bff9db5634b34ea8bd0300bae1c6efc01824c5f59050de5bbec163febbb5a930

General

Target

Brochure.pdf
Size

1.2MB
MD5

8a639bda00bf6594c7260f09e287fe92
SHA1

7e916126542e018d3988ce8bda9afbbeddc289b3
SHA256

bff9db5634b34ea8bd0300bae1c6efc01824c5f59050de5bbec163febbb5a930
SHA512

b28b576e52ecb4b9714a92baf653100388b7e51c508ba061b537efa51bb442f51c8b7aeddc386eacf54c1c70ff8cf4a7b41000a8a31b3ff42fcebfb30e8c846d

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AcroRd32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

AcroRd32.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 1 IoCs

Processes:

AdobeCollabSync.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\MuiCache AdobeCollabSync.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings\MuiCache	AdobeCollabSync.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

Processes:

AcroRd32.exe

pid	process
732	AcroRd32.exe
732	AcroRd32.exe
732	AcroRd32.exe
732	AcroRd32.exe
732	AcroRd32.exe
732	AcroRd32.exe
732	AcroRd32.exe
732	AcroRd32.exe
732	AcroRd32.exe
732	AcroRd32.exe
732	AcroRd32.exe
732	AcroRd32.exe
732	AcroRd32.exe
732	AcroRd32.exe
732	AcroRd32.exe
732	AcroRd32.exe
732	AcroRd32.exe
732	AcroRd32.exe
732	AcroRd32.exe
732	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

AcroRd32.exe

pid process

732 AcroRd32.exe
Suspicious use of SetWindowsHookEx 7 IoCs

Processes:

AcroRd32.exe

pid process

732 AcroRd32.exe
732 AcroRd32.exe
732 AcroRd32.exe
732 AcroRd32.exe
732 AcroRd32.exe
732 AcroRd32.exe
732 AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

AcroRd32.exeAdobeCollabSync.exeAdobeCollabSync.exeRdrCEF.exe

description	pid	process	target process
PID 732 wrote to memory of 4052	732	AcroRd32.exe	AdobeCollabSync.exe
PID 732 wrote to memory of 4052	732	AcroRd32.exe	AdobeCollabSync.exe
PID 732 wrote to memory of 4052	732	AcroRd32.exe	AdobeCollabSync.exe
PID 4052 wrote to memory of 2636	4052	AdobeCollabSync.exe	AdobeCollabSync.exe
PID 4052 wrote to memory of 2636	4052	AdobeCollabSync.exe	AdobeCollabSync.exe
PID 4052 wrote to memory of 2636	4052	AdobeCollabSync.exe	AdobeCollabSync.exe
PID 2636 wrote to memory of 2000	2636	AdobeCollabSync.exe	FullTrustNotifier.exe
PID 2636 wrote to memory of 2000	2636	AdobeCollabSync.exe	FullTrustNotifier.exe
PID 2636 wrote to memory of 2000	2636	AdobeCollabSync.exe	FullTrustNotifier.exe
PID 732 wrote to memory of 2660	732	AcroRd32.exe	RdrCEF.exe
PID 732 wrote to memory of 2660	732	AcroRd32.exe	RdrCEF.exe
PID 732 wrote to memory of 2660	732	AcroRd32.exe	RdrCEF.exe
PID 2660 wrote to memory of 2940	2660	RdrCEF.exe	RdrCEF.exe
PID 2660 wrote to memory of 2940	2660	RdrCEF.exe	RdrCEF.exe
PID 2660 wrote to memory of 2940	2660	RdrCEF.exe	RdrCEF.exe
PID 2660 wrote to memory of 2940	2660	RdrCEF.exe	RdrCEF.exe
PID 2660 wrote to memory of 2940	2660	RdrCEF.exe	RdrCEF.exe
PID 2660 wrote to memory of 2940	2660	RdrCEF.exe	RdrCEF.exe
PID 2660 wrote to memory of 2940	2660	RdrCEF.exe	RdrCEF.exe
PID 2660 wrote to memory of 2940	2660	RdrCEF.exe	RdrCEF.exe
PID 2660 wrote to memory of 2940	2660	RdrCEF.exe	RdrCEF.exe
PID 2660 wrote to memory of 2940	2660	RdrCEF.exe	RdrCEF.exe
PID 2660 wrote to memory of 2940	2660	RdrCEF.exe	RdrCEF.exe
PID 2660 wrote to memory of 2940	2660	RdrCEF.exe	RdrCEF.exe
PID 2660 wrote to memory of 2940	2660	RdrCEF.exe	RdrCEF.exe
PID 2660 wrote to memory of 2940	2660	RdrCEF.exe	RdrCEF.exe
PID 2660 wrote to memory of 2940	2660	RdrCEF.exe	RdrCEF.exe
PID 2660 wrote to memory of 2940	2660	RdrCEF.exe	RdrCEF.exe
PID 2660 wrote to memory of 2940	2660	RdrCEF.exe	RdrCEF.exe
PID 2660 wrote to memory of 2940	2660	RdrCEF.exe	RdrCEF.exe
PID 2660 wrote to memory of 2940	2660	RdrCEF.exe	RdrCEF.exe
PID 2660 wrote to memory of 2940	2660	RdrCEF.exe	RdrCEF.exe
PID 2660 wrote to memory of 2940	2660	RdrCEF.exe	RdrCEF.exe
PID 2660 wrote to memory of 2940	2660	RdrCEF.exe	RdrCEF.exe
PID 2660 wrote to memory of 2940	2660	RdrCEF.exe	RdrCEF.exe
PID 2660 wrote to memory of 2940	2660	RdrCEF.exe	RdrCEF.exe
PID 2660 wrote to memory of 2940	2660	RdrCEF.exe	RdrCEF.exe
PID 2660 wrote to memory of 2940	2660	RdrCEF.exe	RdrCEF.exe
PID 2660 wrote to memory of 2940	2660	RdrCEF.exe	RdrCEF.exe
PID 2660 wrote to memory of 2940	2660	RdrCEF.exe	RdrCEF.exe
PID 2660 wrote to memory of 2940	2660	RdrCEF.exe	RdrCEF.exe
PID 2660 wrote to memory of 2940	2660	RdrCEF.exe	RdrCEF.exe
PID 2660 wrote to memory of 2940	2660	RdrCEF.exe	RdrCEF.exe
PID 2660 wrote to memory of 2940	2660	RdrCEF.exe	RdrCEF.exe
PID 2660 wrote to memory of 2940	2660	RdrCEF.exe	RdrCEF.exe
PID 2660 wrote to memory of 2940	2660	RdrCEF.exe	RdrCEF.exe
PID 2660 wrote to memory of 2940	2660	RdrCEF.exe	RdrCEF.exe
PID 2660 wrote to memory of 2940	2660	RdrCEF.exe	RdrCEF.exe
PID 2660 wrote to memory of 2940	2660	RdrCEF.exe	RdrCEF.exe
PID 2660 wrote to memory of 2940	2660	RdrCEF.exe	RdrCEF.exe
PID 2660 wrote to memory of 2940	2660	RdrCEF.exe	RdrCEF.exe
PID 2660 wrote to memory of 2940	2660	RdrCEF.exe	RdrCEF.exe
PID 2660 wrote to memory of 2940	2660	RdrCEF.exe	RdrCEF.exe
PID 2660 wrote to memory of 2940	2660	RdrCEF.exe	RdrCEF.exe
PID 2660 wrote to memory of 2940	2660	RdrCEF.exe	RdrCEF.exe
PID 2660 wrote to memory of 2716	2660	RdrCEF.exe	RdrCEF.exe
PID 2660 wrote to memory of 2716	2660	RdrCEF.exe	RdrCEF.exe
PID 2660 wrote to memory of 2716	2660	RdrCEF.exe	RdrCEF.exe
PID 2660 wrote to memory of 2716	2660	RdrCEF.exe	RdrCEF.exe
PID 2660 wrote to memory of 2716	2660	RdrCEF.exe	RdrCEF.exe
PID 2660 wrote to memory of 2716	2660	RdrCEF.exe	RdrCEF.exe
PID 2660 wrote to memory of 2716	2660	RdrCEF.exe	RdrCEF.exe
PID 2660 wrote to memory of 2716	2660	RdrCEF.exe	RdrCEF.exe
PID 2660 wrote to memory of 2716	2660	RdrCEF.exe	RdrCEF.exe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Brochure.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:732

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c
2⤵
- Suspicious use of WriteProcessMemory
PID:4052

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c --type=collab-renderer --proc=4052
3⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2636

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe" GetChannelUri
4⤵
PID:2000

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
- Suspicious use of WriteProcessMemory
PID:2660

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=28303EAC8F2A79A0885CC897C693D351 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=28303EAC8F2A79A0885CC897C693D351 --renderer-client-id=2 --mojo-platform-channel-handle=1612 --allow-no-sandbox-job /prefetch:1
3⤵
PID:2940

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=24EF9C5DBCB439B2B302D87A392C78A6 --mojo-platform-channel-handle=1620 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:2716

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=31580BAAEFB416E6E188A0B154B3DB0B --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=31580BAAEFB416E6E188A0B154B3DB0B --renderer-client-id=4 --mojo-platform-channel-handle=2072 --allow-no-sandbox-job /prefetch:1
3⤵
PID:1764

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=65549553C9F26C974B5C37071DE68BF3 --mojo-platform-channel-handle=2472 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:3304

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=85DC81195FE70E79D73142C7803A6413 --mojo-platform-channel-handle=1620 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:2608

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=6DB7049ABED20514E5F32DA663E98DD3 --mojo-platform-channel-handle=2600 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:3656

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
MD5
245950c48f668cf2fcb3c64778e64089

SHA1
3a5a14c820f58e35a3fc6f5de29669f0840587d8

SHA256
a027cf12f2055635a3020f08e0448b2f0314791260ccd25570426088c5b0e307

SHA512
4fc8448536663b551cc716d78715f06d4ed217fbdf755924f0b30aebbb6212798a61c6638f919d5c14bdb6998d6a12f0ca37281f3c7f484c1821fbfc98d4a24d

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
MD5
aebe0d2eb7a2077a55e57a955e62406a

SHA1
3f811b8148f12220f4b45699135e6d21c9847d8a

SHA256
87aa4c64348b534771f03919b5bdca09596e89f6e0cca0a992bb3d290ec4155a

SHA512
efa1b082925a4e478fcea74764bbacb91d43da8c01c4b360a34e6f7402af23f91c93b5e91c6266120e144b5300e8dae73a62a7b6d7c4328410128f6a72a7baed

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
MD5
ab5d987aa7a9b774e6318c81c8608dad

SHA1
463233e075522be5daaa595fc917a110ad515286

SHA256
24a0cf863266f0e1d6683a0f3371115ca2ae724117e562731a5883033a57d5b4

SHA512
2023dabc56863042888cfe88e2dbf9ced8821ac469dbd3e4d8e7574d82b6dd652d08b775e39ccd6e48c43e109f172f951f0cbd6ccb9acb83df977cbf03ed9dc3

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
MD5
97c3d36baf1149affca7c4800d06d85d

SHA1
4194662fa350ddfe0f74a71c850abe02ea9d2b2b

SHA256
339d7ef5934cece9ad72b05aa58a632be1fcc67b7a5dd17ddf8fab35462a315c

SHA512
9220750b8a677cdcd1de9155fcb23a6b5d0a8606bee988cb2b42c0ceae50c0a333651e564ae7a637c8b79124dd7724cd55b4aee6312656ce9449c255c67679c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\resources\resource-18
MD5
c796ce3c7d1788efb240487d0fa3a8aa

SHA1
b4086774c8afd4d014b865a6388cef988be56702

SHA256
1bb129333848ecd72019df65a5efdb6a4f6699a4de253baa48199d4d66f7b51b

SHA512
d6b331ead142f196abcb7285f5a16ce5f8fa90ad24eb3c75b0911bb56e5ca0afef24ca2b0a2251c6dbd961e1d9b15ee061d290d806b27e450274a8659f3a731c

Download Submit
memory/1764-136-0x0000000000000000-mapping.dmp

Download
memory/1764-135-0x0000000000E1C000-0x0000000000E1D000-memory.dmp

Filesize
4KB

Download
memory/2000-122-0x0000000000000000-mapping.dmp

Download
memory/2608-146-0x0000000000000000-mapping.dmp

Download
memory/2608-145-0x0000000000E17000-0x0000000000E18000-memory.dmp

Filesize
4KB

Download
memory/2608-144-0x0000000077882000-0x0000000077883000-memory.dmp

Filesize
4KB

Download
memory/2636-116-0x0000000000000000-mapping.dmp

Download
memory/2660-123-0x0000000000000000-mapping.dmp

Download
memory/2716-130-0x000000000107F000-0x0000000001080000-memory.dmp

Filesize
4KB

Download
memory/2716-128-0x0000000077882000-0x0000000077883000-memory.dmp

Filesize
4KB

Download
memory/2716-131-0x0000000000000000-mapping.dmp

Download
memory/2940-132-0x0000000000E30000-0x0000000000E31000-memory.dmp

Filesize
4KB

Download
memory/2940-127-0x0000000000A40000-0x0000000000A41000-memory.dmp

Filesize
4KB

Download
memory/2940-129-0x0000000000A60000-0x0000000000A61000-memory.dmp

Filesize
4KB

Download
memory/2940-126-0x0000000000000000-mapping.dmp

Download
memory/2940-125-0x0000000000E1C000-0x0000000000E1D000-memory.dmp

Filesize
4KB

Download
memory/2940-124-0x0000000077882000-0x0000000077883000-memory.dmp

Filesize
4KB

Download
memory/3304-140-0x0000000077882000-0x0000000077883000-memory.dmp

Filesize
4KB

Download
memory/3304-141-0x0000000000E86000-0x0000000000E87000-memory.dmp

Filesize
4KB

Download
memory/3304-142-0x0000000000000000-mapping.dmp

Download
memory/3656-148-0x0000000077882000-0x0000000077883000-memory.dmp

Filesize
4KB

Download
memory/3656-149-0x00000000013A5000-0x00000000013A6000-memory.dmp

Filesize
4KB

Download
memory/3656-150-0x0000000000000000-mapping.dmp

Download
memory/4052-115-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads