576ab03f819f0199acbde41623436f793456e675d26ea4aaae4b5856d8fa7d4b

General

Target

Think Sociology - Second Candian Edition (John D. Carl) (z-lib.org).pdf
Size

37.6MB
MD5

3f88f01425e67d2b3bc08ec54cd67113
SHA1

a8aad4929bc4acc5ef5e13eb28f786e5937d6d84
SHA256

576ab03f819f0199acbde41623436f793456e675d26ea4aaae4b5856d8fa7d4b
SHA512

7ce6c500cbd49b64a5922b0f8027e1310bc658db65903ba27a6f648823cc74eb70791e1b73e71476133d9c1f153f24bb664230a013fd1d281b85f11cbaaf9edd
SSDEEP

786432:DtOy3H85dw6vSWZrsNl7/gCiFPEwl3NMR2rDW6SrP:Dx3HIdw6aWFiQ6wl3NMR2ri6S7

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AcroRd32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

AcroRd32.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 1 IoCs

Processes:

AdobeCollabSync.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings\MuiCache AdobeCollabSync.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings\MuiCache	AdobeCollabSync.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

Processes:

AcroRd32.exe

pid	process
3508	AcroRd32.exe
3508	AcroRd32.exe
3508	AcroRd32.exe
3508	AcroRd32.exe
3508	AcroRd32.exe
3508	AcroRd32.exe
3508	AcroRd32.exe
3508	AcroRd32.exe
3508	AcroRd32.exe
3508	AcroRd32.exe
3508	AcroRd32.exe
3508	AcroRd32.exe
3508	AcroRd32.exe
3508	AcroRd32.exe
3508	AcroRd32.exe
3508	AcroRd32.exe
3508	AcroRd32.exe
3508	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

AcroRd32.exe

pid process

3508 AcroRd32.exe
Suspicious use of SetWindowsHookEx 7 IoCs

Processes:

AcroRd32.exe

pid process

3508 AcroRd32.exe
3508 AcroRd32.exe
3508 AcroRd32.exe
3508 AcroRd32.exe
3508 AcroRd32.exe
3508 AcroRd32.exe
3508 AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

AcroRd32.exeAdobeCollabSync.exeAdobeCollabSync.exeRdrCEF.exe

description	pid	process	target process
PID 3508 wrote to memory of 3400	3508	AcroRd32.exe	AdobeCollabSync.exe
PID 3508 wrote to memory of 3400	3508	AcroRd32.exe	AdobeCollabSync.exe
PID 3508 wrote to memory of 3400	3508	AcroRd32.exe	AdobeCollabSync.exe
PID 3400 wrote to memory of 4848	3400	AdobeCollabSync.exe	AdobeCollabSync.exe
PID 3400 wrote to memory of 4848	3400	AdobeCollabSync.exe	AdobeCollabSync.exe
PID 3400 wrote to memory of 4848	3400	AdobeCollabSync.exe	AdobeCollabSync.exe
PID 4848 wrote to memory of 3464	4848	AdobeCollabSync.exe	FullTrustNotifier.exe
PID 4848 wrote to memory of 3464	4848	AdobeCollabSync.exe	FullTrustNotifier.exe
PID 4848 wrote to memory of 3464	4848	AdobeCollabSync.exe	FullTrustNotifier.exe
PID 3508 wrote to memory of 292	3508	AcroRd32.exe	RdrCEF.exe
PID 3508 wrote to memory of 292	3508	AcroRd32.exe	RdrCEF.exe
PID 3508 wrote to memory of 292	3508	AcroRd32.exe	RdrCEF.exe
PID 292 wrote to memory of 5000	292	RdrCEF.exe	RdrCEF.exe
PID 292 wrote to memory of 5000	292	RdrCEF.exe	RdrCEF.exe
PID 292 wrote to memory of 5000	292	RdrCEF.exe	RdrCEF.exe
PID 292 wrote to memory of 5000	292	RdrCEF.exe	RdrCEF.exe
PID 292 wrote to memory of 5000	292	RdrCEF.exe	RdrCEF.exe
PID 292 wrote to memory of 5000	292	RdrCEF.exe	RdrCEF.exe
PID 292 wrote to memory of 5000	292	RdrCEF.exe	RdrCEF.exe
PID 292 wrote to memory of 5000	292	RdrCEF.exe	RdrCEF.exe
PID 292 wrote to memory of 5000	292	RdrCEF.exe	RdrCEF.exe
PID 292 wrote to memory of 5000	292	RdrCEF.exe	RdrCEF.exe
PID 292 wrote to memory of 5000	292	RdrCEF.exe	RdrCEF.exe
PID 292 wrote to memory of 5000	292	RdrCEF.exe	RdrCEF.exe
PID 292 wrote to memory of 5000	292	RdrCEF.exe	RdrCEF.exe
PID 292 wrote to memory of 5000	292	RdrCEF.exe	RdrCEF.exe
PID 292 wrote to memory of 5000	292	RdrCEF.exe	RdrCEF.exe
PID 292 wrote to memory of 5000	292	RdrCEF.exe	RdrCEF.exe
PID 292 wrote to memory of 5000	292	RdrCEF.exe	RdrCEF.exe
PID 292 wrote to memory of 5000	292	RdrCEF.exe	RdrCEF.exe
PID 292 wrote to memory of 5000	292	RdrCEF.exe	RdrCEF.exe
PID 292 wrote to memory of 5000	292	RdrCEF.exe	RdrCEF.exe
PID 292 wrote to memory of 5000	292	RdrCEF.exe	RdrCEF.exe
PID 292 wrote to memory of 5000	292	RdrCEF.exe	RdrCEF.exe
PID 292 wrote to memory of 5000	292	RdrCEF.exe	RdrCEF.exe
PID 292 wrote to memory of 5000	292	RdrCEF.exe	RdrCEF.exe
PID 292 wrote to memory of 5000	292	RdrCEF.exe	RdrCEF.exe
PID 292 wrote to memory of 5000	292	RdrCEF.exe	RdrCEF.exe
PID 292 wrote to memory of 5000	292	RdrCEF.exe	RdrCEF.exe
PID 292 wrote to memory of 5000	292	RdrCEF.exe	RdrCEF.exe
PID 292 wrote to memory of 5000	292	RdrCEF.exe	RdrCEF.exe
PID 292 wrote to memory of 5000	292	RdrCEF.exe	RdrCEF.exe
PID 292 wrote to memory of 5000	292	RdrCEF.exe	RdrCEF.exe
PID 292 wrote to memory of 5000	292	RdrCEF.exe	RdrCEF.exe
PID 292 wrote to memory of 5000	292	RdrCEF.exe	RdrCEF.exe
PID 292 wrote to memory of 5000	292	RdrCEF.exe	RdrCEF.exe
PID 292 wrote to memory of 5000	292	RdrCEF.exe	RdrCEF.exe
PID 292 wrote to memory of 5000	292	RdrCEF.exe	RdrCEF.exe
PID 292 wrote to memory of 5000	292	RdrCEF.exe	RdrCEF.exe
PID 292 wrote to memory of 5000	292	RdrCEF.exe	RdrCEF.exe
PID 292 wrote to memory of 5000	292	RdrCEF.exe	RdrCEF.exe
PID 292 wrote to memory of 5000	292	RdrCEF.exe	RdrCEF.exe
PID 292 wrote to memory of 5000	292	RdrCEF.exe	RdrCEF.exe
PID 292 wrote to memory of 600	292	RdrCEF.exe	RdrCEF.exe
PID 292 wrote to memory of 600	292	RdrCEF.exe	RdrCEF.exe
PID 292 wrote to memory of 600	292	RdrCEF.exe	RdrCEF.exe
PID 292 wrote to memory of 600	292	RdrCEF.exe	RdrCEF.exe
PID 292 wrote to memory of 600	292	RdrCEF.exe	RdrCEF.exe
PID 292 wrote to memory of 600	292	RdrCEF.exe	RdrCEF.exe
PID 292 wrote to memory of 600	292	RdrCEF.exe	RdrCEF.exe
PID 292 wrote to memory of 600	292	RdrCEF.exe	RdrCEF.exe
PID 292 wrote to memory of 600	292	RdrCEF.exe	RdrCEF.exe
PID 292 wrote to memory of 600	292	RdrCEF.exe	RdrCEF.exe
PID 292 wrote to memory of 600	292	RdrCEF.exe	RdrCEF.exe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Think Sociology - Second Candian Edition (John D. Carl) (z-lib.org).pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3508

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c
2⤵
- Suspicious use of WriteProcessMemory
PID:3400

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c --type=collab-renderer --proc=3400
3⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4848

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe" GetChannelUri
4⤵
PID:3464

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
- Suspicious use of WriteProcessMemory
PID:292

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=24DAAB56F063388E5242AC7D7F32EB1F --mojo-platform-channel-handle=1724 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:5000

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=2D880629A5CC3A026B202957164A1E22 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=2D880629A5CC3A026B202957164A1E22 --renderer-client-id=2 --mojo-platform-channel-handle=1732 --allow-no-sandbox-job /prefetch:1
3⤵
PID:600

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=8AA0FB8CC24621FF060143E2DE507C2C --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=8AA0FB8CC24621FF060143E2DE507C2C --renderer-client-id=4 --mojo-platform-channel-handle=2328 --allow-no-sandbox-job /prefetch:1
3⤵
PID:2152

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=53B9E8AD7957BB1C38765704A9899438 --mojo-platform-channel-handle=2568 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:3020

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=62A36ADDF5AE4FE884C110CEA56CE46D --mojo-platform-channel-handle=1836 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:2128

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=11B7D552AC4398CD40E41BD8AEF2BE70 --mojo-platform-channel-handle=2760 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:4532

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2136

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
Filesize
92KB

MD5
245950c48f668cf2fcb3c64778e64089

SHA1
3a5a14c820f58e35a3fc6f5de29669f0840587d8

SHA256
a027cf12f2055635a3020f08e0448b2f0314791260ccd25570426088c5b0e307

SHA512
4fc8448536663b551cc716d78715f06d4ed217fbdf755924f0b30aebbb6212798a61c6638f919d5c14bdb6998d6a12f0ca37281f3c7f484c1821fbfc98d4a24d

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
Filesize
92KB

MD5
aebe0d2eb7a2077a55e57a955e62406a

SHA1
3f811b8148f12220f4b45699135e6d21c9847d8a

SHA256
87aa4c64348b534771f03919b5bdca09596e89f6e0cca0a992bb3d290ec4155a

SHA512
efa1b082925a4e478fcea74764bbacb91d43da8c01c4b360a34e6f7402af23f91c93b5e91c6266120e144b5300e8dae73a62a7b6d7c4328410128f6a72a7baed

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
Filesize
92KB

MD5
6e8c644d167bddcf6257ea53364b99fd

SHA1
00bf356d37ee21aca0c2db62b260df7b50ba280e

SHA256
808ea0660189bd7f991fc1a306d25bc20e735de6451dfb2797c9b26498521138

SHA512
c250c356eb6597690658412a7f48484ddea8ed514973a2e8a18186f507b531f4d6634ed49ea01693a3f3bfbc0c9267f63d541e47c85c68cb8bd2074e91044011

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
Filesize
92KB

MD5
953a52a3770f4cc11c5d39e6fe23ac26

SHA1
ab1595a4a35b2777cb6dc652700f0bc9ada12d94

SHA256
a0b431c50132fd69791839569da2930e64fc28cd68a29091e8a86fcd39b16b19

SHA512
5cda38293aafdd48ac762cd4b9caf49e14e2adcf1b7b761d92e0a12419c2467d062b1f59e482ffc66d4ae3de49234b58d45e844243e29eb7173a6711cc0add6b

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\resources\resource-18
Filesize
3.1MB

MD5
0120fbae78976275cc29d2e4db6ddef4

SHA1
333fd8932e397f56f540e9aac16335d521cf980e

SHA256
7230f5cef1b2dbfe0e1a5758a76b55bba2dd7407b9d601f32566b674307c04fd

SHA512
d7bafe0ba2b3194d899c19111f1b7d24d7e76ebe5049374c7c507e29946d4043f2cf3b7c84cb5f9a04fcfd0dd38c9566b89ef0fca5261f6aa3212e4e22355929

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
Filesize
471B

MD5
15bfa44679ba38e37ebfcefeea085ebe

SHA1
a14ad78152a9b1844bb93e8ef858c2e6733e465c

SHA256
8ff006c63292a224878ba5e4bd973d8a3c653358d67587d72df2ef4041252526

SHA512
75b32bc74aa7d6ef18f078dea77fdd9415ef4a51e9c645f8169458013755268aaa3182347965629f96f0c7aedef00afa187d3eb63c5b8a80b2281c4dd78d6a29

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
Filesize
400B

MD5
4476b3fd33b18968e9c2db8347f61558

SHA1
fa8fcac03761374e4542f96cfc5900732b158a29

SHA256
f6a9309aa3d89ec81ac3a23f975374a226846a17470c32131050d66b10efda45

SHA512
a83177331512c96f4b976af38dfe1e36d963126d66f44e29b2e259c2696c5147349af31ee87d92ac1b9a0df3e457f1b2d3ac63b5704d457763a5201655751535

Download Submit
memory/292-140-0x0000000000000000-mapping.dmp

Download
memory/600-147-0x0000000000000000-mapping.dmp

Download
memory/2128-160-0x0000000000000000-mapping.dmp

Download
memory/2152-152-0x0000000000000000-mapping.dmp

Download
memory/3020-157-0x0000000000000000-mapping.dmp

Download
memory/3400-132-0x0000000000000000-mapping.dmp

Download
memory/3464-137-0x0000000000000000-mapping.dmp

Download
memory/4532-163-0x0000000000000000-mapping.dmp

Download
memory/4848-133-0x0000000000000000-mapping.dmp

Download
memory/5000-144-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads