ce8ff9ef780ae3496f80ac49cbdbec0dd3063145b9400be1e4324bc5c2802a2f

Analysis

max time kernel
120s
max time network
98s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
26-09-2022 10:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LEC_E1_220922102834-661_5Q78646-91540---_----------_2ATY687_Z89M0K2I.pdf
Size

201KB
MD5

fd7f41103aae232261d8640cb124cbe1
SHA1

a15e85b0a237dbb023ae45d57b5612e12c2b23c6
SHA256

ce8ff9ef780ae3496f80ac49cbdbec0dd3063145b9400be1e4324bc5c2802a2f
SHA512

8d0619c1d9d9edc082d3b54c643ca436e98212691f36978a1fbb06fefbe9cd27f7c0dcba70743374582d2283a7629ec3c6619cfe17cb62ebacacd68d29611760
SSDEEP

6144:wFTnTUxnp6CHxrKDDg3QmVcUp4qexORTb:BppKDAcUmqexORTb

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AcroRd32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

AcroRd32.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 1 IoCs

Processes:

AdobeCollabSync.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\MuiCache AdobeCollabSync.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1099808672-3828198950-1535142148-1000_Classes\Local Settings\MuiCache	AdobeCollabSync.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

Processes:

AcroRd32.exe

pid	process
3940	AcroRd32.exe
3940	AcroRd32.exe
3940	AcroRd32.exe
3940	AcroRd32.exe
3940	AcroRd32.exe
3940	AcroRd32.exe
3940	AcroRd32.exe
3940	AcroRd32.exe
3940	AcroRd32.exe
3940	AcroRd32.exe
3940	AcroRd32.exe
3940	AcroRd32.exe
3940	AcroRd32.exe
3940	AcroRd32.exe
3940	AcroRd32.exe
3940	AcroRd32.exe
3940	AcroRd32.exe
3940	AcroRd32.exe

Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

AcroRd32.exeAdobeCollabSync.exe

pid process

3940 AcroRd32.exe
5100 AdobeCollabSync.exe
Suspicious use of SendNotifyMessage 1 IoCs

Processes:

AdobeCollabSync.exe

pid process

5100 AdobeCollabSync.exe
Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

AcroRd32.exe

pid process

3940 AcroRd32.exe
3940 AcroRd32.exe
3940 AcroRd32.exe
3940 AcroRd32.exe
3940 AcroRd32.exe

pid	process
5100	AdobeCollabSync.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

AcroRd32.exeAdobeCollabSync.exeAdobeCollabSync.exeAdobeCollabSync.exeRdrCEF.exe

description	pid	process	target process
PID 3940 wrote to memory of 3804	3940	AcroRd32.exe	AdobeCollabSync.exe
PID 3940 wrote to memory of 3804	3940	AcroRd32.exe	AdobeCollabSync.exe
PID 3940 wrote to memory of 3804	3940	AcroRd32.exe	AdobeCollabSync.exe
PID 3804 wrote to memory of 4816	3804	AdobeCollabSync.exe	AdobeCollabSync.exe
PID 3804 wrote to memory of 4816	3804	AdobeCollabSync.exe	AdobeCollabSync.exe
PID 3804 wrote to memory of 4816	3804	AdobeCollabSync.exe	AdobeCollabSync.exe
PID 3940 wrote to memory of 5100	3940	AcroRd32.exe	AdobeCollabSync.exe
PID 3940 wrote to memory of 5100	3940	AcroRd32.exe	AdobeCollabSync.exe
PID 3940 wrote to memory of 5100	3940	AcroRd32.exe	AdobeCollabSync.exe
PID 5100 wrote to memory of 220	5100	AdobeCollabSync.exe	AdobeCollabSync.exe
PID 5100 wrote to memory of 220	5100	AdobeCollabSync.exe	AdobeCollabSync.exe
PID 5100 wrote to memory of 220	5100	AdobeCollabSync.exe	AdobeCollabSync.exe
PID 3940 wrote to memory of 1956	3940	AcroRd32.exe	RdrCEF.exe
PID 3940 wrote to memory of 1956	3940	AcroRd32.exe	RdrCEF.exe
PID 3940 wrote to memory of 1956	3940	AcroRd32.exe	RdrCEF.exe
PID 4816 wrote to memory of 3080	4816	AdobeCollabSync.exe	FullTrustNotifier.exe
PID 4816 wrote to memory of 3080	4816	AdobeCollabSync.exe	FullTrustNotifier.exe
PID 4816 wrote to memory of 3080	4816	AdobeCollabSync.exe	FullTrustNotifier.exe
PID 3940 wrote to memory of 4704	3940	AcroRd32.exe	RdrCEF.exe
PID 3940 wrote to memory of 4704	3940	AcroRd32.exe	RdrCEF.exe
PID 3940 wrote to memory of 4704	3940	AcroRd32.exe	RdrCEF.exe
PID 1956 wrote to memory of 5012	1956	RdrCEF.exe	RdrCEF.exe
PID 1956 wrote to memory of 5012	1956	RdrCEF.exe	RdrCEF.exe
PID 1956 wrote to memory of 5012	1956	RdrCEF.exe	RdrCEF.exe
PID 1956 wrote to memory of 5012	1956	RdrCEF.exe	RdrCEF.exe
PID 1956 wrote to memory of 5012	1956	RdrCEF.exe	RdrCEF.exe
PID 1956 wrote to memory of 5012	1956	RdrCEF.exe	RdrCEF.exe
PID 1956 wrote to memory of 5012	1956	RdrCEF.exe	RdrCEF.exe
PID 1956 wrote to memory of 5012	1956	RdrCEF.exe	RdrCEF.exe
PID 1956 wrote to memory of 5012	1956	RdrCEF.exe	RdrCEF.exe
PID 1956 wrote to memory of 5012	1956	RdrCEF.exe	RdrCEF.exe
PID 1956 wrote to memory of 5012	1956	RdrCEF.exe	RdrCEF.exe
PID 1956 wrote to memory of 5012	1956	RdrCEF.exe	RdrCEF.exe
PID 1956 wrote to memory of 5012	1956	RdrCEF.exe	RdrCEF.exe
PID 1956 wrote to memory of 5012	1956	RdrCEF.exe	RdrCEF.exe
PID 1956 wrote to memory of 5012	1956	RdrCEF.exe	RdrCEF.exe
PID 1956 wrote to memory of 5012	1956	RdrCEF.exe	RdrCEF.exe
PID 1956 wrote to memory of 5012	1956	RdrCEF.exe	RdrCEF.exe
PID 1956 wrote to memory of 5012	1956	RdrCEF.exe	RdrCEF.exe
PID 1956 wrote to memory of 5012	1956	RdrCEF.exe	RdrCEF.exe
PID 1956 wrote to memory of 5012	1956	RdrCEF.exe	RdrCEF.exe
PID 1956 wrote to memory of 5012	1956	RdrCEF.exe	RdrCEF.exe
PID 1956 wrote to memory of 5012	1956	RdrCEF.exe	RdrCEF.exe
PID 1956 wrote to memory of 5012	1956	RdrCEF.exe	RdrCEF.exe
PID 1956 wrote to memory of 5012	1956	RdrCEF.exe	RdrCEF.exe
PID 1956 wrote to memory of 5012	1956	RdrCEF.exe	RdrCEF.exe
PID 1956 wrote to memory of 5012	1956	RdrCEF.exe	RdrCEF.exe
PID 1956 wrote to memory of 5012	1956	RdrCEF.exe	RdrCEF.exe
PID 1956 wrote to memory of 5012	1956	RdrCEF.exe	RdrCEF.exe
PID 1956 wrote to memory of 5012	1956	RdrCEF.exe	RdrCEF.exe
PID 1956 wrote to memory of 5012	1956	RdrCEF.exe	RdrCEF.exe
PID 1956 wrote to memory of 5012	1956	RdrCEF.exe	RdrCEF.exe
PID 1956 wrote to memory of 5012	1956	RdrCEF.exe	RdrCEF.exe
PID 1956 wrote to memory of 5012	1956	RdrCEF.exe	RdrCEF.exe
PID 1956 wrote to memory of 5012	1956	RdrCEF.exe	RdrCEF.exe
PID 1956 wrote to memory of 5012	1956	RdrCEF.exe	RdrCEF.exe
PID 1956 wrote to memory of 5012	1956	RdrCEF.exe	RdrCEF.exe
PID 1956 wrote to memory of 5012	1956	RdrCEF.exe	RdrCEF.exe
PID 1956 wrote to memory of 5012	1956	RdrCEF.exe	RdrCEF.exe
PID 1956 wrote to memory of 5012	1956	RdrCEF.exe	RdrCEF.exe
PID 1956 wrote to memory of 5012	1956	RdrCEF.exe	RdrCEF.exe
PID 1956 wrote to memory of 5012	1956	RdrCEF.exe	RdrCEF.exe
PID 1956 wrote to memory of 5012	1956	RdrCEF.exe	RdrCEF.exe
PID 1956 wrote to memory of 5012	1956	RdrCEF.exe	RdrCEF.exe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\LEC_E1_220922102834-661_5Q78646-91540---_----------_2ATY687_Z89M0K2I.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3940

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c
2⤵
- Suspicious use of WriteProcessMemory
PID:3804

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c --type=collab-renderer --proc=3804
3⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4816

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe" GetChannelUri
4⤵
PID:3080

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c
2⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5100

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c --type=collab-renderer --proc=5100
3⤵
PID:220

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
- Suspicious use of WriteProcessMemory
PID:1956

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=822CCE218CEECFB17D779BD39D081036 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=822CCE218CEECFB17D779BD39D081036 --renderer-client-id=2 --mojo-platform-channel-handle=1560 --allow-no-sandbox-job /prefetch:1
3⤵
PID:5012

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=5FE9B4608E149879D122CEFFF6D22F8B --mojo-platform-channel-handle=1636 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:808

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=9A0BEA8430CE1B08EB7246F5D9EE72F0 --mojo-platform-channel-handle=2304 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:4872

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=83B2A513BFDE779E8AB30775315ED410 --mojo-platform-channel-handle=1944 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:2268

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=ED2BBE585F65707EDA33EC69A6CA70D1 --mojo-platform-channel-handle=2380 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:5028

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=02932CAD4FAA950954ADDCDA42F3D7FE --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=02932CAD4FAA950954ADDCDA42F3D7FE --renderer-client-id=8 --mojo-platform-channel-handle=1944 --allow-no-sandbox-job /prefetch:1
3⤵
PID:908

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
PID:4704

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\eac4cf9da8b4acca06ece00ca75105a1.db
Filesize
4KB

MD5
db094082d4f0575ec4b04cb4c4ed7b2f

SHA1
acbf2301b40ac443be9f5af638c7164d3d326a31

SHA256
647d621210c2a281180a1e678b7be08962610a0e1754bd310c5c6c558a8c5c98

SHA512
48e2889a52fbcae6e7c3004e4feb3f4b1ce32c4e441ba05e24f79c869561bbbcb95ecc0ba1e9743595ecd1f9a6480ae5b2f78af20790f037e39e58902b0db2b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\eac4cf9da8b4acca06ece00ca75105a1.db-wal
Filesize
128KB

MD5
ea2097fe40a587e1f4f386cc700c8c45

SHA1
6ed741129f9bb90cd587c08598c57d9a2e88367b

SHA256
6a5c8a596dcfa3b4575b0923fdf62cb97b4819804be881cded379f1d59282c10

SHA512
9534c3068cb634356f25638031d63a8d27d43cb756dd744904d19bc4001dfeae91ec9ea3b7b499d27219cb1faa412d8d20768a0d97e65c13ac7431517b687324

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Eureka\AcroCoreSync\CreativeCloud\CoreSync\EntitySync-2022-09-26.log
Filesize
2KB

MD5
c60e657724dec2f6b7870a28c6f66534

SHA1
ca418bf4c84fa2b1afaebbb9d22bedf695d5e061

SHA256
30c21d29f5c56ed86cea685e11c5d321fb7f1704385aead0527ce3937673685d

SHA512
8d9a51b0dbc3f3392478c02fdea27ef62334012c8d92ff81252bb9afcc789f8cbd8f40520e6fec1251df62a833391e064a4ebe7bff0e07815e704abdfbdd41f1

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
Filesize
92KB

MD5
245950c48f668cf2fcb3c64778e64089

SHA1
3a5a14c820f58e35a3fc6f5de29669f0840587d8

SHA256
a027cf12f2055635a3020f08e0448b2f0314791260ccd25570426088c5b0e307

SHA512
4fc8448536663b551cc716d78715f06d4ed217fbdf755924f0b30aebbb6212798a61c6638f919d5c14bdb6998d6a12f0ca37281f3c7f484c1821fbfc98d4a24d

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
Filesize
92KB

MD5
aebe0d2eb7a2077a55e57a955e62406a

SHA1
3f811b8148f12220f4b45699135e6d21c9847d8a

SHA256
87aa4c64348b534771f03919b5bdca09596e89f6e0cca0a992bb3d290ec4155a

SHA512
efa1b082925a4e478fcea74764bbacb91d43da8c01c4b360a34e6f7402af23f91c93b5e91c6266120e144b5300e8dae73a62a7b6d7c4328410128f6a72a7baed

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
Filesize
92KB

MD5
89fdf6605af6025591c34714ab3d139a

SHA1
8f36a766c16a6c74ba96a9021762b8cd85c70ff0

SHA256
93b9a104b58798970b6321e0f0d58ded3b81ba33bfc8456bf28c408386f66f13

SHA512
610f64ca636dee02175c1362c7b79c2c30e6a715119b761c33b9bbe414e8a27cf9ccd31feb3087e15c173597ad21f04c1d8a13029b64852074d7553d7068292c

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer
Filesize
92KB

MD5
74b30374446183b23e78f818fab272b2

SHA1
b12d471fea27b7c427102f61553f8bc2417e50d1

SHA256
a5e43affed9752a33a17aeda6aef6103be6f95057d367ffd753b0c59b9eb51e9

SHA512
b56be10ad044662e6c1d86ec0dd591e611c24180d6974639cc2e97b423b8a7268a1c24a94d41f212401ee4f97811c4e22aba7a98b2b9510fcf51eefaaed25187

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\resources\resource-18
Filesize
3.1MB

MD5
0120fbae78976275cc29d2e4db6ddef4

SHA1
333fd8932e397f56f540e9aac16335d521cf980e

SHA256
7230f5cef1b2dbfe0e1a5758a76b55bba2dd7407b9d601f32566b674307c04fd

SHA512
d7bafe0ba2b3194d899c19111f1b7d24d7e76ebe5049374c7c507e29946d4043f2cf3b7c84cb5f9a04fcfd0dd38c9566b89ef0fca5261f6aa3212e4e22355929

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
Filesize
4KB

MD5
f7dcb24540769805e5bb30d193944dce

SHA1
e26c583c562293356794937d9e2e6155d15449ee

SHA256
6b88c6ac55bbd6fea0ebe5a760d1ad2cfce251c59d0151a1400701cb927e36ea

SHA512
cb5ad678b0ef642bf492f32079fe77e8be20c02de267f04b545df346b25f3e4eb98bb568c4c2c483bb88f7d1826863cb515b570d620766e52476c8ee2931ea94

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
Filesize
471B

MD5
4cf43cadd4e8de46b971ad75de60df52

SHA1
ae1443ff8094e8df15e9cb4997a827c923fd8885

SHA256
39c1073d66bb557fa4ec591bc87af178720ef989a8362af973f14dec2871ee37

SHA512
3e29c205f6775d992dc4f1e0c820f104975c3702a689953d7003b1283320b4f89be83a7a0556ccddc74d66dbba2141c7515c3f6ea26644aae4db2dbd6a28e9d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
Filesize
340B

MD5
ad8705faf281145bd800591e6f455216

SHA1
49bc4ca4f5df858742be63d64da3d7be9b452a97

SHA256
a35673decb3f0bf4eaa33a28434b0564b928206763244a09237f396dfed74b96

SHA512
4631ae4679fb9d5746373e78eb9d642a2ac1011febdf9e3c51a11b002f64b6be0122ab96ed0eb22b4670201e24a791ffb249019472a03d3cfb61ea6910128c7d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
Filesize
400B

MD5
c08c005db37f37269d88529f650f1879

SHA1
ceac460b8117dd387cf9f7a9ee370bb9ff3254ca

SHA256
13320431a7333964c77fa7d5e709c7c4fe6d27df1a3b46119193d05fd48e36ac

SHA512
9acc46b553c21656b9b6b9649d781ae8d9a384ab7af2990b0388cd12a28eb88106a3132bf0d4ae62211306ddf9ed6a99d81abfd2234e998cfba13fb540610b5c

Download Submit
memory/220-443-0x0000000000000000-mapping.dmp

Download
memory/808-690-0x0000000000000000-mapping.dmp

Download
memory/908-1190-0x0000000000000000-mapping.dmp

Download
memory/1956-533-0x0000000000000000-mapping.dmp

Download
memory/2268-998-0x0000000000000000-mapping.dmp

Download
memory/3080-610-0x0000000000000000-mapping.dmp

Download
memory/3804-256-0x0000000000000000-mapping.dmp

Download
memory/3940-166-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3940-170-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3940-137-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3940-138-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3940-139-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3940-140-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3940-142-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3940-143-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3940-144-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3940-146-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3940-147-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3940-148-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3940-150-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3940-151-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3940-152-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3940-154-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3940-156-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3940-157-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3940-159-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3940-158-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3940-161-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3940-162-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3940-163-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3940-160-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3940-165-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3940-116-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3940-167-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3940-141-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3940-169-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3940-168-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3940-164-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3940-155-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3940-153-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3940-149-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3940-145-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3940-136-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3940-171-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3940-172-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3940-173-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3940-174-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3940-175-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3940-176-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3940-177-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3940-178-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3940-179-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3940-135-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3940-117-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3940-118-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3940-134-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3940-133-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3940-132-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3940-131-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3940-130-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3940-129-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3940-128-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3940-127-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3940-126-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3940-125-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3940-124-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3940-119-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3940-120-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3940-123-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3940-121-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/3940-122-0x0000000077480000-0x000000007760E000-memory.dmp

Filesize
1.6MB

Download
memory/4704-644-0x0000000000000000-mapping.dmp

Download
memory/4816-306-0x0000000000000000-mapping.dmp

Download
memory/4872-907-0x0000000000000000-mapping.dmp

Download
memory/5012-682-0x0000000000000000-mapping.dmp

Download
memory/5028-1089-0x0000000000000000-mapping.dmp

Download
memory/5100-382-0x0000000000000000-mapping.dmp

Download