Overview
overview
7Static
static
315 Cable 4...n.pptx
windows7-x64
115 Cable 4...n.pptx
windows10-2004-x64
115 Cable 4...1n.ttf
windows7-x64
315 Cable 4...1n.ttf
windows10-2004-x64
715 Cable 4...e4.exe
windows7-x64
115 Cable 4...e4.exe
windows10-2004-x64
115 Cable 4...32.dll
windows7-x64
315 Cable 4...32.dll
windows10-2004-x64
315 Cable 4...ay.dll
windows7-x64
115 Cable 4...ay.dll
windows10-2004-x64
115 Cable 4...mm.dll
windows7-x64
115 Cable 4...mm.dll
windows10-2004-x64
115 Cable 4...32.dll
windows7-x64
115 Cable 4...32.dll
windows10-2004-x64
315 Cable 4...mm.dll
windows7-x64
115 Cable 4...mm.dll
windows10-2004-x64
115 Cable 4...ue.htm
windows7-x64
115 Cable 4...ue.htm
windows10-2004-x64
115 Cable 4...ue.pdf
windows7-x64
115 Cable 4...ue.pdf
windows10-2004-x64
1Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
25-04-2024 09:30
Static task
static1
Behavioral task
behavioral1
Sample
15 Cable 4.0/Cable 4 instruction.pptx
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
15 Cable 4.0/Cable 4 instruction.pptx
Resource
win10v2004-20240412-en
Behavioral task
behavioral3
Sample
15 Cable 4.0/Cable1251n.ttf
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
15 Cable 4.0/Cable1251n.ttf
Resource
win10v2004-20240412-en
Behavioral task
behavioral5
Sample
15 Cable 4.0/Cable4.exe
Resource
win7-20240220-en
Behavioral task
behavioral6
Sample
15 Cable 4.0/Cable4.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral7
Sample
15 Cable 4.0/INETWH32.dll
Resource
win7-20240215-en
Behavioral task
behavioral8
Sample
15 Cable 4.0/INETWH32.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
15 Cable 4.0/Rhmmplay.dll
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
15 Cable 4.0/Rhmmplay.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral11
Sample
15 Cable 4.0/borlndmm.dll
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
15 Cable 4.0/borlndmm.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral13
Sample
15 Cable 4.0/cable32.dll
Resource
win7-20240220-en
Behavioral task
behavioral14
Sample
15 Cable 4.0/cable32.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral15
Sample
15 Cable 4.0/delphimm.dll
Resource
win7-20240215-en
Behavioral task
behavioral16
Sample
15 Cable 4.0/delphimm.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral17
Sample
15 Cable 4.0/rhodiatongue.htm
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
15 Cable 4.0/rhodiatongue.htm
Resource
win10v2004-20240412-en
Behavioral task
behavioral19
Sample
15 Cable 4.0/rhodiatongue.pdf
Resource
win7-20240215-en
Behavioral task
behavioral20
Sample
15 Cable 4.0/rhodiatongue.pdf
Resource
win10v2004-20240412-en
General
-
Target
15 Cable 4.0/rhodiatongue.pdf
-
Size
410KB
-
MD5
58fe5c7724f291173b865a4e38a70990
-
SHA1
2510e72f6d074e4afb94e7fe5a948dbd95cdd006
-
SHA256
0dd9b5e63cacf6a3bd93f8eaa4b953ab4f539a5dc9e09858500f2ee28f6fd30d
-
SHA512
fcd9b1a639b0a46b43f6e5012f265b4110d60dae9c420004cc9f7f2e893b9bfa0bf146c7d93af7e95efcf0c34947a80383ff30babcdb1956d0625e467c8433b0
-
SSDEEP
6144:ETp0UnLmc+Ltc+QI8BYnf6QjJMkXbbTh//e7kf76b4n:Eec+LtcgQYnfHXHUgfWq
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
AcroRd32.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
Processes:
AcroRd32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
AcroRd32.exepid process 3700 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
Processes:
AcroRd32.exepid process 3700 AcroRd32.exe 3700 AcroRd32.exe 3700 AcroRd32.exe 3700 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
AcroRd32.exeRdrCEF.exedescription pid process target process PID 3700 wrote to memory of 3280 3700 AcroRd32.exe RdrCEF.exe PID 3700 wrote to memory of 3280 3700 AcroRd32.exe RdrCEF.exe PID 3700 wrote to memory of 3280 3700 AcroRd32.exe RdrCEF.exe PID 3280 wrote to memory of 4856 3280 RdrCEF.exe RdrCEF.exe PID 3280 wrote to memory of 4856 3280 RdrCEF.exe RdrCEF.exe PID 3280 wrote to memory of 4856 3280 RdrCEF.exe RdrCEF.exe PID 3280 wrote to memory of 4856 3280 RdrCEF.exe RdrCEF.exe PID 3280 wrote to memory of 4856 3280 RdrCEF.exe RdrCEF.exe PID 3280 wrote to memory of 4856 3280 RdrCEF.exe RdrCEF.exe PID 3280 wrote to memory of 4856 3280 RdrCEF.exe RdrCEF.exe PID 3280 wrote to memory of 4856 3280 RdrCEF.exe RdrCEF.exe PID 3280 wrote to memory of 4856 3280 RdrCEF.exe RdrCEF.exe PID 3280 wrote to memory of 4856 3280 RdrCEF.exe RdrCEF.exe PID 3280 wrote to memory of 4856 3280 RdrCEF.exe RdrCEF.exe PID 3280 wrote to memory of 4856 3280 RdrCEF.exe RdrCEF.exe PID 3280 wrote to memory of 4856 3280 RdrCEF.exe RdrCEF.exe PID 3280 wrote to memory of 4856 3280 RdrCEF.exe RdrCEF.exe PID 3280 wrote to memory of 4856 3280 RdrCEF.exe RdrCEF.exe PID 3280 wrote to memory of 4856 3280 RdrCEF.exe RdrCEF.exe PID 3280 wrote to memory of 4856 3280 RdrCEF.exe RdrCEF.exe PID 3280 wrote to memory of 4856 3280 RdrCEF.exe RdrCEF.exe PID 3280 wrote to memory of 4856 3280 RdrCEF.exe RdrCEF.exe PID 3280 wrote to memory of 4856 3280 RdrCEF.exe RdrCEF.exe PID 3280 wrote to memory of 4856 3280 RdrCEF.exe RdrCEF.exe PID 3280 wrote to memory of 4856 3280 RdrCEF.exe RdrCEF.exe PID 3280 wrote to memory of 4856 3280 RdrCEF.exe RdrCEF.exe PID 3280 wrote to memory of 4856 3280 RdrCEF.exe RdrCEF.exe PID 3280 wrote to memory of 4856 3280 RdrCEF.exe RdrCEF.exe PID 3280 wrote to memory of 4856 3280 RdrCEF.exe RdrCEF.exe PID 3280 wrote to memory of 4856 3280 RdrCEF.exe RdrCEF.exe PID 3280 wrote to memory of 4856 3280 RdrCEF.exe RdrCEF.exe PID 3280 wrote to memory of 4856 3280 RdrCEF.exe RdrCEF.exe PID 3280 wrote to memory of 4856 3280 RdrCEF.exe RdrCEF.exe PID 3280 wrote to memory of 4856 3280 RdrCEF.exe RdrCEF.exe PID 3280 wrote to memory of 4856 3280 RdrCEF.exe RdrCEF.exe PID 3280 wrote to memory of 4856 3280 RdrCEF.exe RdrCEF.exe PID 3280 wrote to memory of 4856 3280 RdrCEF.exe RdrCEF.exe PID 3280 wrote to memory of 4856 3280 RdrCEF.exe RdrCEF.exe PID 3280 wrote to memory of 4856 3280 RdrCEF.exe RdrCEF.exe PID 3280 wrote to memory of 4856 3280 RdrCEF.exe RdrCEF.exe PID 3280 wrote to memory of 4856 3280 RdrCEF.exe RdrCEF.exe PID 3280 wrote to memory of 4856 3280 RdrCEF.exe RdrCEF.exe PID 3280 wrote to memory of 4856 3280 RdrCEF.exe RdrCEF.exe PID 3280 wrote to memory of 4856 3280 RdrCEF.exe RdrCEF.exe PID 3280 wrote to memory of 4748 3280 RdrCEF.exe RdrCEF.exe PID 3280 wrote to memory of 4748 3280 RdrCEF.exe RdrCEF.exe PID 3280 wrote to memory of 4748 3280 RdrCEF.exe RdrCEF.exe PID 3280 wrote to memory of 4748 3280 RdrCEF.exe RdrCEF.exe PID 3280 wrote to memory of 4748 3280 RdrCEF.exe RdrCEF.exe PID 3280 wrote to memory of 4748 3280 RdrCEF.exe RdrCEF.exe PID 3280 wrote to memory of 4748 3280 RdrCEF.exe RdrCEF.exe PID 3280 wrote to memory of 4748 3280 RdrCEF.exe RdrCEF.exe PID 3280 wrote to memory of 4748 3280 RdrCEF.exe RdrCEF.exe PID 3280 wrote to memory of 4748 3280 RdrCEF.exe RdrCEF.exe PID 3280 wrote to memory of 4748 3280 RdrCEF.exe RdrCEF.exe PID 3280 wrote to memory of 4748 3280 RdrCEF.exe RdrCEF.exe PID 3280 wrote to memory of 4748 3280 RdrCEF.exe RdrCEF.exe PID 3280 wrote to memory of 4748 3280 RdrCEF.exe RdrCEF.exe PID 3280 wrote to memory of 4748 3280 RdrCEF.exe RdrCEF.exe PID 3280 wrote to memory of 4748 3280 RdrCEF.exe RdrCEF.exe PID 3280 wrote to memory of 4748 3280 RdrCEF.exe RdrCEF.exe PID 3280 wrote to memory of 4748 3280 RdrCEF.exe RdrCEF.exe PID 3280 wrote to memory of 4748 3280 RdrCEF.exe RdrCEF.exe PID 3280 wrote to memory of 4748 3280 RdrCEF.exe RdrCEF.exe
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\15 Cable 4.0\rhodiatongue.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=18FE96B921D7A4A6EA19F114F3741FF9 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=3812C5E6AA101FCE45312650707B8422 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=3812C5E6AA101FCE45312650707B8422 --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:13⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=790DADC9479A41406B74A57BEBAB1240 --mojo-platform-channel-handle=2164 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B11343BB696751DFDA2F622EF197659D --mojo-platform-channel-handle=1972 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=D5A67E3990468B22061BB4F62CD56918 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=D5A67E3990468B22061BB4F62CD56918 --renderer-client-id=6 --mojo-platform-channel-handle=2460 --allow-no-sandbox-job /prefetch:13⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F7B4FD1AC6F13FEC1ACF3D5A3F5C0C48 --mojo-platform-channel-handle=2228 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessagesFilesize
64KB
MD55c8b29dd4be1e4c02e4ce13f7d6c6b53
SHA1d38962c2c4b6f6847665ddc4bdbf1e3eb700c836
SHA256f511a7bc8ec02a48f57a8cf1ec11e0ed9ae10d923a5f411ec5025c6cda66f7b3
SHA512b11edbf7cd6c4f519a7875899ab58c5425aa99652649be1ef0af77b4d8a2d89107df988eee4f611ef116e6fed8880c53ed3f38e77f7992e803a6ec37820d1a30
-
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessagesFilesize
64KB
MD577610b8ae91778abe54c93aed4426a15
SHA1ffda3f461d85ab128714d7d31af802931fce5765
SHA256f0b25e25b68c96e77dbcf3be56c7a2c4ee730481d3a0dc53e0c495bbedd122ab
SHA51229cb0174a671a43c998d1d411ecb898efe621baa065c6b41a6d959d9db395d76fe792d3d8be8801407f320f95f09a20a35ad85b38e833ec16ff994d49fa8ce1d
-
memory/3700-31-0x0000000007E70000-0x0000000007E91000-memory.dmpFilesize
132KB