Malware Analysis Report

2025-03-15 00:25

Sample ID 240603-1752bsba61
Target 61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a
SHA256 61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a
Tags
persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a

Threat Level: Shows suspicious behavior

The file 61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a was found to be: Shows suspicious behavior.

Malicious Activity Summary

persistence

Executes dropped EXE

Loads dropped DLL

Checks computer location settings

Adds Run key to start application

Drops file in Program Files directory

Enumerates physical storage devices

Unsigned PE

Modifies Internet Explorer settings

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-03 22:18

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-03 22:18

Reported

2024-06-03 22:21

Platform

win7-20240215-en

Max time kernel

140s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe"

Signatures

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Adobe_Reader = "C:\\Program Files (x86)\\Adobe\\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Adobe\acrotray .exe C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe N/A
File created C:\Program Files (x86)\Adobe\acrotray.exe C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe N/A
File created \??\c:\program files (x86)\microsoft office\office14\bcssync.exe C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe N/A

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d3469f197ebea548b4940968b6ac482f0000000002000000000010660000000100002000000017cf56ce4743d405fbf6df161da8e0f8f63a1cd1250b8b8142e9436c10f1ce21000000000e8000000002000020000000f103791e7178b3fa4be4bab5f0b5962f9da720ea32fda1549b73079ea70a0ba690000000ca03bd2c05796c97b20cb9766fd34baa6ebd4836141a79ea9a71043ce939bd4670e887c9eaf5455e25ae7e6b3f162a0982b8bea8f52a7696ea4f3f666db21f3d86f6cbab1b9d84d22e1b896ed6da8ba6e4fd3af2dc0f4f471e7ecaaff51476efc081f9b09db850c8ec9cc0c09b9f8d60000c90a54b4ae4d0448009780b4c622812a8411b5852b5942d71f6e9b758465740000000b4538729421ab9fb09ae2c8c6df97f9be6b1d6fce9bc4782c5c2182d089f58e39e627bedda3aed703fc5ab42915f79368e4391fc427e030b7e85930b25c72cea C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3EE4C711-21F7-11EF-8840-6600925E2846} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d0f83b1404b6da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423614995" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff5600000000000000dc04000065020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d3469f197ebea548b4940968b6ac482f00000000020000000000106600000001000020000000892a0b55589e66cfa286d21ec8fd25f014eae2419bac2a254ebec03cf8fe7ad0000000000e8000000002000020000000ab2faf815d01499af05651317397748c96edfc29106a62f0b01743c79c53d02b20000000062bb5000a68a9d76d717ddbfc38233df37e67184723d5145bca7bfdf607494040000000a31366814f5f23e5b2d3def8db38c8d69948b5e79d7c0b7ffb9dca1d65f3e9da9ee5ff1a0eafa39b4307de6c6998fd21d5bf57da978010d6b3fb2facdeccf9a6 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1268 wrote to memory of 2244 N/A C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe
PID 1268 wrote to memory of 2244 N/A C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe
PID 1268 wrote to memory of 2244 N/A C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe
PID 1268 wrote to memory of 2244 N/A C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe
PID 1268 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe C:\Program Files (x86)\Adobe\acrotray.exe
PID 1268 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe C:\Program Files (x86)\Adobe\acrotray.exe
PID 1268 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe C:\Program Files (x86)\Adobe\acrotray.exe
PID 1268 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe C:\Program Files (x86)\Adobe\acrotray.exe
PID 2640 wrote to memory of 2552 N/A C:\Program Files (x86)\Adobe\acrotray.exe C:\Program Files (x86)\Adobe\acrotray.exe
PID 2640 wrote to memory of 2552 N/A C:\Program Files (x86)\Adobe\acrotray.exe C:\Program Files (x86)\Adobe\acrotray.exe
PID 2640 wrote to memory of 2552 N/A C:\Program Files (x86)\Adobe\acrotray.exe C:\Program Files (x86)\Adobe\acrotray.exe
PID 2640 wrote to memory of 2552 N/A C:\Program Files (x86)\Adobe\acrotray.exe C:\Program Files (x86)\Adobe\acrotray.exe
PID 2640 wrote to memory of 2432 N/A C:\Program Files (x86)\Adobe\acrotray.exe C:\Program Files (x86)\Adobe\acrotray .exe
PID 2640 wrote to memory of 2432 N/A C:\Program Files (x86)\Adobe\acrotray.exe C:\Program Files (x86)\Adobe\acrotray .exe
PID 2640 wrote to memory of 2432 N/A C:\Program Files (x86)\Adobe\acrotray.exe C:\Program Files (x86)\Adobe\acrotray .exe
PID 2640 wrote to memory of 2432 N/A C:\Program Files (x86)\Adobe\acrotray.exe C:\Program Files (x86)\Adobe\acrotray .exe
PID 2576 wrote to memory of 2108 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2576 wrote to memory of 2108 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2576 wrote to memory of 2108 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2576 wrote to memory of 2108 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2432 wrote to memory of 1536 N/A C:\Program Files (x86)\Adobe\acrotray .exe C:\Program Files (x86)\Adobe\acrotray .exe
PID 2432 wrote to memory of 1536 N/A C:\Program Files (x86)\Adobe\acrotray .exe C:\Program Files (x86)\Adobe\acrotray .exe
PID 2432 wrote to memory of 1536 N/A C:\Program Files (x86)\Adobe\acrotray .exe C:\Program Files (x86)\Adobe\acrotray .exe
PID 2432 wrote to memory of 1536 N/A C:\Program Files (x86)\Adobe\acrotray .exe C:\Program Files (x86)\Adobe\acrotray .exe
PID 2576 wrote to memory of 992 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2576 wrote to memory of 992 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2576 wrote to memory of 992 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2576 wrote to memory of 992 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe

"C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe"

C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe

"C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe" C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe"

C:\Program Files (x86)\Adobe\acrotray.exe

"C:\Program Files (x86)\Adobe\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding

C:\Program Files (x86)\Adobe\acrotray.exe

"C:\Program Files (x86)\Adobe\acrotray.exe" C:\Program Files (x86)\Adobe\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe"

C:\Program Files (x86)\Adobe\acrotray .exe

"C:\Program Files (x86)\Adobe\acrotray .exe" C:\Program Files (x86)\Adobe\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2576 CREDAT:275457 /prefetch:2

C:\Program Files (x86)\Adobe\acrotray .exe

"C:\Program Files (x86)\Adobe\acrotray .exe" C:\Program Files (x86)\Adobe\acrotray .exe" C:\Program Files (x86)\Adobe\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2576 CREDAT:406548 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.supernetforme.com udp
NL 185.107.56.193:80 www.supernetforme.com tcp
NL 185.107.56.193:80 www.supernetforme.com tcp
US 8.8.8.8:53 ww1.supernetforme.com udp
US 199.59.243.225:80 ww1.supernetforme.com tcp
US 199.59.243.225:80 ww1.supernetforme.com tcp
NL 94.75.229.248:80 tcp
NL 94.75.229.248:80 tcp
NL 94.75.229.248:80 tcp
NL 94.75.229.248:80 tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 204.79.197.200:443 ieonline.microsoft.com tcp
US 8.8.8.8:53 www.superwebbysearch.com udp
NL 37.48.65.154:80 www.superwebbysearch.com tcp
NL 37.48.65.154:80 www.superwebbysearch.com tcp

Files

memory/1268-0-0x0000000010000000-0x0000000010010000-memory.dmp

C:\Program Files (x86)\Adobe\acrotray.exe

MD5 144d4cd89314d8698e12b2685bdb4020
SHA1 b2bd7edcadc7dbe43ee5484527ff8cf6bd80fbb6
SHA256 99cac844935dc10c64b8d821f6142e408c0e45e2744660e8f6aeaa709a4d5eec
SHA512 d920d8bd9344da904774cb7b306c719e0127c9d34b5cb5ea8f3a0a90e11290464b512fd477f857a73a6b481b9241803c38b88885a6f64d171cd9e9c4875a5072

C:\Program Files (x86)\Adobe\acrotray .exe

MD5 a3e6216bd7b38b6ab01dbf9d851ad2d5
SHA1 7b768892bd01b294935fd77d0cf52a912b805bfa
SHA256 2cd482de40c8ee41849a5d7d6e41a89d3aec439ce2a1840616874eedeeb5e9c0
SHA512 efcf18b608b9297931ac02169cb6c0ed626524adab66c07a586bb3e0d1a48a9e5bb2def63d8f79b882e693b68b73f21ebd927949afd28e1c1424937a0fb0ab48

memory/1268-35-0x00000000020D0000-0x00000000020D2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Cab6F0B.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Temp\Tar7C2C.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b03e438db9c2e00f622fcbd964862953
SHA1 1e74ae319d4b0f3fa9d4fcb3111bca5fc6f4d262
SHA256 c0f99cdcaa44d1b7f524f5d40b0cc388b85166ed53312181910dd20f930bbb6e
SHA512 da3854d8f30b3a347925d7473ffd1c9c880806aeebc0ad35ec8113d63c16431e8f07e2ed902a06274e894694f7621116371c663489a328e432f88b4740ccc855

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7042ba7964de37d333ee0beefcedff0b
SHA1 652408b33636e003c4e1ac13010847eeefc4e8bb
SHA256 4139c77c990c9a970e6312d1c7356add36d9f756d34a526a205045bcffa948bb
SHA512 b1e20b0c58a0f91e89c4968c2e80b7efdab3b876eb07a7fbe5a0cdb5d8d08625bda84579533fc16bf2bb2d35fc8b96d8a8d7c70bf4b695cf3f856f4f1d25980c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eb5231f166bd2cf52ce08823ad02dc82
SHA1 519ad8edc59417628e380e901aab02efc598f7ec
SHA256 001a29073afe70a4c8f68fef416f4d2ca6fd4aaa767a70894dc3fd7ea5a096c6
SHA512 e78dd0771e32d014a1080d0ebb066610d32fab221387391497188afd65c0745e3cdf4d79f37d32e70a960f48b9a119005d8459e4e0cac236568c142f703f8e35

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 77adf42d80c2e834e998310db0e1cdeb
SHA1 5d7cb3add534e371cfc4790e7327fee0ae9f7cd9
SHA256 680629d759787b1d71c27b6cb7cd60d8468e919ea0d25861f6c11b85f086b4f6
SHA512 4e9bbde7c5fa6d4aefa0e2f87ed114733dec7b6013bd2cf12aaeccf26d13947260ee0d1fb735eb8b6e8e3fb15b6c2c46b14ee72de7c125051cc88b2682d75d9a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 156f91e94beb33139c9dee9fb08bebb1
SHA1 db2cf56c034a45111bd08307d7b60544e47b2662
SHA256 5ce69a74586d1466b220ba482d25a9672d3bbe45fdad415e5ab4fe938148a400
SHA512 2de1a3623c1c5bca9ace4844728134c42b1977c9e9fe25edc2d63f4e2e7fe89a937cda5309e4db08be90d222391953f4722635ae5ec313c4fb2c49d20e316346

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 484f0cfe73337400196d759e108f64af
SHA1 b16c132f61e5a0c614efb45d0be66dfdfd9b03fb
SHA256 faef337565747ba8066bdbc06623027d1c25624026811b561020608a17532b2f
SHA512 f0e7acfd8682d5f281e0d4aafa584e699e5b1bd188d7d4e74f32bd9ca64a42fbb695a7c60afdd293ca6aeba4798007beed8a24f46af02a3d758f0a3c87f32ee1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6595751e2d27bf232bea935ac849a65c
SHA1 a43d631d6f8559bbbae19eabef6a5b8d2095739a
SHA256 2ed175dfa3198a2f6ffffe798a056a505dcfaf48b602d3e13bce891e98fdf1dc
SHA512 862007ced84f626695e5c9e7ca9825b4b8317001fede94a530ac2a1024ff3b720193651a34eeab8beb3ec709aa9c06cdcfcd1f9f0f25cc40ab277f04daea2218

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f904f8332dd0f0a85b1692a92d1a01a7
SHA1 40909f678e191edc93332d5b545d6928188251a9
SHA256 134f5409c47442e8f53a44bf71a26478c2f5733a58e73fa3ba752819b4477956
SHA512 9beb491db9b418e9c961fa38e37e54bcf028bbc1dc20e48c2add367acb3e720fa920a89cb961cf9f4df521d32fd5ea0f5730c71bbc3e0708854ebb401a88804e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4c259cda55c86f1ede3b1a77bdaf61e8
SHA1 b271f0e5486cbdb3ce1cdc462979dbd753ae4e19
SHA256 043449d14e31a2ece63410d9969d1c4056218bb06422b2fff50778fc1edd1c80
SHA512 e547281821ed9ac115dba611193b63802d3609eb86ed596b0cfad1eb90ebf264f764223a72712d9f2840490fdef6ef475e2391c4641e3a5cb328b62820b38b1d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 079fcc0abbc5fd40b90e8cf684a5971b
SHA1 5943a3f19ad053d5fcf209216ffbbd344b45121a
SHA256 6ed516471bc4a5c2c0077b89e2492b4f2c07c992388c7957340a495535cf7da5
SHA512 b8438cf575f77ad5c5c21c3f6ce87760fa9ae565304ac44d3ea8810950f0ea6ebd9420e701d355b5650044efcabfa2a7020e0c4c347c9bcbc7145b203016c4a0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8b7ca95677dfd70102c66dd72144a16c
SHA1 ae2da4d6c018440558d7b689b1ddc9aa1dad6e81
SHA256 0a056c1a37f03c4cb2fb7c7ae3e142e4976bee67ef241002310d9a704c9702de
SHA512 cd148e0430f281519d66d80628ff6dc0c500a769b6f234f333db0c5e03305f44a6739b90ecfb62646a34a4b9a9ab5934986b432c1f02830b1597bbc0e014edf5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ccad39ab712bee30052bf6fe8935202c
SHA1 b9152a18ee9983a9ed176fcc592ca2201c762253
SHA256 8113853498c5eaf8a244e50c4e4a5a4385f31660bef4c0035ddc65caac82f20b
SHA512 cf4b3b4fe0edf3b0bf95c93e228e64865cfe8daac72f2becc6ffb4cf28beaf155d4f9ae06c49b4ed30f086cdac7d465ca895897f3b8daa31ab6518533036c26c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 122f269d367f1303b0807032d561031b
SHA1 dbd214687599d037fedbf3612fc642fad377e948
SHA256 2f5ec210c5958be47ef659f392cf05e485c4f959b5afd43ab680ed27cc8cb14c
SHA512 7e6bf35674a8fb6e23811111d7f6ef64f00a2eaa44c9ea70499bf7b086b8daba4db6e66fe597086b1323367197538d052fa8e818f970cac46b9765732df525bf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ef534c11301408b50757c05f48d24075
SHA1 22d0761d1fd657ba77c6f54d739f710765b8d160
SHA256 66230b345027effd373625a3a39edaf33f4670de28a2e50186527b542ce38639
SHA512 ffa0218356cec01a8928887e298ae9b7723a1dd74223c691f0d2fa9acdde156f377e9158214ee63af5351fc1f02923d54015944b9b3397ef2187ebc2febcb132

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a147596a195883428d33aaf2defdba5e
SHA1 482a6c369b64df0ed3ef994f8d419dbe159c0fe4
SHA256 a5236fac454627b9b6f632c85444d2738aa0e444c1c5fe5ebb26f4bad9525fe4
SHA512 edb85570f5618ed0c0669bdf053cf09a2cedb45a28639ad6809c47fb77c2240f203a4c95ace2e8d5a7c8d1e2bb3a6de67da4fd595b4e6c52cc4e21e5066d7da6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8f9fcbd2ef001c78341bf7042e929fe1
SHA1 12aad4f8e019e29f2fcf7cd09bc541cad866f01a
SHA256 81135da56aff5ef81790cb7c37aea3808ec2a548b83def07eaae077fecc0b8d9
SHA512 0d0540b523b60f9d0b50e46a308edaec865dd2e1442a71cccb4c094f7c12221cecb7f726ea7191d4eb6e588c9767465c76c4cc57867a9076e58f9e64803a21e6

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-03 22:18

Reported

2024-06-03 22:21

Platform

win10v2004-20240508-en

Max time kernel

148s

Max time network

131s

Command Line

"C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Adobe\acrotray.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation C:\Program Files (x86)\Adobe\acrotray .exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Adobe_Reader = "C:\\Program Files (x86)\\Adobe\\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created \??\c:\program files (x86)\common files\java\java update\jusched.exe C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe N/A
File created C:\Program Files (x86)\Adobe\acrotray .exe C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe N/A
File created C:\Program Files (x86)\Adobe\acrotray.exe C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe N/A

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "329572484" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31110660" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31110660" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000078f1237f04e5404da848d5bad8ef862600000000020000000000106600000001000020000000982d87356bedafe9d66c02b0a05c753edfba81af257b4b0c71cde7435c8e5ff2000000000e8000000002000020000000f78646690c3e6afd9581a0e542640ed5a9b35d683e81c0eb61ac159f969ed735200000000a84768a3925eff49b3cba2e09127e16cb5a5a4cb86448939e84172fdbd3ef0440000000e6f9ffa4909e1926184d7f2a7f19911e5eb89e3d8f1bdfa8287744660ab0f74df369fad074dfbdd534981711fd8b0d1c92057949c433c491752b7ff32fa23943 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\VersionManager C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "329572484" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 302a521204b6da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff3e0000003e000000c4040000a3020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000000000001000000ffffffffffffffffffffffffffffffff5800000000000000de04000065020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{3E946F3C-21F7-11EF-9519-5ABC67A14C95} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e072961b04b6da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000078f1237f04e5404da848d5bad8ef8626000000000200000000001066000000010000200000003c981c4345bcb9125bb93f371ddfd7f9e79c6dbd6448cdd0cc3f1ff109bbed76000000000e80000000020000200000009e35d89de650a0500db5a65eeaaac3b0006645e52e0632d7545f3fb1df34edbd20000000cc92ae93979dbc7f159ec72467dc40b2d73e1c789c1b3d5bc3bddc47f74695e540000000b9bd6906fa54d4cfa40e24cf9a8e3ba87957e4b5b72335712fd9a991008f6def7737cf8b91fa33948d866b0e686026870e1986729e7e90fc0baca7b7e6061d37 C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Adobe\acrotray.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A
Token: SeDebugPrivilege N/A C:\Program Files (x86)\Adobe\acrotray .exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4576 wrote to memory of 4768 N/A C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe
PID 4576 wrote to memory of 4768 N/A C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe
PID 4576 wrote to memory of 4768 N/A C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe
PID 4576 wrote to memory of 4144 N/A C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe C:\Program Files (x86)\Adobe\acrotray.exe
PID 4576 wrote to memory of 4144 N/A C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe C:\Program Files (x86)\Adobe\acrotray.exe
PID 4576 wrote to memory of 4144 N/A C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe C:\Program Files (x86)\Adobe\acrotray.exe
PID 2360 wrote to memory of 2764 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2360 wrote to memory of 2764 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2360 wrote to memory of 2764 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 4144 wrote to memory of 3100 N/A C:\Program Files (x86)\Adobe\acrotray.exe C:\Program Files (x86)\Adobe\acrotray.exe
PID 4144 wrote to memory of 3100 N/A C:\Program Files (x86)\Adobe\acrotray.exe C:\Program Files (x86)\Adobe\acrotray.exe
PID 4144 wrote to memory of 3100 N/A C:\Program Files (x86)\Adobe\acrotray.exe C:\Program Files (x86)\Adobe\acrotray.exe
PID 4144 wrote to memory of 4352 N/A C:\Program Files (x86)\Adobe\acrotray.exe C:\Program Files (x86)\Adobe\acrotray .exe
PID 4144 wrote to memory of 4352 N/A C:\Program Files (x86)\Adobe\acrotray.exe C:\Program Files (x86)\Adobe\acrotray .exe
PID 4144 wrote to memory of 4352 N/A C:\Program Files (x86)\Adobe\acrotray.exe C:\Program Files (x86)\Adobe\acrotray .exe
PID 4352 wrote to memory of 668 N/A C:\Program Files (x86)\Adobe\acrotray .exe C:\Program Files (x86)\Adobe\acrotray .exe
PID 4352 wrote to memory of 668 N/A C:\Program Files (x86)\Adobe\acrotray .exe C:\Program Files (x86)\Adobe\acrotray .exe
PID 4352 wrote to memory of 668 N/A C:\Program Files (x86)\Adobe\acrotray .exe C:\Program Files (x86)\Adobe\acrotray .exe
PID 2360 wrote to memory of 1948 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2360 wrote to memory of 1948 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2360 wrote to memory of 1948 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2360 wrote to memory of 2692 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2360 wrote to memory of 2692 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 2360 wrote to memory of 2692 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe

"C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe"

C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe

"C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe" C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe"

C:\Program Files (x86)\Adobe\acrotray.exe

"C:\Program Files (x86)\Adobe\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe"

C:\Program Files (x86)\Internet Explorer\ielowutil.exe

"C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2360 CREDAT:17410 /prefetch:2

C:\Program Files (x86)\Adobe\acrotray.exe

"C:\Program Files (x86)\Adobe\acrotray.exe" C:\Program Files (x86)\Adobe\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe"

C:\Program Files (x86)\Adobe\acrotray .exe

"C:\Program Files (x86)\Adobe\acrotray .exe" C:\Program Files (x86)\Adobe\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe"

C:\Program Files (x86)\Adobe\acrotray .exe

"C:\Program Files (x86)\Adobe\acrotray .exe" C:\Program Files (x86)\Adobe\acrotray .exe" C:\Program Files (x86)\Adobe\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\61f212145280f52b3be8374f2bbfacb9fa7e32b7164c42364223fea38c768f6a.exe"

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2360 CREDAT:17416 /prefetch:2

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2360 CREDAT:17424 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.237:443 g.bing.com tcp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
NL 23.62.61.194:443 www.bing.com tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 194.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 www.supernetforme.com udp
NL 37.48.65.155:80 www.supernetforme.com tcp
NL 37.48.65.155:80 www.supernetforme.com tcp
US 8.8.8.8:53 155.65.48.37.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
NL 94.75.229.248:80 tcp
NL 94.75.229.248:80 tcp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
US 8.8.8.8:53 www.superwebbysearch.com udp
NL 37.48.65.154:80 www.superwebbysearch.com tcp
NL 37.48.65.154:80 www.superwebbysearch.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 154.65.48.37.in-addr.arpa udp
US 52.111.227.11:443 tcp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp

Files

memory/4576-0-0x0000000010000000-0x0000000010010000-memory.dmp

C:\Program Files (x86)\Adobe\acrotray.exe

MD5 ed77a23fc862e42b3654ca01dd5a64a1
SHA1 528931d4a49585ef2e3244388959fb743482422b
SHA256 afb6e38fc1519fc096013348df3d44ab11796b8cf93ef1044b33893e47b1e905
SHA512 6ddf2dd42f01312f091813a9ff9f3f138a4056e00dcb4f2cb12039f186d5e67546598018f2935993eddd9f918134353e3e4c4dfe9927ac102a46a3464ffe1ade

C:\Program Files (x86)\Adobe\acrotray .exe

MD5 d493ee087c4b09d11739d06ed6b6da1e
SHA1 e250f2af523456e59ddfa10b2e90815d782b92c4
SHA256 8e8ff827631479c963c570c1d9490633edffda6321a64586364a25566e67de79
SHA512 e61496693958abc71fc12afef6cdb8bec608b555cfb9e46f6d0e07878cfbaa690db317987b2410819b8296781d915fc013e3962835cba95223ed8c87308c2ecd