Overview
overview
10Static
static
3NewCovid-2...21.exe
windows7-x64
10NewCovid-2...21.exe
windows10-2004-x64
10NewCovid-2...ed.pdf
windows7-x64
1NewCovid-2...ed.pdf
windows10-2004-x64
1NewCovid-2...er.lnk
windows7-x64
10NewCovid-2...er.lnk
windows10-2004-x64
10NewCovid-2...ic.rtf
windows7-x64
8NewCovid-2...ic.rtf
windows10-2004-x64
1Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
10-04-2024 10:36
Static task
static1
Behavioral task
behavioral1
Sample
NewCovid-21/08042021.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
NewCovid-21/08042021.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
NewCovid-21/GEO-CFUND-2009_CCM Agreement_Facesheet - signed.pdf
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
NewCovid-21/GEO-CFUND-2009_CCM Agreement_Facesheet - signed.pdf
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
NewCovid-21/New Folder.lnk
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
NewCovid-21/New Folder.lnk
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
NewCovid-21/Statistic.rtf
Resource
win7-20231129-en
Behavioral task
behavioral8
Sample
NewCovid-21/Statistic.rtf
Resource
win10v2004-20240226-en
General
-
Target
NewCovid-21/GEO-CFUND-2009_CCM Agreement_Facesheet - signed.pdf
-
Size
1.2MB
-
MD5
c326ba10fb458ca8b17a12047664ba61
-
SHA1
897439fae9312219b87e6b62d0d7d0bcdf419eff
-
SHA256
bbab12dc486b1c6fcf9e343ec1474d0f8967de988444d7f838f1b4dcab343e8a
-
SHA512
d647695b7bfc10d8c94af873506cb02c51ecdf672f151b175a3b42f78138fa401824b7a4f813d400acb35dbbc365968261282718672bc25d30040cf8e2e61941
-
SSDEEP
24576:iPO7CFXws3rSFQh08q/SjCUO+rT4p/5bKTeUXBXJbM:i73bSSh0oCU149KTLlJY
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\MuiCache AdobeCollabSync.exe -
Suspicious behavior: EnumeratesProcesses 20 IoCs
pid Process 2820 AcroRd32.exe 2820 AcroRd32.exe 2820 AcroRd32.exe 2820 AcroRd32.exe 2820 AcroRd32.exe 2820 AcroRd32.exe 2820 AcroRd32.exe 2820 AcroRd32.exe 2820 AcroRd32.exe 2820 AcroRd32.exe 2820 AcroRd32.exe 2820 AcroRd32.exe 2820 AcroRd32.exe 2820 AcroRd32.exe 2820 AcroRd32.exe 2820 AcroRd32.exe 2820 AcroRd32.exe 2820 AcroRd32.exe 2820 AcroRd32.exe 2820 AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2820 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 7 IoCs
pid Process 2820 AcroRd32.exe 2820 AcroRd32.exe 2820 AcroRd32.exe 2820 AcroRd32.exe 2820 AcroRd32.exe 2820 AcroRd32.exe 2820 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2820 wrote to memory of 4556 2820 AcroRd32.exe 88 PID 2820 wrote to memory of 4556 2820 AcroRd32.exe 88 PID 2820 wrote to memory of 4556 2820 AcroRd32.exe 88 PID 4556 wrote to memory of 5056 4556 AdobeCollabSync.exe 91 PID 4556 wrote to memory of 5056 4556 AdobeCollabSync.exe 91 PID 4556 wrote to memory of 5056 4556 AdobeCollabSync.exe 91 PID 5056 wrote to memory of 2356 5056 AdobeCollabSync.exe 95 PID 5056 wrote to memory of 2356 5056 AdobeCollabSync.exe 95 PID 5056 wrote to memory of 2356 5056 AdobeCollabSync.exe 95 PID 2820 wrote to memory of 1048 2820 AcroRd32.exe 98 PID 2820 wrote to memory of 1048 2820 AcroRd32.exe 98 PID 2820 wrote to memory of 1048 2820 AcroRd32.exe 98 PID 1048 wrote to memory of 4612 1048 RdrCEF.exe 99 PID 1048 wrote to memory of 4612 1048 RdrCEF.exe 99 PID 1048 wrote to memory of 4612 1048 RdrCEF.exe 99 PID 1048 wrote to memory of 4612 1048 RdrCEF.exe 99 PID 1048 wrote to memory of 4612 1048 RdrCEF.exe 99 PID 1048 wrote to memory of 4612 1048 RdrCEF.exe 99 PID 1048 wrote to memory of 4612 1048 RdrCEF.exe 99 PID 1048 wrote to memory of 4612 1048 RdrCEF.exe 99 PID 1048 wrote to memory of 4612 1048 RdrCEF.exe 99 PID 1048 wrote to memory of 4612 1048 RdrCEF.exe 99 PID 1048 wrote to memory of 4612 1048 RdrCEF.exe 99 PID 1048 wrote to memory of 4612 1048 RdrCEF.exe 99 PID 1048 wrote to memory of 4612 1048 RdrCEF.exe 99 PID 1048 wrote to memory of 4612 1048 RdrCEF.exe 99 PID 1048 wrote to memory of 4612 1048 RdrCEF.exe 99 PID 1048 wrote to memory of 4612 1048 RdrCEF.exe 99 PID 1048 wrote to memory of 4612 1048 RdrCEF.exe 99 PID 1048 wrote to memory of 4612 1048 RdrCEF.exe 99 PID 1048 wrote to memory of 4612 1048 RdrCEF.exe 99 PID 1048 wrote to memory of 4612 1048 RdrCEF.exe 99 PID 1048 wrote to memory of 4612 1048 RdrCEF.exe 99 PID 1048 wrote to memory of 4612 1048 RdrCEF.exe 99 PID 1048 wrote to memory of 4612 1048 RdrCEF.exe 99 PID 1048 wrote to memory of 4612 1048 RdrCEF.exe 99 PID 1048 wrote to memory of 4612 1048 RdrCEF.exe 99 PID 1048 wrote to memory of 4612 1048 RdrCEF.exe 99 PID 1048 wrote to memory of 4612 1048 RdrCEF.exe 99 PID 1048 wrote to memory of 4612 1048 RdrCEF.exe 99 PID 1048 wrote to memory of 4612 1048 RdrCEF.exe 99 PID 1048 wrote to memory of 4612 1048 RdrCEF.exe 99 PID 1048 wrote to memory of 4612 1048 RdrCEF.exe 99 PID 1048 wrote to memory of 4612 1048 RdrCEF.exe 99 PID 1048 wrote to memory of 4612 1048 RdrCEF.exe 99 PID 1048 wrote to memory of 4612 1048 RdrCEF.exe 99 PID 1048 wrote to memory of 4612 1048 RdrCEF.exe 99 PID 1048 wrote to memory of 4612 1048 RdrCEF.exe 99 PID 1048 wrote to memory of 4612 1048 RdrCEF.exe 99 PID 1048 wrote to memory of 4612 1048 RdrCEF.exe 99 PID 1048 wrote to memory of 4612 1048 RdrCEF.exe 99 PID 1048 wrote to memory of 4612 1048 RdrCEF.exe 99 PID 1048 wrote to memory of 4612 1048 RdrCEF.exe 99 PID 1048 wrote to memory of 3968 1048 RdrCEF.exe 100 PID 1048 wrote to memory of 3968 1048 RdrCEF.exe 100 PID 1048 wrote to memory of 3968 1048 RdrCEF.exe 100 PID 1048 wrote to memory of 3968 1048 RdrCEF.exe 100 PID 1048 wrote to memory of 3968 1048 RdrCEF.exe 100 PID 1048 wrote to memory of 3968 1048 RdrCEF.exe 100 PID 1048 wrote to memory of 3968 1048 RdrCEF.exe 100 PID 1048 wrote to memory of 3968 1048 RdrCEF.exe 100 PID 1048 wrote to memory of 3968 1048 RdrCEF.exe 100 PID 1048 wrote to memory of 3968 1048 RdrCEF.exe 100 PID 1048 wrote to memory of 3968 1048 RdrCEF.exe 100
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\NewCovid-21\GEO-CFUND-2009_CCM Agreement_Facesheet - signed.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2820 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c2⤵
- Suspicious use of WriteProcessMemory
PID:4556 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c --type=collab-renderer --proc=45563⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:5056 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe" GetChannelUri4⤵PID:2356
-
-
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
PID:1048 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=DE6DCC54B97DAACFEEAE45D1E2C17111 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:4612
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=354CA2EE94BE8FBB5A8DAD069E2FC7ED --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=354CA2EE94BE8FBB5A8DAD069E2FC7ED --renderer-client-id=2 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:13⤵PID:3968
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8B3F3D6AD9870280505E46A6D98BD3F9 --mojo-platform-channel-handle=2312 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:1280
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=B791263EB6F8713B80C9E53F9D227017 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=B791263EB6F8713B80C9E53F9D227017 --renderer-client-id=5 --mojo-platform-channel-handle=1940 --allow-no-sandbox-job /prefetch:13⤵PID:3896
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=08852C2E15B01A0E3A4F074A5111B465 --mojo-platform-channel-handle=2596 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:1636
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=4A1FD060E237FAB6DA48179AC7FB0C40 --mojo-platform-channel-handle=1724 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:4804
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=3AFBF8A9BD1F5710B397620151AA8B35 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=3AFBF8A9BD1F5710B397620151AA8B35 --renderer-client-id=10 --mojo-platform-channel-handle=2764 --allow-no-sandbox-job /prefetch:13⤵PID:4500
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3560
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
36KB
MD5b30d3becc8731792523d599d949e63f5
SHA119350257e42d7aee17fb3bf139a9d3adb330fad4
SHA256b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3
SHA512523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e
-
Filesize
56KB
MD5752a1f26b18748311b691c7d8fc20633
SHA1c1f8e83eebc1cc1e9b88c773338eb09ff82ab862
SHA256111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131
SHA512a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5
-
Filesize
64KB
MD5dc6dadc01eb5ae6de7287c7ce90b7234
SHA178d418c5984859a19eb0b2fb38bc96c3e32a5a3c
SHA2566a46f3f639f5845d65bc3972b10d88fc3c3cdba8c10ca5d5fb0931207ca4bbc8
SHA51267b0666937ff44dbf998edbe900ad7642900f9f5cffbe43142a654394955e06119fb0f8d8cdd3b0b178dd2d8706a180d0c0f0bac03d5742898e3017f669b6b41
-
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\DesktopNotification\NotificationsDB\notificationsDB
Filesize24KB
MD54fe2b64a2631d0d6eb30b8f42b49bcf5
SHA110c931554e79c2f4280a65ef2ad57ff61a2429ec
SHA2564901703febb24c665059d25ae6d0769c55051bcdc1b7a72b600252d4c3b0eca0
SHA5128ad48178aa8d835e0c2028688e41f575e50e21b6b4b59161d08984c300911fda1a4614738bfa5557c3f2d254373a61497b491cbc7fb163afea2dbe08fcb67004
-
Filesize
92KB
MD5245950c48f668cf2fcb3c64778e64089
SHA13a5a14c820f58e35a3fc6f5de29669f0840587d8
SHA256a027cf12f2055635a3020f08e0448b2f0314791260ccd25570426088c5b0e307
SHA5124fc8448536663b551cc716d78715f06d4ed217fbdf755924f0b30aebbb6212798a61c6638f919d5c14bdb6998d6a12f0ca37281f3c7f484c1821fbfc98d4a24d
-
Filesize
92KB
MD5aebe0d2eb7a2077a55e57a955e62406a
SHA13f811b8148f12220f4b45699135e6d21c9847d8a
SHA25687aa4c64348b534771f03919b5bdca09596e89f6e0cca0a992bb3d290ec4155a
SHA512efa1b082925a4e478fcea74764bbacb91d43da8c01c4b360a34e6f7402af23f91c93b5e91c6266120e144b5300e8dae73a62a7b6d7c4328410128f6a72a7baed
-
Filesize
92KB
MD5f637f536bf5cb6bc03b9ad6628dcab5a
SHA106dcc465140f7ba2c3ece8cb31928a6d63d0ca20
SHA256442ec0760183a1c8e281c594567bf0e89b94466fa764307f292a0a32356e07e1
SHA512901285ef9c85274e9962ce8fbc448cf307ef50c23644f92111817ca4d4fbf9bbc94ad5445f51ffe8a44f954089e3b4cf57b4f0680c5d27c2c3226974d8e7c882
-
Filesize
92KB
MD56c67671427278483d2728a48c10fffc4
SHA188cf1a5347c88491f2666921ee694a6a4e165640
SHA25679dcdd710ec4d0a0fbdae0e1480777769029d6ee3187a250fa1765ba7b221822
SHA512833a919cd5a604aac7951e893c789d1cefd1a1fb3f5889c15dc118c956c3aecd88580a37d4591f9d9876f6f629cee01b58df4081a285d26c7267d658d6496da0
-
Filesize
3.6MB
MD5eacf7fae6113ca0dc6577bf4a0b4cf8c
SHA1a070901fb29267aaa25e1f85f77bfed1b3ef8446
SHA256f0cbb9bed3f12ea767ee9572aefdea89338643b6b803b180f3c494a83745e83f
SHA5129ef45a231319f1b86f7fc9a2f15048a3d28bed9e8fcc6007921ad9ad2dae9d9b3c3b0ee15cefbb9d80af8059c4bcb0ed5cd2eba4d4e3b27b29e6146f8eb9e22a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
Filesize471B
MD5f5a650353ee243aaf1cf1f6889d25c76
SHA16bb2f62b62f2416cbd87e2d63908523cc2b7bbed
SHA256535aca1a3b43aaa89e54f76365b0b26ea6f48e896fa5384dce5494fd8478c4f0
SHA512f8951eb7a7c556f414d7b16aa36716288b7f8845b2fb578dbc7df6b23148f3f54272db8bb1ce7db6823f3dde2d31befd42e604bde44b15c6b508079028f82f0c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
Filesize400B
MD5a300c7e5377f19b964f0d8c12d91bae2
SHA1fee5348a0ca37a548edb19f57d7270dca327278b
SHA25660814744312b6e3f5389fcea6721c9c0fca6373a0d25385ba56ad7aa993e9fe5
SHA512ccc4d168fc8a0830097477b621266cd0d16c20e2df51ea82aed6cb633ead7ab5c59f79ddb4fc5c061db6f2dee6361b5b8a5d54d67c105aadf2768df3cfa9a355
-
Filesize
12KB
MD5b8c287a3d8453c3d0f594ba0f6541955
SHA119f8b3ae0e3c89b9cca3def9cf2ce9cc4f0afd2e
SHA2567f7856faa8a00d94876b6e7c895730c08bcd5db1c3f07ba04267cf110a66ad72
SHA5127bfd187c290f34892965f2bfe1607fbcf70ef89864de5f48fc9257c74ffa1a1654772a9a94fb7ff36ffcf39725b89837a6f2c69e768097407a03903031057da7
-
Filesize
14KB
MD5947f93fe0eed44767626846f28cfde05
SHA1f6276d2a2b4a9d8a8e23c84019cd3961e9d60e88
SHA25606a576fc14e995c437b26c0d150b4e84cd745e7cedfd972a84b42b51c842fc9b
SHA512f97739eb0d22a99b06ef340aefb0d5a5b45b679d28accff3de2565166392c7d2fabaa33f945696f7d456ba2ef323f48e43eb26578f71c8b2e8ed32fb4dc69bc9
-
Filesize
5.3MB
MD5c34fbec852686f9cdceb057afab88123
SHA11f0dc09dc3ddaee50f820a1d316b0bbbcf0d2b2c
SHA25603140463d9f2ed2a98d80d9e7210d8d35a6c8db17daa313c8ccddb9a696d3c90
SHA512a6676c35896339b38729c49d21d8b3ddbc916e02d9e98974d7ccc98acacc1bb4acfdd9072927341985fdf3a3c11da7f4cfbd06a9703d15dc552c8c8170cc3be4