCollabSync.exe	98
PID 4808 wrote to memory of 4476	4808	AdobeCollabSync.exe	101
PID 4808 wrote to memory of 4476	4808	AdobeCollabSync.exe	101
PID 4808 wrote to memory of 4476	4808	AdobeCollabSync.exe	101
PID 2116 wrote to memory of 8916	2116	AcroRd32.exe	103
PID 2116 wrote to memory of 8916	2116	AcroRd32.exe	103
PID 2116 wrote to memory of 8916	2116	AcroRd32.exe	103
PID 8916 wrote to memory of 9048	8916	RdrCEF.exe	104
PID 8916 wrote to memory of 9048	8916	RdrCEF.exe	104
PID 8916 wrote to memory of 9048	8916	RdrCEF.exe	104
PID 8916 wrote to memory of 9048	8916	RdrCEF.exe	104
PID 8916 wrote to memory of 9048	8916	RdrCEF.exe	104
PID 8916 wrote to memory of 9048	8916	RdrCEF.exe	104
PID 8916 wrote to memory of 9048	8916	RdrCEF.exe	104
PID 8916 wrote to memory of 9048	8916	RdrCEF.exe	104
PID 8916 wrote to memory of 9048	8916	RdrCEF.exe	104
PID 8916 wrote to memory of 9048	8916	RdrCEF.exe	104
PID 8916 wrote to memory of 9048	8916	RdrCEF.exe	104
PID 8916 wrote to memory of 9048	8916	RdrCEF.exe	104
PID 8916 wrote to memory of 9048	8916	RdrCEF.exe	104
PID 8916 wrote to memory of 9048	8916	RdrCEF.exe	104
PID 8916 wrote to memory of 9048	8916	RdrCEF.exe	104
PID 8916 wrote to memory of 9048	8916	RdrCEF.exe	104
PID 8916 wrote to memory of 9048	8916	RdrCEF.exe	104
PID 8916 wrote to memory of 9048	8916	RdrCEF.exe	104
PID 8916 wrote to memory of 9048	8916	RdrCEF.exe	104
PID 8916 wrote to memory of 9048	8916	RdrCEF.exe	104
PID 8916 wrote to memory of 9048	8916	RdrCEF.exe	104
PID 8916 wrote to memory of 9048	8916	RdrCEF.exe	104
PID 8916 wrote to memory of 9048	8916	RdrCEF.exe	104
PID 8916 wrote to memory of 9048	8916	RdrCEF.exe	104
PID 8916 wrote to memory of 9048	8916	RdrCEF.exe	104
PID 8916 wrote to memory of 9048	8916	RdrCEF.exe	104
PID 8916 wrote to memory of 9048	8916	RdrCEF.exe	104
PID 8916 wrote to memory of 9048	8916	RdrCEF.exe	104
PID 8916 wrote to memory of 9048	8916	RdrCEF.exe	104
PID 8916 wrote to memory of 9048	8916	RdrCEF.exe	104
PID 8916 wrote to memory of 9048	8916	RdrCEF.exe	104
PID 8916 wrote to memory of 9048	8916	RdrCEF.exe	104
PID 8916 wrote to memory of 9048	8916	RdrCEF.exe	104
PID 8916 wrote to memory of 9048	8916	RdrCEF.exe	104
PID 8916 wrote to memory of 9048	8916	RdrCEF.exe	104
PID 8916 wrote to memory of 9048	8916	RdrCEF.exe	104
PID 8916 wrote to memory of 9048	8916	RdrCEF.exe	104
PID 8916 wrote to memory of 9048	8916	RdrCEF.exe	104
PID 8916 wrote to memory of 9048	8916	RdrCEF.exe	104
PID 8916 wrote to memory of 9048	8916	RdrCEF.exe	104
PID 8916 wrote to memory of 9048	8916	RdrCEF.exe	104
PID 8916 wrote to memory of 9048	8916	RdrCEF.exe	104
PID 8916 wrote to memory of 9048	8916	RdrCEF.exe	104
PID 8916 wrote to memory of 9068	8916	RdrCEF.exe	105
PID 8916 wrote to memory of 9068	8916	RdrCEF.exe	105
PID 8916 wrote to memory of 9068	8916	RdrCEF.exe	105
PID 8916 wrote to memory of 9068	8916	RdrCEF.exe	105
PID 8916 wrote to memory of 9068	8916	RdrCEF.exe	105
PID 8916 wrote to memory of 9068	8916	RdrCEF.exe	105

C:\Users\Admin\AppData\Local\Temp\Kicks-99-Guitar-Pull-Ticket-Stop-Contest-OFFICAL-CONTEST-RULES.exe
"C:\Users\Admin\AppData\Local\Temp\Kicks-99-Guitar-Pull-Ticket-Stop-Contest-OFFICAL-CONTEST-RULES.exe"
1⤵
- Checks computer location settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4088
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\~~privacy-policy.pdf"
  2⤵
  - Checks processor information in registry
  - Modifies Internet Explorer settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2116
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1516
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c --type=collab-renderer --proc=1516
      4⤵
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:4808
    - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe
        
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe" GetChannelUri
        5⤵
        
        PID:4476
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:8916
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=F46A058371655C19C84769CC31C8A666 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=F46A058371655C19C84769CC31C8A666 --renderer-client-id=2 --mojo-platform-channel-handle=1728 --allow-no-sandbox-job /prefetch:1
      4⤵
      PID:9048
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=1986D7642135AA36C82E514F2963B1E7 --mojo-platform-channel-handle=1780 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:9068
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=27F1A55A618534180AE51489705025ED --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=27F1A55A618534180AE51489705025ED --renderer-client-id=4 --mojo-platform-channel-handle=2312 --allow-no-sandbox-job /prefetch:1
      4⤵
      PID:9108
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=6C973FF087133630746D2DBF1EBCACB5 --mojo-platform-channel-handle=2440 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:2800
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=1BD78E92EC984448F00E4E54196F4497 --mojo-platform-channel-handle=2100 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:9300
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=2E8D95EDCC068D3209B70D5C395EE7B0 --mojo-platform-channel-handle=2708 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:9384

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3792

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
36KB

MD5
b30d3becc8731792523d599d949e63f5

SHA1
19350257e42d7aee17fb3bf139a9d3adb330fad4

SHA256
b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

SHA512
523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
44f4cca7af79967765e90dbdaa7a2d84

SHA1
d5b10e0c31ea482da5397973f65e0c97999e5641

SHA256
7d89194616353b1e7866dddcbbf79fde953deccc7b84e102c1577e16d77ca30b

SHA512
c9a265dace3c54a25b1ca1a44f96bcc456f932d7a3699d959b3e17802b1afe21087d53de8e2fae4edded2151c34f28a9619682e9610523149267d52b207a10c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
b00ddf65e7ff7583e73be600b17f7ead

SHA1
060f432f3018a15944ae21c26a24b5e1a5bc3f8f

SHA256
42e53e08690d165a846e2d51422c9ce7add05e19161931b1be5cc272f83fb13a

SHA512
3ed1dfc8d51bd79127da841ea37917bf647c445f7fb989adad0086f91e17c5a847f7a00f82a7405c683b793c9872f470db1ce62f10fb41af9dee73d64433dd3e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
245950c48f668cf2fcb3c64778e64089

SHA1
3a5a14c820f58e35a3fc6f5de29669f0840587d8

SHA256
a027cf12f2055635a3020f08e0448b2f0314791260ccd25570426088c5b0e307

SHA512
4fc8448536663b551cc716d78715f06d4ed217fbdf755924f0b30aebbb6212798a61c6638f919d5c14bdb6998d6a12f0ca37281f3c7f484c1821fbfc98d4a24d

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
245950c48f668cf2fcb3c64778e64089

SHA1
3a5a14c820f58e35a3fc6f5de29669f0840587d8

SHA256
a027cf12f2055635a3020f08e0448b2f0314791260ccd25570426088c5b0e307

SHA512
4fc8448536663b551cc716d78715f06d4ed217fbdf755924f0b30aebbb6212798a61c6638f919d5c14bdb6998d6a12f0ca37281f3c7f484c1821fbfc98d4a24d

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
aebe0d2eb7a2077a55e57a955e62406a

SHA1
3f811b8148f12220f4b45699135e6d21c9847d8a

SHA256
87aa4c64348b534771f03919b5bdca09596e89f6e0cca0a992bb3d290ec4155a

SHA512
efa1b082925a4e478fcea74764bbacb91d43da8c01c4b360a34e6f7402af23f91c93b5e91c6266120e144b5300e8dae73a62a7b6d7c4328410128f6a72a7baed

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
340c8b5e472a8ba274153eb5e4733cbb

SHA1
3ced2153490efb11ab465fd9d1154b77fd262f67

SHA256
550a30bcba11698c94daef0e10423d76a8b9df0246d9255e29640e9856d3cb85

SHA512
a5490709dfd76d67eca6d780e1544f1ea6c7d9c0af7fbd58ba55d46ff763335cf1e4cdfa3af257294d8614de6983652c644812b1cfcd6d437b91aad3648c6402

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
c03e89619bbcf8860b1b595020b50302

SHA1
38935028181ad50c119f4834de4a62fa8983bd61

SHA256
b336e5383566c9a0b86fc89aadcd79449d2e2d676563d4b400b6ea00aacc2699

SHA512
572ba1a5653c4f16341c87b87111df88f9d46c6d51775072f62215ed7820ef544e4952193da88bedfe325ded825b68bd9a7db43cd200d59711f9a587c24eb184

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
8c50497c33a37a23c44355d8ad41041c

SHA1
7a430ab05fe7dcc58721701ed880a6c493e63db7

SHA256
52e911ddf3711561f5e8f2f2926d6592ce3c9012f3b3bb9033de918e577cd396

SHA512
102603835d2f10cd0eea642481d65b1b8dd10ef45b507f48b2360d394138aa56b9bc104330570c7b824413a0095070edb4f98be896bddc744a6ea2ca1346952b

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
8c50497c33a37a23c44355d8ad41041c

SHA1
7a430ab05fe7dcc58721701ed880a6c493e63db7

SHA256
52e911ddf3711561f5e8f2f2926d6592ce3c9012f3b3bb9033de918e577cd396

SHA512
102603835d2f10cd0eea642481d65b1b8dd10ef45b507f48b2360d394138aa56b9bc104330570c7b824413a0095070edb4f98be896bddc744a6ea2ca1346952b

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\resources\resource-18

Filesize
3.4MB

MD5
44047c4b3f1013d694b5d01098c8a0a8

SHA1
236b4716b08b4f4d031d9d55eb46b37d3c8ca6b9

SHA256
eaebc3b6731ad0d4eea255da74d0c5e6babb22dee4e558644a5fa0fa9a9c5fbf

SHA512
cc99e8877c77f65bf05e50cc64a25bdfaea3370be503151a24026977a6b9e80cf2c585081cc21cb1ce0bf93c776e1b452972dcb19d6ca1a1ff01474332079ed1

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\resources\resource-18

Filesize
3.4MB

MD5
44047c4b3f1013d694b5d01098c8a0a8

SHA1
236b4716b08b4f4d031d9d55eb46b37d3c8ca6b9

SHA256
eaebc3b6731ad0d4eea255da74d0c5e6babb22dee4e558644a5fa0fa9a9c5fbf

SHA512
cc99e8877c77f65bf05e50cc64a25bdfaea3370be503151a24026977a6b9e80cf2c585081cc21cb1ce0bf93c776e1b452972dcb19d6ca1a1ff01474332079ed1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
471B

MD5
a10ac740d6e952470fc0bba7548104d4

SHA1
0f0275a4edc35ff87d4d941d065dffed222d3461

SHA256
4acb61f4ed4517050adc7a87793362adb1a5438fae547afebf1a4bcb626f0031

SHA512
b197af928dfe4d8dafc040f1c71bf932fda0a8546f28a52f5f584bee2d8c59b858c0d08ec0a6526d66e4c11bd6802967b056f0663b17e565a6a156d16886a3d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
400B

MD5
41623e1f42aa15a3e37dc1d401fdd163

SHA1
2933647ea30299cdeb7b6b282c3006177aa2075f

SHA256
69c8f0c29537f4b6e3f3a5db39eeddc3f54b978f41840c38c08f006bb8cd2ea4

SHA512
847cde419ff7cdc919e8bcc736667760d74f940cfa8f5a76598171354a93109151da0bf9e9ed3f7dc90952b10d6e26def33e029429cb26ae8b7637f7cd7e187d

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Filesize
12KB

MD5
59859493dfc5a87eacca5540ac1c9796

SHA1
ef9c4b7d4d3f91d051cfb2cc5a6acdab7d2c667c

SHA256
284b5dd4708b8bd9f7a9e7c949c639d76a2370b3231c42ba29d8d2317e07e906

SHA512
c595ae3339687bce51d09820f28907a4721fa2db21c689c73dd10e77b3fb7182bd8d8fa6826bbae11faad83f706fdc13888c85495a761fca386a7fe57f3b1ace

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_q2ybhmok.zs2.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\~~privacy-policy.pdf

Filesize
395KB

MD5
748680f296ceb8161ab55bf52bca9af8

SHA1
0d77a7df1876eef9c657a407c0e23ef55c509db5

SHA256
d385829753e49f43f5596ebf30726f45d126ab013e7adc984961203b6d2cb9bf

SHA512
e03d0be8e72536a12332a08cd837b2a0a093301d8f3852587e13674aae2b24604ba4eb574720c3659ad5c421fa503034cd1945bc1749c98a62d1a2a92f36f143

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata

Filesize
14KB

MD5
947f93fe0eed44767626846f28cfde05

SHA1
f6276d2a2b4a9d8a8e23c84019cd3961e9d60e88

SHA256
06a576fc14e995c437b26c0d150b4e84cd745e7cedfd972a84b42b51c842fc9b

SHA512
f97739eb0d22a99b06ef340aefb0d5a5b45b679d28accff3de2565166392c7d2fabaa33f945696f7d456ba2ef323f48e43eb26578f71c8b2e8ed32fb4dc69bc9

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata

Filesize
5.0MB

MD5
76b38860f377c77e2f952fbf8b9c3efe

SHA1
4165433fcccc6254b9154c0e8c695525bddd85d9

SHA256
592e16600eeaba7f3bb4823764799bae23c0eb5bc8ae151257c97038547bf7a9

SHA512
96cd363f7e2e66138ebea2a488eb457ef2cf1c40b621f80cf713267493816b246548a1fd33119f7f79b7bffb5f47408d6a7a96ecf67b3b81a74663f333eb0fca

Download Submit
memory/4088-0-0x00007FF9BB8D0000-0x00007FF9BC391000-memory.dmp

Filesize
10.8MB

Download
memory/4088-77-0x000000002F1C0000-0x000000002F1D0000-memory.dmp

Filesize
64KB

Download
memory/4088-62-0x00007FF9BB8D0000-0x00007FF9BC391000-memory.dmp

Filesize
10.8MB

Download
memory/4088-15-0x0000000033510000-0x00000000335D0000-memory.dmp

Filesize
768KB

Download
memory/4088-12-0x0000000013FC0000-0x0000000013FE2000-memory.dmp

Filesize
136KB

Download
memory/4088-11-0x000000002F1C0000-0x000000002F1D0000-memory.dmp

Filesize
64KB

Download
memory/4088-1-0x0000000000610000-0x0000000001610000-memory.dmp

Filesize
16.0MB

Download