asyncrat | 8f56584766e1e447c0436b9f7ef4ac2ecd7424715feb08fc6d99e6c176217c81

Analysis

max time kernel
149s
max time network
151s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250113-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
27-01-2025 23:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4363463463464363463463463.exe
Size

10KB
MD5

2a94f3960c58c6e70826495f76d00b85
SHA1

e2a1a5641295f5ebf01a37ac1c170ac0814bb71a
SHA256

2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce
SHA512

fbf55b55fcfb12eb8c029562956229208b9e8e2591859d6336c28a590c92a4d0f7033a77c46ef6ebe07ddfca353aba1e84b51907cd774beab148ee901c92d62f
SSDEEP

192:xlwayyHOXGc20L7BIW12n/ePSjiTlzkGu8stYcFwVc03KY:xlwwHe/20PKn/cLTlHuptYcFwVc03K

Score

10^/10

asyncrat infinitylock quasar default sgvp discovery ransomware rat spyware trojan

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

2.tcp.eu.ngrok.io:19695

Mutex

gonq3XlXWgiz

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Extracted

Family

quasar

Version

1.4.1

Botnet

SGVP

192.168.1.9:4782

150.129.206.176:4782

Ai-Sgvp-33452.portmap.host:33452

Mutex

a27420c6-f346-4b84-b7bd-6b3eab5a43cb

Attributes

encryption_key
09BBDA8FF0524296F02F8F81158F33C0AA74D487
install_name
User Application Data.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Windowns Client Startup
subdirectory
Quasar

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat
Asyncrat family
asyncrat
InfinityLock Ransomware
Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.
ransomware infinitylock
Infinitylock family
infinitylock
Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Quasar family
quasar

Quasar payload 2 IoCs

resource	yara_rule
behavioral2/files/0x002a00000004624e-150.dat	family_quasar
behavioral2/memory/3796-160-0x0000000000960000-0x0000000000C84000-memory.dmp	family_quasar

Async RAT payload 1 IoCs

rat

resource	yara_rule
behavioral2/files/0x00280000000461b0-8.dat	family_asyncrat

Downloads MZ/PE file 3 IoCs

flow	pid	Process
21	3448	4363463463464363463463463.exe
21	3448	4363463463464363463463463.exe
21	3448	4363463463464363463463463.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3454535599-122122096-1812617400-1000\Control Panel\International\Geo\Nation	4363463463464363463463463.exe

Executes dropped EXE 4 IoCs

pid	Process
2352	Discord.exe
1136	InfinityCrypt.exe
3796	SGVP%20Client%20System.exe
2880	donut.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
20	raw.githubusercontent.com
21	raw.githubusercontent.com
26	2.tcp.eu.ngrok.io
64	2.tcp.eu.ngrok.io
85	2.tcp.eu.ngrok.io

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\sv-se\AppStore_icon.svg.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\VisualElements\SmallLogoBeta.png.DATA.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\ca-es\ui-strings.js.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\zh-cn\ui-strings.js.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\ru-ru\ui-strings.js.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\zh-tw\ui-strings.js.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\close_dark.svg.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Updater.api.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\example_icons2x.png.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\cs-cz\ui-strings.js.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\StorageConnectors.api.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\ro-ro\ui-strings.js.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\sv-se\ui-strings.js.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_et.dll.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Locales\es.pak.DATA.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\ui-strings.js.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\zh-cn\ui-strings.js.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\sat_logo_2x.png.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\fr-fr\ui-strings.js.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.371\goopdateres_hr.dll.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\css\main-selector.css.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Download_on_the_App_Store_Badge_fi_135x40.svg.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\sv-se\ui-strings.js.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\s_close_h.png.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\nb-no\ui-strings.js.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_eu.dll.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_CA\excluded.txt.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\PDFSigQFormalRep.pdf.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroApp\ENU\Stamp.aapp.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\ko-kr\ui-strings.js.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\tr-tr\ui-strings.js.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\S_IlluError_136x136.svg.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ru-ru\ui-strings.js.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\uk-ua\ui-strings.js.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\sk-sk\ui-strings.js.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\sl-si\ui-strings.js.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\css\main-selector.css.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.371\goopdateres_ar.dll.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\notification_helper.exe.manifest.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_selectlist_checkmark_18.svg.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\fr-fr\ui-strings.js.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themeless\combine_poster.jpg.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\en-il\ui-strings.js.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\ar-ae\ui-strings.js.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\tool\selector.js.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Windows Multimedia Platform\sqmapi.dll.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Locales\nb.pak.DATA.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Abbreviations\en_US\List.txt.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\example_icons2x.png.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\de_get.svg.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\pt_get.svg.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\share_icons2x.png.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\cef_100_percent.pak.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\rename.svg.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\zh-cn\ui-strings.js.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\cs-cz\ui-strings.js.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\appstore.png.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\msedge_7z.data.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\resources.pak.DATA.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\ko-kr\ui-strings.js.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\find-text-2x.png.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1	InfinityCrypt.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\bun.png.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1	InfinityCrypt.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	InfinityCrypt.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4363463463464363463463463.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Discord.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	InfinityCrypt.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	InfinityCrypt.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	3448	4363463463464363463463463.exe
Token: SeDebugPrivilege	3796	SGVP%20Client%20System.exe
Token: SeDebugPrivilege	1136	InfinityCrypt.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 3448 wrote to memory of 2352	3448	4363463463464363463463463.exe	84
PID 3448 wrote to memory of 2352	3448	4363463463464363463463463.exe	84
PID 3448 wrote to memory of 2352	3448	4363463463464363463463463.exe	84
PID 3448 wrote to memory of 1136	3448	4363463463464363463463463.exe	93
PID 3448 wrote to memory of 1136	3448	4363463463464363463463463.exe	93
PID 3448 wrote to memory of 1136	3448	4363463463464363463463463.exe	93
PID 3448 wrote to memory of 3796	3448	4363463463464363463463463.exe	94
PID 3448 wrote to memory of 3796	3448	4363463463464363463463463.exe	94
PID 3448 wrote to memory of 2880	3448	4363463463464363463463463.exe	96
PID 3448 wrote to memory of 2880	3448	4363463463464363463463463.exe	96

C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe
"C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe"
1⤵
- Downloads MZ/PE file
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3448
- C:\Users\Admin\AppData\Local\Temp\Files\Discord.exe
  "C:\Users\Admin\AppData\Local\Temp\Files\Discord.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2352
- C:\Users\Admin\AppData\Local\Temp\Files\InfinityCrypt.exe
  "C:\Users\Admin\AppData\Local\Temp\Files\InfinityCrypt.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  PID:1136
- C:\Users\Admin\AppData\Local\Temp\Files\SGVP%20Client%20System.exe
  "C:\Users\Admin\AppData\Local\Temp\Files\SGVP%20Client%20System.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:3796
- C:\Users\Admin\AppData\Local\Temp\Files\donut.exe
  "C:\Users\Admin\AppData\Local\Temp\Files\donut.exe"
  2⤵
  - Executes dropped EXE
  PID:2880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\icudtl.dat.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1

Filesize
16B

MD5
7722ac96ab134e995dd6cc50fdf4af8c

SHA1
63bc1af14ce650a9fb2bbf8a9daca615c09fb991

SHA256
8394c6ac66c953140f0e9883de6cff01f0cbe51424140b228121219269164cb9

SHA512
b524582dfef930c1ec9713f51068e889e6c3f0e3cf812e0d4d73086f92d77f3873547302d396f46c9d19d1e3473b96cb026f25c162e3d1456a6f445ccde20721

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_remove_18.svg.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1

Filesize
720B

MD5
ec5966c2ef1c3a16ad2871860caa47f2

SHA1
f09756e56db71f65980ede377f29266fd176f948

SHA256
d2e2bbbe7bc898240e95d192bb1750a22bca111a22aaf2dca2703d25dac5a205

SHA512
62e6bd1ba4d25b80aaaa85e5ca887d961caa52c09c46fa96eac12b4f849252a21998bb88de4267691c68483a6235b70fcf93cf3a23a791dc5917ea57114ec0f2

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons.png.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1

Filesize
688B

MD5
170e20ca17011d515ba5ca4b235d538b

SHA1
84ff06bfa18162a0cbd526402217b0dda556a79c

SHA256
8f4fbde66e87fcc797b9e3397985c37fe800ee5d3042e35ee2f74917e43c29b0

SHA512
0a6eb2b6c5005b67384a922b5f2037b774bf21c9dd7719a73e608624fb4a6e4dc106200d25156d81668aade1d7b67fa796f58de4f0132a8a28f25b3b09aa0ebd

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons2x.png.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1

Filesize
1KB

MD5
da6e5b8b68f69b6089ae5f0b8dba7ed6

SHA1
9d56ad01848c5726ae10f47ef449d58cbfe770a5

SHA256
5148709032cf830a71ca8f727fd89dfad33481b461dae28cd609f45eb00857b2

SHA512
6f0ff756dc0dddbdd5654301b4b4d884258a470275d52e583366b1508808788edba57c47966c91265264fd8a6c53de4a5a0d8679ba5f466702e3e5e3df123622

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon.png.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1

Filesize
448B

MD5
00f0c4cc0a43115d2c33de11f32f4165

SHA1
7ba289747c0cc13c6e18a42e9f8affaa6f34833a

SHA256
d8e68168f68d0836137931549a1eb4ad7b7e03f070563bf1da501f7ce768510a

SHA512
258be73a8e977f1c3b478a1751277195db768966460c8db23a19dc500492f2ba97a47ba229172da53ff4a0e2a503160954f39a5ce3f4778643aa01d8bd089f27

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_2x.png.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1

Filesize
624B

MD5
24778a2fd7bbca44946cfe5eecdaf543

SHA1
eecfaf99af628aea2038b3ef5bfe5398b2f0f7d0

SHA256
7e296d4a21e8509af722e82accb54d40a188ea41aa9e9bb43bca22586862fa9f

SHA512
c30086481558ff7b5281fcc550206a3604c9f8d6e1838264119bb0dbdced1684e2f9b7a76e07f73fef25f86e9caeff5cd8085544061a7cd7845742f3d5fb355c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover.png.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1

Filesize
400B

MD5
a2f2682142e35228de7ad74ca40f494b

SHA1
d29e9b108083dba4ea2dd92af437f9b144fcaba8

SHA256
059e89e374fbf0872d4bfcd07c05e962ead5f62694fab081cb530cb5a4337ae9

SHA512
2bded5f526887bb53d1c2e81685eff31f60f80b703b51a6b083c04e72aab07325d293eca8b9c8cd4f3961df3f23519f07978d4a7893970fe61d4791758c57751

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\rhp_world_icon_hover_2x.png.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1

Filesize
560B

MD5
d76c19f24999d487e7ea5c2b3b9cec87

SHA1
7af1bf6daef2e39ed76ae4e2f8c43523141ca586

SHA256
cdfa4c2320ca82cdbc957d34a3804692a686a7dad8cb3424f42f2b319498e21d

SHA512
6c09b9d760b9caa50aaf77fc021b5ce912dedf4744c33e32a5282a7e9c13eedee8843a22c32c04c7fdb7a59f5e4b7f8cc07235516ff0ed35d7caaeea27f10c11

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon.png.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1

Filesize
400B

MD5
c2810243a208acc7049d35c7d9a31f6a

SHA1
1e0be2d0207d5812dd8b14ff11dd719e40d721ea

SHA256
7f3e2def47e0f96bba1fe61d38a3f756faec21c7b5587f9e232b5f237a493836

SHA512
c083639114e2cf1c37547a15e3176316a949808b9d606fdfe655605db807ab37af7f4e40f7145e94367f092e28290756f4b5ff48952b656d5677b7184c8a0c0c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_2x.png.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1

Filesize
560B

MD5
f784d6d7a462d52ac10863fe9c1caf0d

SHA1
619deaba0c5b97eb1632224472ace2b86be47995

SHA256
ee2aa0cd888c737ce249045148be2637b75f46678fddf8ad04b2fa2ba2687458

SHA512
89476683d7e7b87aa0187824511f365f05372100b633ebe8b4900cf500855802405eb8fbc4c30217e75baadecd7911c4953e83b3a36c8ad4f579a039902d051f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover.png.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1

Filesize
400B

MD5
c00a33bab4c0bf3b31d56ae9043b7dbf

SHA1
05ec2e3a45a7e8babbe7560d7bd38d6f48c3ee99

SHA256
0a64ac9d8b4259ed717edbc4b6677ca98364a477ae70d164edd5d8a67302152d

SHA512
f7cb125f73020adc1c6bcdcffbcc934a5319f21187f20d65650f3dbc097ab3406e7703a665456763ddd06f07c38d95179e1de9139a1d16da0459f2b4bcd29722

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\rhp_world_icon_hover_2x.png.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1

Filesize
560B

MD5
49db1cc6828decc506c209e9d8a63aa6

SHA1
1d7cc839bfa4cd38b2dcae8171a7bf140cea2c27

SHA256
069a109569b79c0708305e30a0b177fc123c51caa98edb02cc20ddb543e12cda

SHA512
752941b8fb665a922acaa104dde1076f05e6bbac01d5898f603559b9b8fb5fd4af3ccb2e88a0e0bdc8b9bc6e3d943a137dd403dbffa2f8d9086770fb94a75769

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons.png.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1

Filesize
7KB

MD5
4876d9ae345124478f38b55dddde0591

SHA1
a5174f7c6d98a08a7fc4effc5f5ca96e589f6264

SHA256
597144044c0410aaef1049bc741efc09ac7f58596dcd44e7d78f1759fec925f3

SHA512
e58e8e48292d7ba1bf6fd59b82044c3f1a40eb8a142a2e9e233444a65b797c47b77713e0e588b55c80561be1af7d0aa3db74e88fad27400a1e9621b2d0ddefaf

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_ie8.gif.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1

Filesize
7KB

MD5
e8dfbd19450085c676627cbaf0cebd5b

SHA1
9afe955866833203491a8ea2f5538803cca01ec9

SHA256
0c00eb0912078534dabef495ac5aad00d874105cbe8fbe3a8f2a03f931f1feeb

SHA512
331e8c069c7c05e8e6b768b3a08984880c486105e0b8adcdc7e7aa004f2c9fe6263c741287db27db393049a2b1f149a12d9110fc6cbb9c529fb2ce1c39c6276c

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\icons_retina.png.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1

Filesize
15KB

MD5
4eaf7a91ff3b63a3d216063fa11cf6b1

SHA1
338910d72727b0312de4e78044e4874a11a798cf

SHA256
1794a347156d6c913e39a43940a499f4d9c86ebfffd726ce7072848bc53fa6e1

SHA512
c765846d564748c72a41cdcaebbd7159fb1d25f960aa1a1ec8440928b238e156ff93a43477c5338226644cb31f51c57174cdeff163007d027e98a54671c35614

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons.png.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1

Filesize
8KB

MD5
64778831b5467edf8197f7bebb2c1e67

SHA1
bc029a2411daee016c30e894527d56f50f058358

SHA256
238f8c28bd030daee09a735ee25b3253be9f82372c3582742bc1f98799a46313

SHA512
2b408c8203d5f480c0afed6f0370ae9e2d52f661cb64981886b60d7d662ea7ead5927a39582a915aeb3113443c67b427da941aa74f6bf0934bc6731fd4633171

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\images\new_icons_retina.png.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1

Filesize
17KB

MD5
f75b8a5840c20aec02e438565bb491ff

SHA1
b177096ee668e23ef4858879423f2757648a4f8a

SHA256
6739970f3548ba4e576ccc12cef99b2bf9291a1217b4b89412903dce7c7db60c

SHA512
f756e2c122aeedd5b08b9835a9e0ca670b48a80aad1938a52c0fff20488ffe8416921430c7d0d2eb7de30f1e5ebb725a6dc836d279347bab8fd615149a77b8ab

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_pattern_RHP.png.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1

Filesize
192B

MD5
5ce6f971f5bf34603abe1ad1db0a90dd

SHA1
82c32da4ed4ffa6183359c61300796113b2b846a

SHA256
7582337575fd8022e83cb3c2b4220ea36e6d106d642943bdaab63859f43bf5a8

SHA512
2bcf01e3c1f36c2a1ee1e68777c01ae4f362637a2fd90a776e43c537e30f0cfda04db169884689dd5525e18d01e9208277beb3b1b6ae7a25648e09dacb31fdb9

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\bg_patterns_header.png.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1

Filesize
704B

MD5
41d77bad7b8942132faa44aa4bbefafb

SHA1
f279477d5ec8052cbe1e2dbaf99af65a0f198df0

SHA256
3ae4bc9165ef738b847439cee8c804b60663918edf167c2ceae0e72c293bee64

SHA512
9fa59070b909a58472a0eaa65b9287102339121ea82e7e03c08edd7a04119bda952cda7ec82a1e512e1216c3df7353caf41d81ff791b66b9de3ae9456e70e05e

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations.png.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1

Filesize
8KB

MD5
e8e8bc32bdbf740c48ece3fcc56a4516

SHA1
176fabd4566e5c96134013e4f5278feb212e9919

SHA256
812e9bdddd92c0733f9707416dd921a6d2717a27e326bd7220e50a47cdeab511

SHA512
cb3040c0101925a4b46e7df0fd6f16a05f57ffd505f83cdfa905bc1d7eca45c6769ce46e011b1a85478dcf55bec4cbf5e4660f927f0104668331d542ce80a82f

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\images\illustrations_retina.png.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1

Filesize
19KB

MD5
75bc84debbee599c7842c8deada854a5

SHA1
241313dd77f6b80aa50ee24c0b593ef01016770c

SHA256
73e4419e8273acd18ccbbefdbbafe52c92ab18ced6ea52e347d72fc047bc1f3e

SHA512
a3c59bf98bc39eb519c8d9dafe511882f263596638cb285064606822a947403f107d1dd7a8b4194d00625f14db3e043fe36827823986e9d5ce7dff2dca90afd8

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\ui-strings.js.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1

Filesize
832B

MD5
15a8bd6ffe6d6094941bd24b7e72ca0d

SHA1
7f06463ee238c7b7d35670da7791f59207eca3cd

SHA256
be7eaa24e8b633a8531bed28d3a9a2ffae64e0be0edbf33697a9a3b79dd86fc7

SHA512
5d740dae45aa2bdf0c6819d9d5794e6f83dd6b0a8a26a8b2759e7221ccc96c6b0837605c05e72746ee87c83ad475d46ea14760a5a48a374d76aa2a4a9575effb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ui-strings.js.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1

Filesize
1KB

MD5
7c2a311ac76679886a5836591d4ea336

SHA1
a83fcfcef19fada09645ec8f197add91d671c7b2

SHA256
0cda02bd1b3ca98b82d4156df55e74c76075f8a468e4725adeb534cbfe8337bf

SHA512
1b82ba7831e7150fd2b7979504987dfa2373b5c450f572a03ec5e2f96cd5410004865e7aefc7928f2313e4a9f660376dbb6e52dfe6dc47fd08a79eb9848a349a

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ui-strings.js.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1

Filesize
1KB

MD5
61b9c7d49b2b5746ecd6aa6725e320cd

SHA1
f4964051b850a7acdac5442625db4d5f1744b226

SHA256
9890619d5edcfa7f3f0dfa71aa7ff5f602fcd6506b30ca416ae3ce8934629377

SHA512
5464f0fd56cb952295423ef3853638e69bd58ec84cbbd11c61a973d41fc167a79be3e4b19e37b020dd7c706acd6a557ba1c2dff649aae81b8c2cf600f92acff7

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\css\main.css.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1

Filesize
816B

MD5
f6b0a98e76c1a734bb9b74b4ef7c33b5

SHA1
895f85bdd7d5cd9b784e002868d039a8a602d424

SHA256
399a41c14055f130b257a1a5d6c3925a60af8ef4c252f8d54687f32d6bc5fede

SHA512
000ea4d6db8ad330bc4c06fb880ce7408fdf5611ce2a7d42a4d9db353fc02112d94778d16422b7e1f917fad29b7e52749225a699279c7b738cacc33d6e0f3669

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\bun.png.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1

Filesize
2KB

MD5
b6c1b5b6753d7b37818846f9634c4526

SHA1
87689d7e40ca0fb8da992723dcaf9d85c7854b1d

SHA256
abadd933c3c1d2347a8b2cd841be75d78abae362bd2086d79c1cfdeba40697d9

SHA512
877a5a5865fe7c38775e48f9a6bbe74b21768bf350d06ae1e9f364ddce2c3e308bc696b45152b1ff2a63d5a7b77090ca8ea6601ca6bbcee6de7459b43ca53feb

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview.png.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1

Filesize
2KB

MD5
7a29d2636fe3f60d89c37acee9130cd7

SHA1
43f3186ed3fb4729ad5eaa29057a9279ffe5e0fa

SHA256
51c6dd3c82c14a321710eec1c07b2b04edf71bc5fbbef79e6ad47b559a0e06cd

SHA512
60786a08cc0903b943191a4abf1eed2205cf75c8e97d85df30dfed18d784abc75e2ce0d15df38d48b628a1e84bdc1b7334f8c6928d46f9aa1c96e9097489b15b

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\cstm_brand_preview2x.png.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1

Filesize
4KB

MD5
39411882c7ed158f0d29a1aad0eeb8f2

SHA1
1849917f7c445e639fd8573c46e3e80f873a6abf

SHA256
7343d3adcf732b244148e550ba244326dddb4990d4aeadf2c9c74683b86fe157

SHA512
4492c48ec5f2d4cdab95b84f621148dedda3b2f9c1bae4c9758e822c2348f2a12f2873f0c84cae5dcce1f182ae4f98b8afdf51bf8b3fb81e69e018400c7d0852

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small.png.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1

Filesize
304B

MD5
9c7300f9247e9241e6b136a222f514f8

SHA1
ed0eb36d6f551d824722b86346a9d668908845f1

SHA256
d178d86177d23601e013e83f0c9151f35d52bc0acdb0de4ea33510b1256d30be

SHA512
696b0d401e3b22cdf868cafba963db6fae06f390a564897102e68564808ea18951b8213e0dc69aa8fec4d17d62b4923d7c70efae997eeed4c3fab0f7b57d3617

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\dd_arrow_small2x.png.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1

Filesize
400B

MD5
2b40cce6c0f9f48bb1dd7ca45ef69da6

SHA1
6dc1581a58de76f491e719a815830d08a9ea6a04

SHA256
338ab6c2ecbb00b6df576612a699b1f9fe9060445fd007a6bde8490dd8ef7b85

SHA512
ef799078db46fa56793e2a05b4634e7a9577ef4d022ca1b8ba64817ae0618e70c8dd4921b1505ad73750a031bf44fb555dbca97159d5aea694d9e9f2b70fbcab

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\nub.png.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1

Filesize
1008B

MD5
38b0fc2c0ea10c24d43febfb168368a1

SHA1
06f2ee42c5e7e13649916c7de431ea3370d2c3e9

SHA256
d78bd441be985b72c406d8bd857bda5e4e8acb0af65f71af7f36b3e5c1777212

SHA512
ec99597a4089348df2d96453701e861b71eae2c26b73b55a1841aa3267685030c6af3dffc158a889a55b9d628e0f46b373ff3215c2bb97af182e61a28a89551d

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons.png.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1

Filesize
1KB

MD5
e79c828612642b9b920f78e69a2d1d9e

SHA1
55752fa43b5dd87c39af3380aab582a711b1274a

SHA256
cfa5fc5415fb6ebd151fcca97ea57de60708952de1fcb7d6f344d3b8340fe4b2

SHA512
e786bbdaef05d87b0abc72c1c6111bfecaadc0533599efc4686bffe8e3d7bf3b35d93302714516183fee8ed9bfa0280fff6ff84d46c9a939c601ba2d79ccb5c5

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\images\share_icons2x.png.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1

Filesize
2KB

MD5
d58695532a8ed9e18bd25959db8444fd

SHA1
7fbb5d9287a742b901fc1f828f59821d32eb7afb

SHA256
34241941c09f6aa61f8150f995be25f4c99ea314c25b626f21f93081a6267ed0

SHA512
d1bf4231f9eede6ad13d2af1bd1fe0a82900ac7457f3722dda899032ae3d90b7245f333568462241dd7efea659f51165146f07c2faab63da4e2081f4ba80fe63

Download Submit
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\nl-nl\ui-strings.js.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1

Filesize
848B

MD5
3452a03ce0421e663385fb9f830c349f

SHA1
0620c90d4f116d867652a8acf4d5d7592a99507d

SHA256
65f9787aa99bfb0ec782f0784a85a53d303fd30822941dcc4a303d72e2b1d7dd

SHA512
efceb25cdbad2d1229a0c8100f120cd9d78363090b1678f6eb4bce6c4d2c32b9419e878c51b32948b1f97d21733d31042cf90428e4853c7bea4005076d08b512

Download Submit
C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.DA2FF794601AA0DE6D0742462D247DF99CD4E0AC526F10A29B27FEAF10B56AE1

Filesize
32KB

MD5
af675226cfff6ebb0005f681e6daf489

SHA1
e0ffe72e946d91f516f31e7cb7daee06aad2f3e7

SHA256
407bce5d1afdaad411707a77ca503a14b2a9388a25da320da3145ed9f2611c1b

SHA512
288ef909a5533d84ec3fde3bd19cc196cc520624f8622c68a1d1c51645bef722634dd72ee1090ff224680a6832463ee0084fb7cab94b0e9babe92026efabe8ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Files\Discord.exe

Filesize
45KB

MD5
9dcd35fe3cafec7a25aa3cdd08ded1f4

SHA1
13f199bfd3f8b2925536144a1b42424675d7c8e4

SHA256
ce4f85d935fe68a1c92469367b945f26c40c71feb656ef844c30a5483dc5c0be

SHA512
9a4293b2f2d0f1b86f116c5560a238ea5910454d5235aedb60695254d7cc2c3b1cd9dd1b890b9f94249ee0ca25a9fb457a66ca52398907a6d5775b0d2e2b70d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Files\InfinityCrypt.exe

Filesize
211KB

MD5
b805db8f6a84475ef76b795b0d1ed6ae

SHA1
7711cb4873e58b7adcf2a2b047b090e78d10c75b

SHA256
f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf

SHA512
62a2c329b43d186c4c602c5f63efc8d2657aa956f21184334263e4f6d0204d7c31f86bda6e85e65e3b99b891c1630d805b70997731c174f6081ecc367ccf9416

Download Submit
C:\Users\Admin\AppData\Local\Temp\Files\SGVP%20Client%20System.exe

Filesize
3.1MB

MD5
f611f4dd12e51ca7a946f308ebd5e04c

SHA1
2f7d049ec2b3ae6a8113b499d92ebc117eed890c

SHA256
d0ff0914a4014573716701a665b7950e49594452a6a7418a049553f8c7c1be73

SHA512
7057884406612bff108f1e315efacf83a99f1ec725b4496e737a57938b67edf5f23476b8f99395ec9f8ba355a68779fd5a2668b9caf0ca32b8862529eb413b83

Download Submit
C:\Users\Admin\AppData\Local\Temp\Files\donut.exe

Filesize
242KB

MD5
2a516c444620354c81fd32ef1b498d1b

SHA1
961d3a6a0588e654dd72d00a3331c684cf8e627c

SHA256
ee68d7deb7cefdfca66c078d6036d7aa3aa7afcc62b282999034b4a1faed890d

SHA512
e8e4bc395997eb6e83e147816faf00ae959e091acba6d896b007781bdc9146157d049d958f9ff7b71a746ed681bd4dcca2fd84aac3eb76c4afe41d49e9f7bd2a

Download Submit
memory/1136-42-0x0000000005660000-0x00000000056F2000-memory.dmp

Filesize
584KB

Download
memory/1136-39-0x0000000075090000-0x0000000075841000-memory.dmp

Filesize
7.7MB

Download
memory/1136-3485-0x0000000007220000-0x0000000007286000-memory.dmp

Filesize
408KB

Download
memory/1136-1581-0x0000000075090000-0x0000000075841000-memory.dmp

Filesize
7.7MB

Download
memory/1136-45-0x0000000005760000-0x00000000057B6000-memory.dmp

Filesize
344KB

Download
memory/1136-44-0x00000000055E0000-0x00000000055EA000-memory.dmp

Filesize
40KB

Download
memory/1136-43-0x0000000075090000-0x0000000075841000-memory.dmp

Filesize
7.7MB

Download
memory/1136-1870-0x0000000075090000-0x0000000075841000-memory.dmp

Filesize
7.7MB

Download
memory/1136-41-0x0000000005B70000-0x0000000006116000-memory.dmp

Filesize
5.6MB

Download
memory/1136-40-0x0000000000C60000-0x0000000000C9C000-memory.dmp

Filesize
240KB

Download
memory/2352-19-0x0000000075090000-0x0000000075841000-memory.dmp

Filesize
7.7MB

Download
memory/2352-24-0x0000000075090000-0x0000000075841000-memory.dmp

Filesize
7.7MB

Download
memory/2352-23-0x0000000075090000-0x0000000075841000-memory.dmp

Filesize
7.7MB

Download
memory/2352-18-0x00000000000F0000-0x0000000000102000-memory.dmp

Filesize
72KB

Download
memory/2352-20-0x0000000075090000-0x0000000075841000-memory.dmp

Filesize
7.7MB

Download
memory/3448-22-0x0000000075090000-0x0000000075841000-memory.dmp

Filesize
7.7MB

Download
memory/3448-21-0x000000007509E000-0x000000007509F000-memory.dmp

Filesize
4KB

Download
memory/3448-0-0x000000007509E000-0x000000007509F000-memory.dmp

Filesize
4KB

Download
memory/3448-1-0x0000000000150000-0x0000000000158000-memory.dmp

Filesize
32KB

Download
memory/3448-2-0x0000000004AB0000-0x0000000004B4C000-memory.dmp

Filesize
624KB

Download
memory/3448-3-0x0000000075090000-0x0000000075841000-memory.dmp

Filesize
7.7MB

Download
memory/3796-160-0x0000000000960000-0x0000000000C84000-memory.dmp

Filesize
3.1MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads