55b0247b9b574978a4c9abd19c3bcc04ea78598398b9f8aeb35bd51cbd877576

Resubmissions

22/04/2024, 13:22

240422-qmp49scb3z 3

22/04/2024, 13:20

240422-qk3mkscb2t 3

22/01/2024, 15:42

240122-s5pybsacbm 3

16/01/2024, 17:21

240116-vw6ktsfebr 3

Analysis

max time kernel
179s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240412-es
resource tags

arch:x64arch:x86image:win10v2004-20240412-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
22/04/2024, 13:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

documento9030.exe
Size

6.5MB
MD5

5098ffb7635e3b87c1476aea7d24a5bf
SHA1

50fa4755fd48e1b22a718b6a90b46dbead28fcbd
SHA256

55b0247b9b574978a4c9abd19c3bcc04ea78598398b9f8aeb35bd51cbd877576
SHA512

95822f54872cee4b78b3956315bab722e8623a36c3627d9a32a614aeb4b5be2adcf2a88592dc2d05f2fe97c8e9c234062983a6a396bb72a034d0ad0dbc24f40b
SSDEEP

98304:imMbDvtv04eVg5Vy7DzGMoSICiEdefg5SVdO1rjFnW:iJb7df5Q3zr3IREwfa4itn

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1132431369-515282257-1998160155-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-1132431369-515282257-1998160155-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
5564	msedge.exe
5564	msedge.exe
4000	AcroRd32.exe
4000	AcroRd32.exe
4000	AcroRd32.exe
4000	AcroRd32.exe
4000	AcroRd32.exe
4000	AcroRd32.exe
4000	AcroRd32.exe
4000	AcroRd32.exe
4000	AcroRd32.exe
4000	AcroRd32.exe
4000	AcroRd32.exe
4000	AcroRd32.exe
4000	AcroRd32.exe
4000	AcroRd32.exe
4000	AcroRd32.exe
4000	AcroRd32.exe
4000	AcroRd32.exe
4000	AcroRd32.exe
4000	AcroRd32.exe
4000	AcroRd32.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
4000	AcroRd32.exe
4480	AcroRd32.exe

Suspicious use of SetWindowsHookEx 11 IoCs

pid	Process
4000	AcroRd32.exe
4000	AcroRd32.exe
4000	AcroRd32.exe
4000	AcroRd32.exe
4000	AcroRd32.exe
4000	AcroRd32.exe
4480	AcroRd32.exe
4480	AcroRd32.exe
4480	AcroRd32.exe
4480	AcroRd32.exe
4360	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4000 wrote to memory of 4380	4000	AcroRd32.exe	91
PID 4000 wrote to memory of 4380	4000	AcroRd32.exe	91
PID 4000 wrote to memory of 4380	4000	AcroRd32.exe	91
PID 4380 wrote to memory of 2032	4380	RdrCEF.exe	92
PID 4380 wrote to memory of 2032	4380	RdrCEF.exe	92
PID 4380 wrote to memory of 2032	4380	RdrCEF.exe	92
PID 4380 wrote to memory of 2032	4380	RdrCEF.exe	92
PID 4380 wrote to memory of 2032	4380	RdrCEF.exe	92
PID 4380 wrote to memory of 2032	4380	RdrCEF.exe	92
PID 4380 wrote to memory of 2032	4380	RdrCEF.exe	92
PID 4380 wrote to memory of 2032	4380	RdrCEF.exe	92
PID 4380 wrote to memory of 2032	4380	RdrCEF.exe	92
PID 4380 wrote to memory of 2032	4380	RdrCEF.exe	92
PID 4380 wrote to memory of 2032	4380	RdrCEF.exe	92
PID 4380 wrote to memory of 2032	4380	RdrCEF.exe	92
PID 4380 wrote to memory of 2032	4380	RdrCEF.exe	92
PID 4380 wrote to memory of 2032	4380	RdrCEF.exe	92
PID 4380 wrote to memory of 2032	4380	RdrCEF.exe	92
PID 4380 wrote to memory of 2032	4380	RdrCEF.exe	92
PID 4380 wrote to memory of 2032	4380	RdrCEF.exe	92
PID 4380 wrote to memory of 2032	4380	RdrCEF.exe	92
PID 4380 wrote to memory of 2032	4380	RdrCEF.exe	92
PID 4380 wrote to memory of 2032	4380	RdrCEF.exe	92
PID 4380 wrote to memory of 2032	4380	RdrCEF.exe	92
PID 4380 wrote to memory of 2032	4380	RdrCEF.exe	92
PID 4380 wrote to memory of 2032	4380	RdrCEF.exe	92
PID 4380 wrote to memory of 2032	4380	RdrCEF.exe	92
PID 4380 wrote to memory of 2032	4380	RdrCEF.exe	92
PID 4380 wrote to memory of 2032	4380	RdrCEF.exe	92
PID 4380 wrote to memory of 2032	4380	RdrCEF.exe	92
PID 4380 wrote to memory of 2032	4380	RdrCEF.exe	92
PID 4380 wrote to memory of 2032	4380	RdrCEF.exe	92
PID 4380 wrote to memory of 2032	4380	RdrCEF.exe	92
PID 4380 wrote to memory of 2032	4380	RdrCEF.exe	92
PID 4380 wrote to memory of 2032	4380	RdrCEF.exe	92
PID 4380 wrote to memory of 2032	4380	RdrCEF.exe	92
PID 4380 wrote to memory of 2032	4380	RdrCEF.exe	92
PID 4380 wrote to memory of 2032	4380	RdrCEF.exe	92
PID 4380 wrote to memory of 2032	4380	RdrCEF.exe	92
PID 4380 wrote to memory of 2032	4380	RdrCEF.exe	92
PID 4380 wrote to memory of 2032	4380	RdrCEF.exe	92
PID 4380 wrote to memory of 2032	4380	RdrCEF.exe	92
PID 4380 wrote to memory of 2032	4380	RdrCEF.exe	92
PID 4380 wrote to memory of 2032	4380	RdrCEF.exe	92
PID 4380 wrote to memory of 1080	4380	RdrCEF.exe	93
PID 4380 wrote to memory of 1080	4380	RdrCEF.exe	93
PID 4380 wrote to memory of 1080	4380	RdrCEF.exe	93
PID 4380 wrote to memory of 1080	4380	RdrCEF.exe	93
PID 4380 wrote to memory of 1080	4380	RdrCEF.exe	93
PID 4380 wrote to memory of 1080	4380	RdrCEF.exe	93
PID 4380 wrote to memory of 1080	4380	RdrCEF.exe	93
PID 4380 wrote to memory of 1080	4380	RdrCEF.exe	93
PID 4380 wrote to memory of 1080	4380	RdrCEF.exe	93
PID 4380 wrote to memory of 1080	4380	RdrCEF.exe	93
PID 4380 wrote to memory of 1080	4380	RdrCEF.exe	93
PID 4380 wrote to memory of 1080	4380	RdrCEF.exe	93
PID 4380 wrote to memory of 1080	4380	RdrCEF.exe	93
PID 4380 wrote to memory of 1080	4380	RdrCEF.exe	93
PID 4380 wrote to memory of 1080	4380	RdrCEF.exe	93
PID 4380 wrote to memory of 1080	4380	RdrCEF.exe	93
PID 4380 wrote to memory of 1080	4380	RdrCEF.exe	93
PID 4380 wrote to memory of 1080	4380	RdrCEF.exe	93
PID 4380 wrote to memory of 1080	4380	RdrCEF.exe	93
PID 4380 wrote to memory of 1080	4380	RdrCEF.exe	93

C:\Users\Admin\AppData\Local\Temp\documento9030.exe
"C:\Users\Admin\AppData\Local\Temp\documento9030.exe"
1⤵
PID:4256

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\XML-A873ACA2-23AB-FAF0-2475-B316368685F7.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4000
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4380
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F25B2666E02B66BB5D71D47F529F1A60 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2032
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=77F6A604BF864D793438479705EA22F0 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=77F6A604BF864D793438479705EA22F0 --renderer-client-id=2 --mojo-platform-channel-handle=1756 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1080
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=01D1C031493764EAC29A1B6D59755418 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=01D1C031493764EAC29A1B6D59755418 --renderer-client-id=4 --mojo-platform-channel-handle=2312 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2676
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=657DA31B29FC940127316022A34E1581 --mojo-platform-channel-handle=2568 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:5104
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=681AB0AAA18157CD578AD9A5D1019163 --mojo-platform-channel-handle=2776 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4032
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=33A1004A3894E28608FA5D0D841AC1AB --mojo-platform-channel-handle=1732 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3092

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault50309b44h9915h4d57hacd6h07c3fcdac7c9
1⤵
PID:5308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff748346f8,0x7fff74834708,0x7fff74834718
  2⤵
  PID:5332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,9556158444896851177,4814549520535615427,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
  2⤵
  PID:5556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,9556158444896851177,4814549520535615427,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,9556158444896851177,4814549520535615427,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
  2⤵
  PID:5600

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2372

C:\Users\Admin\AppData\Local\Temp\documento9030.exe
"C:\Users\Admin\AppData\Local\Temp\documento9030.exe"
1⤵
PID:5216

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\XML-A873ACA2-23AB-FAF0-2475-B316368685F7_1.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:4480
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  PID:5948
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=BF836FF20D18FABDA6D4A0D7F7A808D1 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=BF836FF20D18FABDA6D4A0D7F7A808D1 --renderer-client-id=2 --mojo-platform-channel-handle=1688 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4804
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=50DD54E97BF773B0DE0B51615844A9F6 --mojo-platform-channel-handle=1888 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:6060
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8CC10555112E845896AF397B04AB1E5E --mojo-platform-channel-handle=2428 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:5304
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=68A549AC952F601FA52250D898C10FD3 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=68A549AC952F601FA52250D898C10FD3 --renderer-client-id=5 --mojo-platform-channel-handle=2524 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2836
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=4D37809579A3E913FFBEAE098FFCDBB5 --mojo-platform-channel-handle=2800 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4736
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=14052B50F80245FBB37D7C1A8E34B6F8 --mojo-platform-channel-handle=1980 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:5512
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=B77377DB28038C865A296888694FEB47 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=B77377DB28038C865A296888694FEB47 --renderer-client-id=10 --mojo-platform-channel-handle=2652 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:5644

C:\Users\Admin\AppData\Local\Temp\documento9030.exe
"C:\Users\Admin\AppData\Local\Temp\documento9030.exe"
1⤵
PID:5628

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\XML-A873ACA2-23AB-FAF0-2475-B316368685F7_2.pdf"
1⤵
- Checks processor information in registry
- Suspicious use of SetWindowsHookEx
PID:4360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1

Filesize
264KB

MD5
6c5aec45082bff8fc162335f504dab0b

SHA1
144cbc22f2ec92b151009931fc1633d5b444d5a4

SHA256
b7cc78102d3ee57f3250aa9537718dd5937e9287bfd89daa236866d8b6e53baa

SHA512
a1b94b2f3462b8839f8f05769e55cecf138fe9446d4092f6882791d4cedb8fc4991d380deb9b57db9185e0fd1ad6ebd1a5cf4835e4612dfac91dc722e3fd0148

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Filesize
292B

MD5
ef227216db03290cc8a1753ddef74f49

SHA1
7c1206dd5d5380e4af1b7fdc04dad27c072c193f

SHA256
7279e49d1bb1196b68b6bad4e5af0c379d1b16db13e0eff9190d8f9b872c862f

SHA512
a7099fe6234ef1f13cf5e1748d3974f6860fa95bdb3f67984bb45e272a2824e48b0e2a82c82371f6aeddf795d5f0d00bf0327c9e4af17bc6251181991d50e547

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links

Filesize
128KB

MD5
70a286549452dff18a339634b03eb001

SHA1
73b9648ebf7157a04b72559edc381d9fcd0bdf46

SHA256
5549691449c21170cd7c7a556f5d72a9dc97284b35a880656df7d5e10383b58c

SHA512
4a8b07dc776967227bd5d0c5ab45cfaadb987e082f406a0d797430edd50368311167e13631bc3555e5a7439d0e0df428ceb9b64777d1db17d91b30b56dd73385

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
e439cd367bd5e0af6ab8b6303ef1607d

SHA1
384782a0a3d4ca00b33f1dcdfeb72b922b2ef410

SHA256
74a07100cd751b08eafffa2aed80de4a0ab3a6fd0444739994a666fd84041b94

SHA512
2b8309e788a52b96bb9a6a929689b5ac2555807c5400e8ef897418b3d37c7b999a37539c1c6406a49aee153414c6c4f58881c56f7e72ee8ce707915c237ca3a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
5a65632251ef5d021eb8a2624b604423

SHA1
09e830dcfc400848759fa05ad768f8e1dfbc3615

SHA256
f78209a7e12bfa8773e4212210978ec730ac56da9146992892f85e52a80a7c6e

SHA512
dfbdc1d8f09427f4a50383fa465da9caf102184204ae07ee8c1635d6736ec20fdb327b4194aaf4d2f8563592e16ac3c274cc6c77496ad35aab22643501a57c43

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
098b995750cf912c817f06e6143ac975

SHA1
3853408b6bb2f419f011c98d7b6e8531575dec49

SHA256
a7b0c44db90520af5784fd4a6112be382c7eca5087ffd027a225154627ded58a

SHA512
4dc7581f6b077708ddaa140795d2ab74733a3845e63ace2aab5c1e1c8ace8e326468c5739714e3716488976a5b4e7d9281b2daa2acaac77b97363746da00e082

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
36KB

MD5
b30d3becc8731792523d599d949e63f5

SHA1
19350257e42d7aee17fb3bf139a9d3adb330fad4

SHA256
b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

SHA512
523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt19.lst

Filesize
536B

MD5
63088721a217f0a7526161f105840eb2

SHA1
61373e5e0563e14529815a9f1257619d1d379afa

SHA256
0aed7a8202494764d4231803bef5f362aa3c9303f656bddf3f5372a8f590eea0

SHA512
b29dfae9a4da9cf1da6892bccfd04ed71bee8820cbe7e7d668b03126c37a0f5fd8afce8c3f2a957ae6a80bce98d97b45ace8c97e15542e0b51ab0df0840698f6

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt19.lst

Filesize
98KB

MD5
2817ab28a7b71474a97469768f5e1178

SHA1
68483d7bf6fcab88e32489b5c12d69092799fda1

SHA256
705c4374621f94fddd65d103b6f838210f52d5ed4d8c0effc62f3c779a1a641d

SHA512
c1853fca80126ba32856ea64a79ea8b2a6c897b3d51ee3ed40ebae4c6e98d26bd86941557153df3729989705c7e10ec9069e3f93f5722d69976a5a10d9fff2be

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt19.lst

Filesize
9KB

MD5
8c3291c021739cec249168411f819d44

SHA1
df3b2739495a16835794438f05649110e9a239c5

SHA256
006360caf6d8a6b4cd95be62a676ca17455016acd86086304db0508e59fd262f

SHA512
ca89e0fe25afcd4240ff67124dc327190dafe96ee6c585edfb1d1594b5b4ea5bd3688cee9b2c44274d12eb845ce965c2a71e23770f6ad80b7788c367ca887606

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat

Filesize
337KB

MD5
79d0645b9fbeb9d694caa821215e8b62

SHA1
e6ba58d6c089de4258199dc4ddc56bda7b3b2c49

SHA256
1a712162553e94dd9de9e77356689f82d03d24e1d2b36d77e85277faed8d03ae

SHA512
84db139a467a46a6bdcdb69da1bf0c8645cdf65d9ca1ee3b1d75107bf416377f5387be3ca690c01ef68ec96af5d4ae571c0673bce6e8ce2878ab73a003a3afff

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Filesize
12KB

MD5
6b7d6abc02032efee2918b4f34fbf03c

SHA1
5b366987ed8a677af38c59bd39d4b328bc4f1227

SHA256
48ea3c0555a15a80ae3a0cb27e866755038fa7c2f2b667e4112de67ff142f84b

SHA512
1e86096c5d68af5ea37840ea01493bcac1f7d2bb412990ca8e28117c9f78ff0d13266e67e817696cf5bce50f1efa436b2d9269732b48119d3e3bdc7695b630c6

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\UserCache.bin

Filesize
39KB

MD5
cc6f6af60030d61c2050a17edbd753af

SHA1
5b46d03f38839cb5ef982b124bfd2267655658b4

SHA256
60991234956e8359acf8ab5bfb79ba768ff8bada5c40aa064c9ec7e387e0d3d2

SHA512
752bb8efa409d4366ecd331ba07314770d49e72f683bc5e0788d51f325a7a49335a991c68fcf35fe813e2606e2e6bb0eb2472068c3c88e6045167515c6c57aa4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bc2edd0741d97ae237e9f00bf3244144

SHA1
7c1e5d324f5c7137a3c4ec85146659f026c11782

SHA256
dbce3287c7ae69ccbd1d780c39f3ffa3c98bd4609a939fff8ee9c99f14265041

SHA512
00f505a0b4ea0df626175bf9d39a205f18f9754b62e4dba6fbb5b4a716b3539e7809723e1596bcfe1ba3041e22342e3a9cbaad88e84ce9c8c6531331bbc25093

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0297940fa85140eeaa34618d31e24b06

SHA1
80e2867a2ae29691d434079ef39bf5e95ccc4ecd

SHA256
475bf59f2e8459346440dc1abbf4d89ae5882e63ff203f3beaa81e76120254f5

SHA512
f3d6a10cc366b8f85c5802011528c84a7116c533f6c1ac666e9f96aeb69ac4795c93cf9c669cb5effbafa6fbe8b75402efa05d2bd77439f68062ee7a51646064

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
960220a8f439c8dafda68593fbed9489

SHA1
6716ada719581b4053aa96bf000c914a84071b88

SHA256
16afd61a207be364d7fbcacc2558b4e46cd5cadad9a9777cead7ef192c5038be

SHA512
0ca8d5b26d7194a1c357a53150b6479135326087e5c07704c2922a5177722d8dcca3a89e0a6f730b1ec33f80862e2ddcb2d092e9330f913f169a55c5f42ccdae

Download Submit
C:\Users\Admin\AppData\Local\Temp\XML-A873ACA2-23AB-FAF0-2475-B316368685F7.pdf

Filesize
1KB

MD5
8d76bdfc09986e4dfc347fba43f9273e

SHA1
7f942b5dc05668b396d8369db44e422202c7fcfd

SHA256
11db618d61b6e1709dff9cf162f86fb6982eae443f43af90cda59d4fa2d1a440

SHA512
35c1ee6c031ed96ca4ae4fbac6fca6218a5c8fc1dbc93ec01737bcfacdb69de2a14d0f79aec4721214b0d61ca921dd4e4c9ed4b3f9370606e119cede48573ee3

Download Submit
C:\Users\Admin\AppData\Local\Temp\XML-A873ACA2-23AB-FAF0-2475-B316368685F7_1.pdf

Filesize
1KB

MD5
c1bdfe49fa699f66e5db7bef7630e923

SHA1
e4be6a4891263579dee07a0c9eb882613bb02f89

SHA256
0706d25f84aba9970f5ecd73d6a48ea7e11ed3757582076c53b5babba26a6126

SHA512
b3888f4f75d5609bec0c5e522e88b7a550228bad928d1f0b884de05e26428beb3391f39dc22de9db45f661464d493b72a5722bcec9881b7be4be24e785835412

Download Submit
C:\Users\Admin\AppData\Local\Temp\XML-A873ACA2-23AB-FAF0-2475-B316368685F7_2.pdf

Filesize
1KB

MD5
6b74df81539a9cff7486f16fe294434f

SHA1
c0b41f75168a57519cb9a90e472b88f59371fcf2

SHA256
301deb9c0b65f76d8b0be80fc45b559c8245835e663fc632a91891440faf8bd5

SHA512
e6d84512f8e0fec7c41e82dacd445c68804b1140391265c3a527860d12e8e1b64c1f963435e356b34606fefa04df52afa6d162ddcbee58029794bddf7187c55c

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_store

Filesize
10KB

MD5
299c917c915e2fec29763a7d731f8c5c

SHA1
3657f241c01d436c0a08b02e8289b19ef586ca3f

SHA256
87200119c766725f493a1e28c1b5e630ea44bc64eb0334275276075086802b6a

SHA512
8f5b2a7ed4012f510005df80116335c57fc4c5006073de6d59dae51c7dea3281ff69cfb2e6d47045874e8222467ca10345fd6eb500c04a9216578a0872f87414

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei

Filesize
23KB

MD5
9314f7999880af1e62d24928473ad824

SHA1
982d93b65be8e073e177feb840ac3da42f7d4f1c

SHA256
f4cd15e40512f722ddde38a531f34617ebdc5ba184edda8aeb5465a9b64b2d26

SHA512
a35ce8da858db93f4ebdb5feb701b48a16e084d710088b908ceb5f604ad44a9ca913e28fdbeadf841fd9e51ed34bbf4811986d299e9535804db75a2144d95f8e

Download Submit
memory/4000-191-0x000000000B0D0000-0x000000000B37B000-memory.dmp

Filesize
2.7MB

Download
memory/4256-0-0x00000000017D0000-0x0000000001B25000-memory.dmp

Filesize
3.3MB

Download
memory/5216-247-0x0000000001730000-0x0000000001A85000-memory.dmp

Filesize
3.3MB

Download
memory/5628-348-0x00000000017F0000-0x0000000001B45000-memory.dmp

Filesize
3.3MB

Download