ae58bd0ace7bbbeaad790a8e2c2818809053ae92859afd0aaec89a59c7cc1d72

General

Target

Brochure.pdf
Size

1.4MB
MD5

dd01278a3081633066aaff750adbb60d
SHA1

288fc0fd27df780185e73705ade85e1d174e48ed
SHA256

ae58bd0ace7bbbeaad790a8e2c2818809053ae92859afd0aaec89a59c7cc1d72
SHA512

8eabad6d924b97d538727ebb9774a66172f9c26860e3aa2bab6282c9a804c7d5176306ad06f1bdacf6613c3b1c683ea35f9cac710f2fc0ca4e99aa41e22c533c

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AcroRd32.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

AcroRd32.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 1 IoCs

Processes:

AdobeCollabSync.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000_Classes\Local Settings\MuiCache AdobeCollabSync.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2632097139-1792035885-811742494-1000_Classes\Local Settings\MuiCache	AdobeCollabSync.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

Processes:

AcroRd32.exeAdobeARM.exe

pid	process
2016	AcroRd32.exe
2016	AcroRd32.exe
2016	AcroRd32.exe
2016	AcroRd32.exe
2016	AcroRd32.exe
2016	AcroRd32.exe
2016	AcroRd32.exe
2016	AcroRd32.exe
2016	AcroRd32.exe
2016	AcroRd32.exe
2016	AcroRd32.exe
2016	AcroRd32.exe
2016	AcroRd32.exe
2016	AcroRd32.exe
2016	AcroRd32.exe
2016	AcroRd32.exe
2016	AcroRd32.exe
2016	AcroRd32.exe
3976	AdobeARM.exe
3976	AdobeARM.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

AcroRd32.exe

pid process

2016 AcroRd32.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

AcroRd32.exeAdobeARM.exe

pid process

2016 AcroRd32.exe
2016 AcroRd32.exe
2016 AcroRd32.exe
2016 AcroRd32.exe
2016 AcroRd32.exe
3976 AdobeARM.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

AcroRd32.exeAdobeCollabSync.exeRdrCEF.exe

description	pid	process	target process
PID 2016 wrote to memory of 4888	2016	AcroRd32.exe	AdobeCollabSync.exe
PID 2016 wrote to memory of 4888	2016	AcroRd32.exe	AdobeCollabSync.exe
PID 2016 wrote to memory of 4888	2016	AcroRd32.exe	AdobeCollabSync.exe
PID 4888 wrote to memory of 2088	4888	AdobeCollabSync.exe	AdobeCollabSync.exe
PID 4888 wrote to memory of 2088	4888	AdobeCollabSync.exe	AdobeCollabSync.exe
PID 4888 wrote to memory of 2088	4888	AdobeCollabSync.exe	AdobeCollabSync.exe
PID 2016 wrote to memory of 4536	2016	AcroRd32.exe	RdrCEF.exe
PID 2016 wrote to memory of 4536	2016	AcroRd32.exe	RdrCEF.exe
PID 2016 wrote to memory of 4536	2016	AcroRd32.exe	RdrCEF.exe
PID 4536 wrote to memory of 4976	4536	RdrCEF.exe	RdrCEF.exe
PID 4536 wrote to memory of 4976	4536	RdrCEF.exe	RdrCEF.exe
PID 4536 wrote to memory of 4976	4536	RdrCEF.exe	RdrCEF.exe
PID 4536 wrote to memory of 4976	4536	RdrCEF.exe	RdrCEF.exe
PID 4536 wrote to memory of 4976	4536	RdrCEF.exe	RdrCEF.exe
PID 4536 wrote to memory of 4976	4536	RdrCEF.exe	RdrCEF.exe
PID 4536 wrote to memory of 4976	4536	RdrCEF.exe	RdrCEF.exe
PID 4536 wrote to memory of 4976	4536	RdrCEF.exe	RdrCEF.exe
PID 4536 wrote to memory of 4976	4536	RdrCEF.exe	RdrCEF.exe
PID 4536 wrote to memory of 4976	4536	RdrCEF.exe	RdrCEF.exe
PID 4536 wrote to memory of 4976	4536	RdrCEF.exe	RdrCEF.exe
PID 4536 wrote to memory of 4976	4536	RdrCEF.exe	RdrCEF.exe
PID 4536 wrote to memory of 4976	4536	RdrCEF.exe	RdrCEF.exe
PID 4536 wrote to memory of 4976	4536	RdrCEF.exe	RdrCEF.exe
PID 4536 wrote to memory of 4976	4536	RdrCEF.exe	RdrCEF.exe
PID 4536 wrote to memory of 4976	4536	RdrCEF.exe	RdrCEF.exe
PID 4536 wrote to memory of 4976	4536	RdrCEF.exe	RdrCEF.exe
PID 4536 wrote to memory of 4976	4536	RdrCEF.exe	RdrCEF.exe
PID 4536 wrote to memory of 4976	4536	RdrCEF.exe	RdrCEF.exe
PID 4536 wrote to memory of 4976	4536	RdrCEF.exe	RdrCEF.exe
PID 4536 wrote to memory of 4976	4536	RdrCEF.exe	RdrCEF.exe
PID 4536 wrote to memory of 4976	4536	RdrCEF.exe	RdrCEF.exe
PID 4536 wrote to memory of 4976	4536	RdrCEF.exe	RdrCEF.exe
PID 4536 wrote to memory of 4976	4536	RdrCEF.exe	RdrCEF.exe
PID 4536 wrote to memory of 4976	4536	RdrCEF.exe	RdrCEF.exe
PID 4536 wrote to memory of 4976	4536	RdrCEF.exe	RdrCEF.exe
PID 4536 wrote to memory of 4976	4536	RdrCEF.exe	RdrCEF.exe
PID 4536 wrote to memory of 4976	4536	RdrCEF.exe	RdrCEF.exe
PID 4536 wrote to memory of 4976	4536	RdrCEF.exe	RdrCEF.exe
PID 4536 wrote to memory of 4976	4536	RdrCEF.exe	RdrCEF.exe
PID 4536 wrote to memory of 4976	4536	RdrCEF.exe	RdrCEF.exe
PID 4536 wrote to memory of 4976	4536	RdrCEF.exe	RdrCEF.exe
PID 4536 wrote to memory of 4976	4536	RdrCEF.exe	RdrCEF.exe
PID 4536 wrote to memory of 4976	4536	RdrCEF.exe	RdrCEF.exe
PID 4536 wrote to memory of 4976	4536	RdrCEF.exe	RdrCEF.exe
PID 4536 wrote to memory of 4976	4536	RdrCEF.exe	RdrCEF.exe
PID 4536 wrote to memory of 4976	4536	RdrCEF.exe	RdrCEF.exe
PID 4536 wrote to memory of 4976	4536	RdrCEF.exe	RdrCEF.exe
PID 4536 wrote to memory of 4976	4536	RdrCEF.exe	RdrCEF.exe
PID 4536 wrote to memory of 4976	4536	RdrCEF.exe	RdrCEF.exe
PID 4536 wrote to memory of 4976	4536	RdrCEF.exe	RdrCEF.exe
PID 4536 wrote to memory of 1668	4536	RdrCEF.exe	RdrCEF.exe
PID 4536 wrote to memory of 1668	4536	RdrCEF.exe	RdrCEF.exe
PID 4536 wrote to memory of 1668	4536	RdrCEF.exe	RdrCEF.exe
PID 4536 wrote to memory of 1668	4536	RdrCEF.exe	RdrCEF.exe
PID 4536 wrote to memory of 1668	4536	RdrCEF.exe	RdrCEF.exe
PID 4536 wrote to memory of 1668	4536	RdrCEF.exe	RdrCEF.exe
PID 4536 wrote to memory of 1668	4536	RdrCEF.exe	RdrCEF.exe
PID 4536 wrote to memory of 1668	4536	RdrCEF.exe	RdrCEF.exe
PID 4536 wrote to memory of 1668	4536	RdrCEF.exe	RdrCEF.exe
PID 4536 wrote to memory of 1668	4536	RdrCEF.exe	RdrCEF.exe
PID 4536 wrote to memory of 1668	4536	RdrCEF.exe	RdrCEF.exe
PID 4536 wrote to memory of 1668	4536	RdrCEF.exe	RdrCEF.exe
PID 4536 wrote to memory of 1668	4536	RdrCEF.exe	RdrCEF.exe
PID 4536 wrote to memory of 1668	4536	RdrCEF.exe	RdrCEF.exe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Brochure.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2016

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c
2⤵
- Suspicious use of WriteProcessMemory
PID:4888

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c --type=collab-renderer --proc=4888
3⤵
- Modifies registry class
PID:2088

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe" GetChannelUri
4⤵
PID:2912

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
- Suspicious use of WriteProcessMemory
PID:4536

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=844FB17F567DB840794A3B2F4C8DAE8E --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=844FB17F567DB840794A3B2F4C8DAE8E --renderer-client-id=2 --mojo-platform-channel-handle=1764 --allow-no-sandbox-job /prefetch:1
3⤵
PID:1668

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=03AE13AC333B77E6CACFC8331F2AE155 --mojo-platform-channel-handle=1744 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:4976

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=7437CB5CE9164B5CEEF833A88961A301 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=7437CB5CE9164B5CEEF833A88961A301 --renderer-client-id=5 --mojo-platform-channel-handle=1976 --allow-no-sandbox-job /prefetch:1
3⤵
PID:2508

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=150ADAF0455925A23829C856DCD1EDC2 --mojo-platform-channel-handle=2300 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:2968

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=9DD33DDD9468583CCBDC9A7D34EFEF85 --mojo-platform-channel-handle=2548 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:2500

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=EF19A7015FEC34FA762638C71FC23919 --mojo-platform-channel-handle=2468 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:1920

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" /PRODUCT:Reader /VERSION:19.0 /MODE:3
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3976

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe"
3⤵
PID:2732

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3640

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
Filesize
92KB

MD5
0327cb69b62706e7ef62b3ab501ecc5f

SHA1
17217b6d5ad794b0d682e1c4073cdef1c34d90d8

SHA256
3bfdcfd0a9617d6fb18b115b797339ce28d00d0936f31028fe2cb76c123e50e9

SHA512
f53340cda7581f46a961d28553376bb41c45cd241e05a51cdc2f7adc39ed0b4a7ff4bd60e5623c354063852099231e9f7c55e957aeaefc4fe37eef5bdbf6ba5f

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
Filesize
92KB

MD5
aebe0d2eb7a2077a55e57a955e62406a

SHA1
3f811b8148f12220f4b45699135e6d21c9847d8a

SHA256
87aa4c64348b534771f03919b5bdca09596e89f6e0cca0a992bb3d290ec4155a

SHA512
efa1b082925a4e478fcea74764bbacb91d43da8c01c4b360a34e6f7402af23f91c93b5e91c6266120e144b5300e8dae73a62a7b6d7c4328410128f6a72a7baed

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
Filesize
92KB

MD5
3be5216c8b62e2c169397fdfee7de839

SHA1
ad126b9a166e2bef8d5654d52a7026a38ec41d75

SHA256
eaf5b3a5f09027d0c3b6d6150feff5c0a553c1e9df48f0c9dba61dc644a66346

SHA512
7ae954203666782031d72ed4c6291100ed5e83dd8d250485fd4f21eb0c3fdb29dc46211bd60688509c5c02316086025d45d3cec2217575eee7139389beff9941

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
Filesize
92KB

MD5
18ea295d8de9da59d6d89df0f6e02b52

SHA1
6071458091e242fd8e978d568b5dda3d4bc210e8

SHA256
a1b91175c30eda182aba29bb6aae4df7b526474c31718cb2315f6acc4fc37bee

SHA512
a1dfeada96ff2244c78ad39d29c2433e0918476ba3c6b6dcea5f00aafefb28a44f29186ecdb17c1da9d865e7a79cbfecd6a98d407308909166b9c317c605bffe

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\resources\resource-18
Filesize
3.0MB

MD5
6c537538c19ffc382809e476ab228c22

SHA1
a762280d211a5968bf407fc6504b679732c760b1

SHA256
325d40eb0d2553e5ca4ef655f68bbdf2ee9dc487be13f86e8c580b36424e1b90

SHA512
8e34df05623a722f32950c7df7e655e6b0bf16a2c0102a64e1e9f3e0a3cac6957f13049b71ce48eef7f49ccf530604952e67c7a4bb7d534a60698b57894924f3

Download Submit
memory/1668-140-0x0000000000000000-mapping.dmp

Download
memory/1920-153-0x0000000000000000-mapping.dmp

Download
memory/2088-131-0x0000000000000000-mapping.dmp

Download
memory/2500-157-0x0000000000000000-mapping.dmp

Download
memory/2508-148-0x0000000000000000-mapping.dmp

Download
memory/2732-162-0x0000000000000000-mapping.dmp

Download
memory/2912-155-0x0000000000000000-mapping.dmp

Download
memory/2968-145-0x0000000000000000-mapping.dmp

Download
memory/3976-161-0x0000000000000000-mapping.dmp

Download
memory/4536-135-0x0000000000000000-mapping.dmp

Download
memory/4888-130-0x0000000000000000-mapping.dmp

Download
memory/4976-137-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads