cb4a0d555233f1ffa56170a3559fb33cc22053d6fef7a5dff245ac1970db93b4

Resubmissions

01-07-2024 03:03

240701-dkfftsxflm 6

01-07-2024 02:56

240701-dffwssxemm 7

01-07-2024 02:51

240701-db8e9axdnn 6

01-07-2024 02:44

240701-c8aptatemd 6

Analysis

max time kernel
285s
max time network
294s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
01-07-2024 03:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

folder-4/4/777.pdf
Size

5.7MB
MD5

4177fbfe03075bace0b1b86444bf24bf
SHA1

802ca6fd560d8c2dc5d43a49cc29a2bedb4e13ca
SHA256

ae08d188a5c463b9d90aead76d8ad7703dd6d79578e40517b69dc38821a045a3
SHA512

277f15669df62d4e2b75780bb152c96ad0b4992dcc54f6c4384d0119d5a3a1b6bed549f44e6656add3fa44dc37b195a438c39b84ffc137e47fa41315f61a2f6e
SSDEEP

24576:+/KF/KU/Kk/Kw/KU/KE/KZ/Ka/Kp/KP/KW/KY/KS/KC/KD/Kn/K6/Ki/KK/KT/KD:3k

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AcroRd32.exeAcroRd32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

Processes:

AcroRd32.exeAcroRd32.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 17 IoCs

Processes:

AcroRd32.exeOpenWith.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell\SniffedFolderType = "Documents"	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0100000000000000ffffffff	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202020202	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	AcroRd32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\NodeSlot = "11"	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 01000000030000000200000000000000ffffffff	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202020202	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\MRUListEx = ffffffff	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	AcroRd32.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1 = 14002e80922b16d365937a46956b92703aca08af0000	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	AcroRd32.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

Processes:

AcroRd32.exesdiagnhost.exe

pid	process
3044	AcroRd32.exe
3044	AcroRd32.exe
3044	AcroRd32.exe
3044	AcroRd32.exe
3044	AcroRd32.exe
3044	AcroRd32.exe
3044	AcroRd32.exe
3044	AcroRd32.exe
3044	AcroRd32.exe
3044	AcroRd32.exe
3044	AcroRd32.exe
3044	AcroRd32.exe
3044	AcroRd32.exe
3044	AcroRd32.exe
3044	AcroRd32.exe
3044	AcroRd32.exe
3044	AcroRd32.exe
3044	AcroRd32.exe
3044	AcroRd32.exe
3044	AcroRd32.exe
5104	sdiagnhost.exe
5104	sdiagnhost.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

sdiagnhost.exe

description pid process

Token: SeDebugPrivilege 5104 sdiagnhost.exe
Suspicious use of FindShellTrayWindow 3 IoCs

Processes:

AcroRd32.exemsdt.exeAcroRd32.exe

pid process

3044 AcroRd32.exe
1908 msdt.exe
3868 AcroRd32.exe

description	pid	process
Token: SeDebugPrivilege	5104	sdiagnhost.exe

Suspicious use of SetWindowsHookEx 14 IoCs

Processes:

AcroRd32.exeOpenWith.exeAcroRd32.exe

pid	process
3044	AcroRd32.exe
3044	AcroRd32.exe
3044	AcroRd32.exe
3044	AcroRd32.exe
3044	AcroRd32.exe
3044	AcroRd32.exe
2300	OpenWith.exe
3868	AcroRd32.exe
3868	AcroRd32.exe
3868	AcroRd32.exe
3868	AcroRd32.exe
3868	AcroRd32.exe
3868	AcroRd32.exe
3868	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

AcroRd32.exeRdrCEF.exe

description	pid	process	target process
PID 3044 wrote to memory of 1316	3044	AcroRd32.exe	RdrCEF.exe
PID 3044 wrote to memory of 1316	3044	AcroRd32.exe	RdrCEF.exe
PID 3044 wrote to memory of 1316	3044	AcroRd32.exe	RdrCEF.exe
PID 1316 wrote to memory of 4248	1316	RdrCEF.exe	RdrCEF.exe
PID 1316 wrote to memory of 4248	1316	RdrCEF.exe	RdrCEF.exe
PID 1316 wrote to memory of 4248	1316	RdrCEF.exe	RdrCEF.exe
PID 1316 wrote to memory of 4248	1316	RdrCEF.exe	RdrCEF.exe
PID 1316 wrote to memory of 4248	1316	RdrCEF.exe	RdrCEF.exe
PID 1316 wrote to memory of 4248	1316	RdrCEF.exe	RdrCEF.exe
PID 1316 wrote to memory of 4248	1316	RdrCEF.exe	RdrCEF.exe
PID 1316 wrote to memory of 4248	1316	RdrCEF.exe	RdrCEF.exe
PID 1316 wrote to memory of 4248	1316	RdrCEF.exe	RdrCEF.exe
PID 1316 wrote to memory of 4248	1316	RdrCEF.exe	RdrCEF.exe
PID 1316 wrote to memory of 4248	1316	RdrCEF.exe	RdrCEF.exe
PID 1316 wrote to memory of 4248	1316	RdrCEF.exe	RdrCEF.exe
PID 1316 wrote to memory of 4248	1316	RdrCEF.exe	RdrCEF.exe
PID 1316 wrote to memory of 4248	1316	RdrCEF.exe	RdrCEF.exe
PID 1316 wrote to memory of 4248	1316	RdrCEF.exe	RdrCEF.exe
PID 1316 wrote to memory of 4248	1316	RdrCEF.exe	RdrCEF.exe
PID 1316 wrote to memory of 4248	1316	RdrCEF.exe	RdrCEF.exe
PID 1316 wrote to memory of 4248	1316	RdrCEF.exe	RdrCEF.exe
PID 1316 wrote to memory of 4248	1316	RdrCEF.exe	RdrCEF.exe
PID 1316 wrote to memory of 4248	1316	RdrCEF.exe	RdrCEF.exe
PID 1316 wrote to memory of 4248	1316	RdrCEF.exe	RdrCEF.exe
PID 1316 wrote to memory of 4248	1316	RdrCEF.exe	RdrCEF.exe
PID 1316 wrote to memory of 4248	1316	RdrCEF.exe	RdrCEF.exe
PID 1316 wrote to memory of 4248	1316	RdrCEF.exe	RdrCEF.exe
PID 1316 wrote to memory of 4248	1316	RdrCEF.exe	RdrCEF.exe
PID 1316 wrote to memory of 4248	1316	RdrCEF.exe	RdrCEF.exe
PID 1316 wrote to memory of 4248	1316	RdrCEF.exe	RdrCEF.exe
PID 1316 wrote to memory of 4248	1316	RdrCEF.exe	RdrCEF.exe
PID 1316 wrote to memory of 4248	1316	RdrCEF.exe	RdrCEF.exe
PID 1316 wrote to memory of 4248	1316	RdrCEF.exe	RdrCEF.exe
PID 1316 wrote to memory of 4248	1316	RdrCEF.exe	RdrCEF.exe
PID 1316 wrote to memory of 4248	1316	RdrCEF.exe	RdrCEF.exe
PID 1316 wrote to memory of 4248	1316	RdrCEF.exe	RdrCEF.exe
PID 1316 wrote to memory of 4248	1316	RdrCEF.exe	RdrCEF.exe
PID 1316 wrote to memory of 4248	1316	RdrCEF.exe	RdrCEF.exe
PID 1316 wrote to memory of 4248	1316	RdrCEF.exe	RdrCEF.exe
PID 1316 wrote to memory of 4248	1316	RdrCEF.exe	RdrCEF.exe
PID 1316 wrote to memory of 4248	1316	RdrCEF.exe	RdrCEF.exe
PID 1316 wrote to memory of 4248	1316	RdrCEF.exe	RdrCEF.exe
PID 1316 wrote to memory of 4248	1316	RdrCEF.exe	RdrCEF.exe
PID 1316 wrote to memory of 4248	1316	RdrCEF.exe	RdrCEF.exe
PID 1316 wrote to memory of 4248	1316	RdrCEF.exe	RdrCEF.exe
PID 1316 wrote to memory of 4248	1316	RdrCEF.exe	RdrCEF.exe
PID 1316 wrote to memory of 2228	1316	RdrCEF.exe	RdrCEF.exe
PID 1316 wrote to memory of 2228	1316	RdrCEF.exe	RdrCEF.exe
PID 1316 wrote to memory of 2228	1316	RdrCEF.exe	RdrCEF.exe
PID 1316 wrote to memory of 2228	1316	RdrCEF.exe	RdrCEF.exe
PID 1316 wrote to memory of 2228	1316	RdrCEF.exe	RdrCEF.exe
PID 1316 wrote to memory of 2228	1316	RdrCEF.exe	RdrCEF.exe
PID 1316 wrote to memory of 2228	1316	RdrCEF.exe	RdrCEF.exe
PID 1316 wrote to memory of 2228	1316	RdrCEF.exe	RdrCEF.exe
PID 1316 wrote to memory of 2228	1316	RdrCEF.exe	RdrCEF.exe
PID 1316 wrote to memory of 2228	1316	RdrCEF.exe	RdrCEF.exe
PID 1316 wrote to memory of 2228	1316	RdrCEF.exe	RdrCEF.exe
PID 1316 wrote to memory of 2228	1316	RdrCEF.exe	RdrCEF.exe
PID 1316 wrote to memory of 2228	1316	RdrCEF.exe	RdrCEF.exe
PID 1316 wrote to memory of 2228	1316	RdrCEF.exe	RdrCEF.exe
PID 1316 wrote to memory of 2228	1316	RdrCEF.exe	RdrCEF.exe
PID 1316 wrote to memory of 2228	1316	RdrCEF.exe	RdrCEF.exe
PID 1316 wrote to memory of 2228	1316	RdrCEF.exe	RdrCEF.exe
PID 1316 wrote to memory of 2228	1316	RdrCEF.exe	RdrCEF.exe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\folder-4\4\777.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3044

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
- Suspicious use of WriteProcessMemory
PID:1316

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=CFD1614CF2394C262A1EB164F7F1C8A8 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=CFD1614CF2394C262A1EB164F7F1C8A8 --renderer-client-id=2 --mojo-platform-channel-handle=1628 --allow-no-sandbox-job /prefetch:1
3⤵
PID:4248

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=24DBD2676F1A6EE5FF1E9681567F367E --mojo-platform-channel-handle=1636 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:2228

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=52CAFECE7F7EE117BE424C05CA0D3564 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=52CAFECE7F7EE117BE424C05CA0D3564 --renderer-client-id=4 --mojo-platform-channel-handle=2224 --allow-no-sandbox-job /prefetch:1
3⤵
PID:2320

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=4683099803957DD3B5E35D5CD121288A --mojo-platform-channel-handle=2476 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:4332

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B11D23E423B485F95655F1567D8117ED --mojo-platform-channel-handle=1892 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:4720

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=463EA09A6B08A790208D51C7176F468D --mojo-platform-channel-handle=2556 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:964

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4540

C:\Windows\system32\pcwrun.exe
C:\Windows\system32\pcwrun.exe "C:\Users\Admin\AppData\Local\Temp\folder-4\4\777.exe" ContextMenu
1⤵
PID:2140

C:\Windows\System32\msdt.exe
C:\Windows\System32\msdt.exe -path C:\Windows\diagnostics\index\PCWDiagnostic.xml -af C:\Users\Admin\AppData\Local\Temp\PCW4C6C.xml /skip TRUE
2⤵
- Suspicious use of FindShellTrayWindow
PID:1908

C:\Windows\System32\sdiagnhost.exe
C:\Windows\System32\sdiagnhost.exe -Embedding
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5104

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\x0ghzfnl\x0ghzfnl.cmdline"
2⤵
PID:1084

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES4FC7.tmp" "c:\Users\Admin\AppData\Local\Temp\x0ghzfnl\CSC3174E08443634F16891FC2905D2CC476.TMP"
3⤵
PID:2240

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\mex4kcje\mex4kcje.cmdline"
2⤵
PID:1748

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES5034.tmp" "c:\Users\Admin\AppData\Local\Temp\mex4kcje\CSC4BB3525986FE4EC382564AC79638C4BC.TMP"
3⤵
PID:2896

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ykzyuhor\ykzyuhor.cmdline"
2⤵
PID:4692

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES53DE.tmp" "c:\Users\Admin\AppData\Local\Temp\ykzyuhor\CSCACA6DB58FAF84A879246DE324247A54B.TMP"
3⤵
PID:292

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2300

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\folder-4\4\cv_debug.log
1⤵
PID:1476

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\folder-4\4\777.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:3868

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
PID:5032

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=7271080BEFFC4CF48C3ECF2E485B7060 --mojo-platform-channel-handle=1612 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:3080

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=A5EA8BB6900D296CCA75BF16A72E8250 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=A5EA8BB6900D296CCA75BF16A72E8250 --renderer-client-id=2 --mojo-platform-channel-handle=1652 --allow-no-sandbox-job /prefetch:1
3⤵
PID:352

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=68E1E64281736E9A60C05B6E29812AB9 --mojo-platform-channel-handle=2296 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:712

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=04540A564B18C60CF0BE6F4E2AFE204B --mojo-platform-channel-handle=2416 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:2876

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=2F3F5B14C84F015BDD2570B507B269FD --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=2F3F5B14C84F015BDD2570B507B269FD --renderer-client-id=6 --mojo-platform-channel-handle=1632 --allow-no-sandbox-job /prefetch:1
3⤵
PID:3120

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=20C14B496447CB66279FA8E091E5BD48 --mojo-platform-channel-handle=2652 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:1308

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=6B7CB1E0830CFF0E60F420B7794B062C --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=6B7CB1E0830CFF0E60F420B7794B062C --renderer-client-id=10 --mojo-platform-channel-handle=2676 --allow-no-sandbox-job /prefetch:1
3⤵
PID:4920

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2484

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1
Filesize
264KB

MD5
8e26f8a51b25e8dfc081de513e86a428

SHA1
76c5878b82cf4decad2c36a3e54419c10253ff1c

SHA256
b43751e15d7513adba364c773752ad3b926484b087198f4fcea1eb809b93170d

SHA512
00e57d089e23a47ba9d349e633a802a4ca5d926722c65773dc6eee335fbbca6cc97e8c568d20f6d9bcc7a80911da07025b9ba0a93dcc7f792dae936d101f5ecd

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG
Filesize
289B

MD5
96ab072699e9ead5bee36bfd43fe1d2e

SHA1
95bbdd8dcfaf3749cc62a0d1d5c5bc29fe50406e

SHA256
fd03e77e15d49b1ca0355f7f08c653f70f9fc4ee6e17fd573d8a9dbf26006a1a

SHA512
118c4bf372ca897bbe86f1d0c5c44be3cdf9de987fd80fc5ee1b75bb230c681c873db57384f88968052036e5d591fb70dfe1503f2342f8f17364589fd4d27255

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links
Filesize
128KB

MD5
969861412e58c13b9c8a831673287ab0

SHA1
a473d16b83a4efd6173b70ab6ad0ae57b7d8e35d

SHA256
03749fd9dcf86c3bcb14e1ef162b100037ddb62e024ed9e943be5d441e985de2

SHA512
cf6bdaf504231582c48255fcd96538adb34e67205a40d3a785b435521626e25935b9ff2344fae48944ca1eab679cbdcb573259b45ff7d1197d4a12945d8e4b5a

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
Filesize
64KB

MD5
a492f124856b378dc8e9e5bd5f55fa76

SHA1
2bae519f0bc0dcd81f1de0d45ffa8069c0e5768c

SHA256
34cd07cec5b714f51b8c11ea52311b229d083eccec968ccfd547f061ad37bd25

SHA512
4a92871e171c0c6a24b99624f2834a758655d3e38a7c07c44a2742b06c84eaae109caed2ebd530bf83f93b297a507ff8878322f9dc602ac5738b883a41a2d4cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
Filesize
64KB

MD5
93676a5e4840bd3a77dccce5cff07960

SHA1
ee3196b586f5953827cd6fdde58210bfad5a0761

SHA256
802064c6c1c169bbe4f687e1aa0974fe8edb43937543b79b422953591eb30ec8

SHA512
526295fd7c85410f42b64b81e881407e3da3cc18a452da414953af9e64a1d399f42fb2cfb3e83fd7aee2efcf90b610f7c89da4c56ba583cde004112977cf7207

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
Filesize
64KB

MD5
0cc655ef4ba81c834cada7dfc9e3e1ff

SHA1
a9844e6f60b2cbfb94dd1f0b49c0d8d42c1118fe

SHA256
9c2654cffbeb4a99df3553e8a7db9e6ad0eb23734ace526e35d998d25142d32d

SHA512
0b8739ca74b01e64f1e2238aad4b7297028626a87085a6b916e7704ddf96022821c0153b58c76701891c12d43727508ec81c3790862b63639216e64d07b3be5a

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
Filesize
64KB

MD5
0957db6e51916a5b256bfb7e9e10257b

SHA1
fbc55df07245f28763a7741cb550230a54a45a5b

SHA256
9653c8aa3f66fc9dc35e05b2b33396bab7ee4effc7a2dab0a5bf348595692988

SHA512
5c86fa5455efce51726f9f81fb429d9dac306757dde98c534dce17d9cf29abb072a31d1bbf43ac0d2051784c7c98b5c8a9e757ef5812242ba09bc754ad5d1e8b

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\DesktopNotification\NotificationsDB\notificationsDB
Filesize
24KB

MD5
4fe2b64a2631d0d6eb30b8f42b49bcf5

SHA1
10c931554e79c2f4280a65ef2ad57ff61a2429ec

SHA256
4901703febb24c665059d25ae6d0769c55051bcdc1b7a72b600252d4c3b0eca0

SHA512
8ad48178aa8d835e0c2028688e41f575e50e21b6b4b59161d08984c300911fda1a4614738bfa5557c3f2d254373a61497b491cbc7fb163afea2dbe08fcb67004

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat
Filesize
260KB

MD5
5a074d0203c956d0f4d21c4ef7d0dfa3

SHA1
6edf53b1bc75edf0a3a112863bf521afb24a09fb

SHA256
d676d6a0e612c88aca0d94e65947c6f6ba7f2e9ecec5e92b808474504a73e13a

SHA512
07ec5e4fbef5ecb13935e0a9ffafdd81e764866fb79baab51710491248243b335d981557a4ba38e1792bd08fab51cd3055482af5166bf199a28b9ef396dec703

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents
Filesize
12KB

MD5
6997531b0addf34261077ffab9553dfd

SHA1
2f2688aa6130b189ed09f0b60d78965099cc929b

SHA256
d66e85409e39687172c8a9e1f8a24d40b83f6a88342d8b27d3ce8713ce276655

SHA512
ba87b18617875dfdce08d5a92334c5461a2b31812ae15ada0f0d7adcf2935390ffcaf6681ce5ac277ff1a9df104056bfc107d81d6f365005adf65f93bf3ffe11

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\UserCache.bin
Filesize
38KB

MD5
9ffe6a4c8d9fb25491464ed2c180e70d

SHA1
b9d740aebd10f17a0d2388b58072a33f817793cf

SHA256
5dec955cd071c1dc1c62f1bc821a353d03fc5c27edb1f5a8ab08d79c9d3911ba

SHA512
55769a29abd3e8bfed613838b080b476a2fcdc805c16fd8fd444045343b3fa6b127af5c1a8bb52b4150cc47bd99b24918e3972d80a653667ad4705ce14ddbea0

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\733862231\2024070103.000\PCW.debugreport.xml
Filesize
3KB

MD5
f4b903e739cb9c6e2e864d96a1419db0

SHA1
cf123297ba266f47affcf8202679f0d8cdb220ae

SHA256
4afd0b0266fa5ce61f2076573223bcc590193cafc009d0d251913be8a1fce113

SHA512
bc0ffee865bfd956b08e90a3c148feea3057a5e5b89a23dd74706b76e2e865176747ebd52e1b15e744754c0222059791a9ac8df1def8e5677bd2b1e09defe0b0

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\733862231\2024070103.000\ResultReport.xml
Filesize
1KB

MD5
a0e4da42d69a6762b7d51d7bccadf525

SHA1
2df2f9d746060161dbdb2e4c8256620003e466f4

SHA256
3b7ec916bb4541d851b9b8af2c4afef04a2058a7cb4804d428b8d6d1552ab5ed

SHA512
b18661223621f7106c98aa3785f2502b9baa291f6012915787cbea562ea6a92f7cd67733018967ec1a34bbcec33c0738a0c7227bd419de8998300d6163b67655

Download Submit
C:\Users\Admin\AppData\Local\ElevatedDiagnostics\733862231\2024070103.000\results.xsl
Filesize
47KB

MD5
310e1da2344ba6ca96666fb639840ea9

SHA1
e8694edf9ee68782aa1de05470b884cc1a0e1ded

SHA256
67401342192babc27e62d4c1e0940409cc3f2bd28f77399e71d245eae8d3f63c

SHA512
62ab361ffea1f0b6ff1cc76c74b8e20c2499d72f3eb0c010d47dba7e6d723f9948dba3397ea26241a1a995cffce2a68cd0aaa1bb8d917dd8f4c8f3729fa6d244

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
Filesize
28KB

MD5
6e610fd0d30715ce03534bd6b6de8f1e

SHA1
0aac2f80b62c906a05c3c81f2fff162506b301e6

SHA256
d2c25a90e06072d0d7cf8f56bc80dd51c7ea1c11914cc978702a32a83d0a10ed

SHA512
ec369bec1dbd5a90d0fc55a96e7527815be80c410a43e5ef367023de3b47ec62b3f850f59a05bb613cc447640db5db9d07c38f0d06fd67ad4b695759fa0cf340

Download Submit
C:\Users\Admin\AppData\Local\Temp\PCW4C6C.xml
Filesize
744B

MD5
002becd9d0819de37f9540f3ed2f8b51

SHA1
c36be820fcfdc44729cdba7dcb0cd1007dc7d18d

SHA256
90e841c2bb4733a0c9bed2c53e662f5dfc3867e0d3e8442f736016751c3fcea3

SHA512
d163d35cd4c2196b9435ec8e63815c01cb2913035c14105de9bdd57b44f46ac781e27bb2e415fab11c12d08c20944c7cfe55efc6e23e42e80f12bbbbb9cedfa5

Download Submit
C:\Users\Admin\AppData\Local\Temp\RES4FC7.tmp
Filesize
1KB

MD5
f120d633ca3bac87039ccec256677a5a

SHA1
61df558094acb5cb8d4cd2966db3e134e3a55c37

SHA256
0fe8c8488239ac0dbe9d3798fc52e9abc16ef18239a076fc60e50f01f7e0bc37

SHA512
d716b6a75d9dabcce456da353aa1aa75c13bc26d2f59d9ab54d98d7d6d0c4d8bfa7b6bc86c951b4390a25109671bc92f51c229e95d3ca5bb5d0d7e8ce94920f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\RES5034.tmp
Filesize
1KB

MD5
f11d50126cf7cd6cbc4fe762582dbedc

SHA1
a2f435e051aa1bb5c0ccc3fe1515595e16d14dfa

SHA256
59e4d59be5c6ceff98556fdb0bdc57564f92a73086a64e33c08f4bdd653c6412

SHA512
3f822bc1c9b29c0b490425c33d2f0444664df63982f118b2ccdf659ead075c94cb0815ac2c05cbfc4b7a32167d886ea6cf07a81e9256b096819e9a8d10eccf32

Download Submit
C:\Users\Admin\AppData\Local\Temp\RES53DE.tmp
Filesize
1KB

MD5
9acb5dd93075409553c3c41008c6f452

SHA1
fbed52c43302e55441df8de036a57fd5894049b7

SHA256
8c817a1a409c97ac7654805fb3745a15e61dfd0dd6c2a4ade103fd49f3fb1ecf

SHA512
3f43283d46a1d3f786429b271649b3ec86676a3f6e1fce951459062043e73a32db19b7833f44100af9a4f076de983b11d2614fa2a77bb2e6da5e604fda1fdc80

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_kj0ddqs0.1hq.ps1
Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
C:\Users\Admin\AppData\Local\Temp\mex4kcje\mex4kcje.dll
Filesize
3KB

MD5
86c4a5423e5de3bd3b9008f40eea963d

SHA1
3ddf43cfec22b8b6527f65b1350db6fec4aada10

SHA256
6001abd3ef74cee28eb42a9fa93cc91c1969d1bdc151b3dade1e6cb4eaa21db5

SHA512
0618ee32a77b879dfa8e0423805f1ed89e2abe0870499b84b047cc5bb3cbac6df7d3464c9bcfce0ecabde0d8da88bc9e1f93e7905c414555848f83816ff0b6aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\x0ghzfnl\x0ghzfnl.dll
Filesize
5KB

MD5
11c9887ffa6d373498bf7dd4399d2e82

SHA1
02749c22158ef5d60b8868ef481d307c641d84e8

SHA256
fbf2cda508651b1bda9b7f79dd0a712fe772031637dd41986a2a3880d3a6cd66

SHA512
06aae40996210f738f5bb0b0fbd2ac1679fd8043e3a24196697df3c1b210645e87eaac26a4f5678a015934529a327063fe685a838c182c06ae7b7fc4ff6174f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\ykzyuhor\ykzyuhor.dll
Filesize
6KB

MD5
4eb090df09de515c222410f0818b77fa

SHA1
6e555b081876fe722502a8a902a8b5a32066cf76

SHA256
291f1e9b4824631a5902e65318bc56c94c5509f7635543fd71f05b60accdb5c8

SHA512
b47258f0f76776dcbc62b6622ccc4d5ad05f6737ebaae008e9b50fc8a76890068bc466c93562c95dfe360a9775e473c9e496e5a3db53e9b60656f2704364481e

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_store
Filesize
10KB

MD5
901d25567d157801c3ec232f208f4006

SHA1
07515a525235aae1502e9cd41c184b87636449f5

SHA256
267c5ed84585da467b7c93c94554cf71a1b953f3a5aa7284068266370e2f87a5

SHA512
e9f391e7678b2541cede25b54f5af59f5752c19e63c5f840f3f56373aa36567ca3d77f6ab0c2ede03bc5d41348c3ec6a2bb3f0007b61df5df592cb945e054feb

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei
Filesize
23KB

MD5
3b80bd915a08abc485cce6d0b0ad04ad

SHA1
0074656728341c28f0cfa005fde3ec0693195704

SHA256
4e3c3872ef5205fd6be705012c054633309e5e02ee47594c3fafbbf34061e955

SHA512
27c8c621f61d10225f509127beb147c63171ce3df09f905d3a85f5c2d9d1f8a858e922f645608053b5f5b6df874c3d16702cbb9eac59544968a16b7acf3fd045

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storek
Filesize
264B

MD5
ffa1a862312679e28b94e099f08b900d

SHA1
6fd7e675f00376f7bce9bd4cd0b584ec2be6e37a

SHA256
a96d472cbc714c8f5f2ef1178bfb629ea6e56d980702c5e0b23425f46f38775e

SHA512
088b144e8f7e14d944b8e3ba58e2c0906e1686d7ce1ebc060fcce65db7e7a042f083c6720b7099b91837150b9ea5abdcfe7ccee67e1b32b1ba4ff5aa36a7ecb1

Download Submit
C:\Windows\TEMP\SDIAG_e6b83234-6199-4acc-a584-9600cb3c256f\RS_ProgramCompatibilityWizard.ps1
Filesize
41KB

MD5
a49550a947238f4e23a81f8c765da712

SHA1
0c3daf73301d87c958d7f4f840bf060d87312d8d

SHA256
baf71bcc730ab740670653283eb97a6991af6d52bc82ad83dcc66e9ce9a9dd68

SHA512
3f0cb6e664bd7a998f81b783abaf37dc68ea55360ab021611c2336999b4b61bf6797ba9c427ad93b60c6382cb016c2f8474bc3fce0af85c823583be1d3013f02

Download Submit
C:\Windows\TEMP\SDIAG_e6b83234-6199-4acc-a584-9600cb3c256f\TS_ProgramCompatibilityWizard.ps1
Filesize
16KB

MD5
2c245de268793272c235165679bf2a22

SHA1
5f31f80468f992b84e491c9ac752f7ac286e3175

SHA256
4a6e9f400c72abc5b00d8b67ea36c06e3bc43ba9468fe748aebd704947ba66a0

SHA512
aaecb935c9b4c27021977f211441ff76c71ba9740035ec439e9477ae707109ca5247ea776e2e65159dcc500b0b4324f3733e1dfb05cef10a39bb11776f74f03c

Download Submit
C:\Windows\TEMP\SDIAG_e6b83234-6199-4acc-a584-9600cb3c256f\en-US\CL_LocalizationData.psd1
Filesize
6KB

MD5
5202c2aaa0bbfbcbdc51e271e059b066

SHA1
3f6a9ffb0455edc6a7e4170b54def16fd6e09a28

SHA256
7fd5c0595d76d6dec1fcbace5bbcd8ff531d5acf97e53234c0008ff5a89d20e2

SHA512
77500b97fcd6fe985962f8430f97627fedcf5af72d73d5e2b03e130bca1b6b552971b569be5fca5c9ece75ab92c2e4be416d67a0f24d3830d9579e5f96103ac9

Download Submit
C:\Windows\Temp\SDIAG_e6b83234-6199-4acc-a584-9600cb3c256f\DiagPackage.dll
Filesize
65KB

MD5
e99b38cf7f4a92fc8b1075f5d573049d

SHA1
406004e7acd41b3a10daae89f886ef8b13b27c32

SHA256
812ebb05968818932d82e79422f6fd6c510fd1b14d20634e339c61faeb24b142

SHA512
5637e6e949c24dca3b607b4f8b5745e0bb557e746fc17eff1274af36d52d5d7576723f4cd055fcf8fcf9fd267254e6d7fbb53cc173a15d3dfd3cce2015ac757d

Download Submit
C:\Windows\Temp\SDIAG_e6b83234-6199-4acc-a584-9600cb3c256f\en-US\DiagPackage.dll.mui
Filesize
11KB

MD5
65e3646b166a1d5ab26f3ac69f3bf020

SHA1
4ef5e7d7e6b3571fc83622ee44102b2c3da937ff

SHA256
96425923a54215ca9cdbe488696be56e67980829913edb8b4c8205db0ba33760

SHA512
a3782bfa3baf4c8151883fe49a184f4b2cba77c215921b6ce334048aee721b5949e8832438a7a0d65df6b3cbd6a8232ab17a7ad293c5e48b04c29683b34ecee2

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\mex4kcje\CSC4BB3525986FE4EC382564AC79638C4BC.TMP
Filesize
652B

MD5
98cf10940f1fc8f7c0cc7f80b11543ce

SHA1
d174111b4b468871365558827ad12d8a38f353d2

SHA256
ff63a9005b48f97aed9b1c622f79c61bac1b0032a6be0f5573f3265df1eec7bf

SHA512
92279532384c6f39dcfa090734ecce9f19a6218aca90bca24aca7aacf6179a5247779fa063144bfa8e60c0b8f0ad8eeaf2f1d5fe8a215417b6aa3d25404285c4

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\mex4kcje\mex4kcje.0.cs
Filesize
791B

MD5
3880de647b10555a534f34d5071fe461

SHA1
38b108ee6ea0f177b5dd52343e2ed74ca6134ca1

SHA256
f73390c091cd7e45dac07c22b26bf667054eacda31119513505390529744e15e

SHA512
2bf0a33982ade10ad49b368d313866677bca13074cd988e193b54ab0e1f507116d8218603b62b4e0561f481e8e7e72bdcda31259894552f1e3677627c12a9969

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\mex4kcje\mex4kcje.cmdline
Filesize
356B

MD5
188bced2767334be08a5fd4661c2b5ed

SHA1
24861861a03b8f7e90a563cd54ba5f989064bd95

SHA256
e3b2fabf5c18193b1b63b38b78221c0a1eef3b3263bbfaad04a4c5523fb30ac7

SHA512
d7037065d7ae80009dfa295a3784c195bc8e6184b68bb47c9f52917c4d131819aa2c297fb61be49642f5c1cc8b4775ca937ebe45d761fb59ae933358050419f5

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\x0ghzfnl\CSC3174E08443634F16891FC2905D2CC476.TMP
Filesize
652B

MD5
f86368d00670d5630161b22db73fbbf2

SHA1
17fc92560b4529e07fb6c413815789ff6a894d1c

SHA256
298ce15b61055d809bfe9dba4d67fae078a4f13c6aa500a11994b8cfb0c5d11a

SHA512
1e4396e4ae266f8045dd527024acc33305d53b700735bd9d23eee741db3ffdc7812540e4630c5679eda23b1d1f101281b0d3fc2815559215629f24195fc668da

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\x0ghzfnl\x0ghzfnl.0.cs
Filesize
5KB

MD5
26294ce6366662ebde6319c51362d56c

SHA1
c571c0ffa13e644eed87523cbd445f4afb1983d1

SHA256
685699daafafa281093b5c368c4d92715949fc300b182d234e800e613be5d8dc

SHA512
bc91bb591368bc511ca5169b3c23cd69a163eeb77f0d7a083fe09cc6aa15d7044a24f95811fa1518f44368dffda6d346f44e1568e7a5373a6450a63ae31883ee

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\x0ghzfnl\x0ghzfnl.cmdline
Filesize
356B

MD5
117510824b1e3e2a168c04f66d8ae502

SHA1
712aa005e72aa694351ced777b35a688893a46d2

SHA256
490abf6242c28e80808ac6e1a9e9ff00b445a18b059d27e1f99033534cf21bb5

SHA512
d0c64ce437fb09177e38a5ab60b2a3d296ec252f7f96dbb4da97572435d1b4b91d0be203e42d6d7ff4afbed6f69193efa83e906819105b2245d5709a6273d794

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\ykzyuhor\CSCACA6DB58FAF84A879246DE324247A54B.TMP
Filesize
652B

MD5
5ed657b01aa57441241305bb212f80cc

SHA1
64719dfd65c689f3dc640dc4e7a51c788be5662d

SHA256
7be6625d935b7db6c2172d45f11a2b489328ad0a2f316ca9c6f3c3aa71c948cd

SHA512
447d80b0a73361ac70565db6d7b7f9b6cfbd9d22db1e145a351275b77734fc15f2797242211aa9b6c1d3c2a3376c267056f0fb4234cdf7e73c1e39ccbab1c568

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\ykzyuhor\ykzyuhor.0.cs
Filesize
7KB

MD5
a6a5eb65b434fd6612543820a3e623f0

SHA1
a2034ad0126c821a52d46d7c8289f136bde963c7

SHA256
5e06c62640983f93e9ec11fecd221c238f537cf110f03a61049a25eb6030c02c

SHA512
0bcd9e7662731750f90510fa9f3f83afaa688636f0e312343ed05b420e4d3311d25b08370a705e2e43b0b4619541e0af9f213b27845b4e95155180ecf989d483

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\ykzyuhor\ykzyuhor.cmdline
Filesize
356B

MD5
b8a645f35bf9ae996d44cfc53dfb3181

SHA1
cda503c78ef851c78f5595dc2c09d24849766bdd

SHA256
e574de921cfceb1b92dfde685fbd5f5a282e310470cc4f9c68fb8a2979024aa3

SHA512
412bf1e0f90a50fb3d8ea9177d7a875655ae701bad0e3b594a9790bad4c4dbcfc8385e3d91b47c1b92719e13af5e2aa23682cbfd691f3ead097d0a1e81a94c05

Download Submit
memory/5104-279-0x0000022736CB0000-0x0000022736CB8000-memory.dmp

Filesize
32KB

Download
memory/5104-441-0x0000022737210000-0x0000022737348000-memory.dmp

Filesize
1.2MB

Download
memory/5104-329-0x00000227371A0000-0x00000227371A8000-memory.dmp

Filesize
32KB

Download
memory/5104-293-0x0000022736D10000-0x0000022736D18000-memory.dmp

Filesize
32KB

Download
memory/5104-249-0x0000022736D70000-0x0000022736DE6000-memory.dmp

Filesize
472KB

Download
memory/5104-246-0x0000022736CC0000-0x0000022736CE2000-memory.dmp

Filesize
136KB

Download