hxxps://www[.]supsew[.]com/search-results/?wpfb_s=hercules+HRk+100

Analysis

max time kernel
49s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
23/02/2024, 17:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.supsew.com/search-results/?wpfb_s=hercules+HRk+100

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-910440534-423636034-2318342392-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133531813190152304"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3276	chrome.exe
3276	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe
Token: SeShutdownPrivilege	3276	chrome.exe
Token: SeCreatePagefilePrivilege	3276	chrome.exe

Suspicious use of FindShellTrayWindow 38 IoCs

pid	Process
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
756	AcroRd32.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
756	AcroRd32.exe
756	AcroRd32.exe
756	AcroRd32.exe
756	AcroRd32.exe
756	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3276 wrote to memory of 3604	3276	chrome.exe	60
PID 3276 wrote to memory of 3604	3276	chrome.exe	60
PID 3276 wrote to memory of 1388	3276	chrome.exe	86
PID 3276 wrote to memory of 1388	3276	chrome.exe	86
PID 3276 wrote to memory of 1388	3276	chrome.exe	86
PID 3276 wrote to memory of 1388	3276	chrome.exe	86
PID 3276 wrote to memory of 1388	3276	chrome.exe	86
PID 3276 wrote to memory of 1388	3276	chrome.exe	86
PID 3276 wrote to memory of 1388	3276	chrome.exe	86
PID 3276 wrote to memory of 1388	3276	chrome.exe	86
PID 3276 wrote to memory of 1388	3276	chrome.exe	86
PID 3276 wrote to memory of 1388	3276	chrome.exe	86
PID 3276 wrote to memory of 1388	3276	chrome.exe	86
PID 3276 wrote to memory of 1388	3276	chrome.exe	86
PID 3276 wrote to memory of 1388	3276	chrome.exe	86
PID 3276 wrote to memory of 1388	3276	chrome.exe	86
PID 3276 wrote to memory of 1388	3276	chrome.exe	86
PID 3276 wrote to memory of 1388	3276	chrome.exe	86
PID 3276 wrote to memory of 1388	3276	chrome.exe	86
PID 3276 wrote to memory of 1388	3276	chrome.exe	86
PID 3276 wrote to memory of 1388	3276	chrome.exe	86
PID 3276 wrote to memory of 1388	3276	chrome.exe	86
PID 3276 wrote to memory of 1388	3276	chrome.exe	86
PID 3276 wrote to memory of 1388	3276	chrome.exe	86
PID 3276 wrote to memory of 1388	3276	chrome.exe	86
PID 3276 wrote to memory of 1388	3276	chrome.exe	86
PID 3276 wrote to memory of 1388	3276	chrome.exe	86
PID 3276 wrote to memory of 1388	3276	chrome.exe	86
PID 3276 wrote to memory of 1388	3276	chrome.exe	86
PID 3276 wrote to memory of 1388	3276	chrome.exe	86
PID 3276 wrote to memory of 1388	3276	chrome.exe	86
PID 3276 wrote to memory of 1388	3276	chrome.exe	86
PID 3276 wrote to memory of 1388	3276	chrome.exe	86
PID 3276 wrote to memory of 1388	3276	chrome.exe	86
PID 3276 wrote to memory of 1388	3276	chrome.exe	86
PID 3276 wrote to memory of 1388	3276	chrome.exe	86
PID 3276 wrote to memory of 1388	3276	chrome.exe	86
PID 3276 wrote to memory of 1388	3276	chrome.exe	86
PID 3276 wrote to memory of 1388	3276	chrome.exe	86
PID 3276 wrote to memory of 1388	3276	chrome.exe	86
PID 3276 wrote to memory of 2924	3276	chrome.exe	87
PID 3276 wrote to memory of 2924	3276	chrome.exe	87
PID 3276 wrote to memory of 1504	3276	chrome.exe	88
PID 3276 wrote to memory of 1504	3276	chrome.exe	88
PID 3276 wrote to memory of 1504	3276	chrome.exe	88
PID 3276 wrote to memory of 1504	3276	chrome.exe	88
PID 3276 wrote to memory of 1504	3276	chrome.exe	88
PID 3276 wrote to memory of 1504	3276	chrome.exe	88
PID 3276 wrote to memory of 1504	3276	chrome.exe	88
PID 3276 wrote to memory of 1504	3276	chrome.exe	88
PID 3276 wrote to memory of 1504	3276	chrome.exe	88
PID 3276 wrote to memory of 1504	3276	chrome.exe	88
PID 3276 wrote to memory of 1504	3276	chrome.exe	88
PID 3276 wrote to memory of 1504	3276	chrome.exe	88
PID 3276 wrote to memory of 1504	3276	chrome.exe	88
PID 3276 wrote to memory of 1504	3276	chrome.exe	88
PID 3276 wrote to memory of 1504	3276	chrome.exe	88
PID 3276 wrote to memory of 1504	3276	chrome.exe	88
PID 3276 wrote to memory of 1504	3276	chrome.exe	88
PID 3276 wrote to memory of 1504	3276	chrome.exe	88
PID 3276 wrote to memory of 1504	3276	chrome.exe	88
PID 3276 wrote to memory of 1504	3276	chrome.exe	88
PID 3276 wrote to memory of 1504	3276	chrome.exe	88
PID 3276 wrote to memory of 1504	3276	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.supsew.com/search-results/?wpfb_s=hercules+HRk+100
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbbe549758,0x7ffbbe549768,0x7ffbbe549778
  2⤵
  PID:3604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1876,i,9085053705147916778,16185463807376959482,131072 /prefetch:2
  2⤵
  PID:1388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 --field-trial-handle=1876,i,9085053705147916778,16185463807376959482,131072 /prefetch:8
  2⤵
  PID:2924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2192 --field-trial-handle=1876,i,9085053705147916778,16185463807376959482,131072 /prefetch:8
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2928 --field-trial-handle=1876,i,9085053705147916778,16185463807376959482,131072 /prefetch:1
  2⤵
  PID:2228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2920 --field-trial-handle=1876,i,9085053705147916778,16185463807376959482,131072 /prefetch:1
  2⤵
  PID:1100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 --field-trial-handle=1876,i,9085053705147916778,16185463807376959482,131072 /prefetch:8
  2⤵
  PID:3460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 --field-trial-handle=1876,i,9085053705147916778,16185463807376959482,131072 /prefetch:8
  2⤵
  PID:3256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 --field-trial-handle=1876,i,9085053705147916778,16185463807376959482,131072 /prefetch:8
  2⤵
  PID:3972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5648 --field-trial-handle=1876,i,9085053705147916778,16185463807376959482,131072 /prefetch:1
  2⤵
  PID:3532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5808 --field-trial-handle=1876,i,9085053705147916778,16185463807376959482,131072 /prefetch:1
  2⤵
  PID:4384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --pdf-renderer --lang=en-US --js-flags=--jitless --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5556 --field-trial-handle=1876,i,9085053705147916778,16185463807376959482,131072 /prefetch:1
  2⤵
  PID:1728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 --field-trial-handle=1876,i,9085053705147916778,16185463807376959482,131072 /prefetch:8
  2⤵
  PID:2756

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2248

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4572

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\Hercules HRK-100.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:756
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  PID:3028
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=2E8ABBE4808784AD496A93BD8CBA979B --mojo-platform-channel-handle=1772 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:428
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=1E3C55C12F39453C216B767D25DF2E26 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=1E3C55C12F39453C216B767D25DF2E26 --renderer-client-id=2 --mojo-platform-channel-handle=1784 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:3220
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B028C31E5F470C11FB5B1C380EEBD008 --mojo-platform-channel-handle=2196 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2248
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=8D0345F007015DF75649F0FA93809AF4 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=8D0345F007015DF75649F0FA93809AF4 --renderer-client-id=5 --mojo-platform-channel-handle=1888 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4008
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A0E6CA34EBE1C53DBC5B8D0BC30A7236 --mojo-platform-channel-handle=2616 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4948
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=2D03FBAE609C354D555A38F690CDA48E --mojo-platform-channel-handle=2392 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3680

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3640

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
984B

MD5
0d3882c1440de2404878e786a447d90d

SHA1
846511a2c2bad736c10d8dfbdc523d4fa7851f7f

SHA256
019507938c6c36f356b0b806f54d65e0ec75cb1caab5d8eb63ef41d121a80a32

SHA512
0cff19dd13146f0a1be6cee1b0c6d3fe411ac8e4340ef2b43b200a201bb913774681720fd66822904b0f593eb8f767e930c0ba30300b80cff90615f7c6f25bd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
b4720debeb1bcec9b286e81b02a64a9c

SHA1
ed3d2f1b3e41b8a6c5ca4cb20eba59c92fe46a68

SHA256
306d09803c7fd964ab6e8ffc63a0b8f2dce9287a34dd6a6f79bfed2f05237d68

SHA512
63668d1a65e081d12be3166901b9b39390d047681ea08c2383a5c556e911ed329d0ef10cc30dc2d66521a3ec60285a793a6a20c2c89aa35122a6414ba4544d8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3c502c60d8dfe519dc411c887522105b

SHA1
80cc5d2800c1b1e2894cb985b6c21cbb72811de1

SHA256
b14578588934c3c44a4c725410e886698d1fb6b4acb48b73a6360f50f91f4a4b

SHA512
6f01db44b11211a6a9c35ae23acb3199e25afbf38a3d4aa2207f478811126fac5c98123bf561c62d07bf648246781072cb84b4e8981cfd66b71942975ff9301c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7db1d11914aaed918f94aa2cdd73f40d

SHA1
86d12957ab1ed5a7170116a336d8be02c711236e

SHA256
eb00f60ad04b8c7222ffcfbc0fee5c7803c42ae4f82e873c30b5616710b137b8

SHA512
328e1a7c5f6eb464a314a6faf256ba0b75a06db4b1a5de2933f7f309b42bb7ad1135f15d33f1fad169621dc6617065a4c8c2359fee2a6e09a99448fd87a1a5b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e8355e998a917c6e7561a94d0887b0c9

SHA1
710463acbaf1873d24ed4a5ad289684d0eb0775b

SHA256
f1626d3f5b37435efe21223b4f3c6e2531012a2783e8654b91571a5015e5efdb

SHA512
1a1950dfdc25bf58d3772a71af297193c557941bc43ebcb4abcd7fa5745d6ab0a85f795cfa9a83ae446aa62505dacfd3249b0fb14bf31267f7100747a48222a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
dd5557b811c3d4208f16abcd38a16a25

SHA1
bbbf6afb14b0ba879253ef13fd26db3b44a399a8

SHA256
f24d59ed7c93be3b4c65311d51579d8834c601763a99545b482295bde197110c

SHA512
47196ec09b3a039c7e29c815947ee77582f8b60e0976ca93299c676b9b514884a64552001567c000b3343e501574ebeb3711702360ceb4b8347dc8c23cdd7e73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
6fad20a45a4236d266320413b8f9f849

SHA1
896dee805aa70780b7961b9b77fa1cca55dfba11

SHA256
2e4c6988748891137ca90790805d13c9a05d0fda45be60313781ca5c1d5c771b

SHA512
cae3af5637ede2746fbbbb00f22effff04b0fb74f9eb7f474f63ad9effd878bb8b5fc14c2cd7238950ac454a4944edfbb86f291ac6bdd59f1ca3a4814e70c984

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\Hercules HRK-100.pdf.crdownload

Filesize
4.8MB

MD5
2f93e9762b53d592504b11b29fc40aa3

SHA1
66ebb1f1b2c474958387ee660f83d71f3cbbbb07

SHA256
cd3f5a5f58c086dfeacba874288795fa672b2ff5d6c95c52f80ed91f0210e159

SHA512
69d55fa2800bb32f36ccb673c363cdbf2081c9c52f113639c6d256f8925a3ce58f07d3d5ee41a4792041bd1892b6a5b61222a2b46f49a13da73d71fb484af4dc

Download Submit
memory/756-190-0x0000000013890000-0x00000000139DD000-memory.dmp

Filesize
1.3MB

Download