b821dc1172c91b348a65675529cc792782f11fc1ae8579df92d627113203f918

General

Target

fw8ben.pdf
Size

66KB
MD5

1242833dff6c214973bd2bf902443133
SHA1

d8aa699678d12de6ac468a864d4fae7999aa904b
SHA256

b821dc1172c91b348a65675529cc792782f11fc1ae8579df92d627113203f918
SHA512

4c380cd1df110be4366f94153a94aad2d0ce979370338f9ea704a0d0ab986a977411833264bb1d807b0cb16ee64f7517f7b1e10458030b260ed337bc0db366ef
SSDEEP

1536:dLgw1Ok1CLm9YqtSYIIJPN4n9S5Vj1XTrTdkf:GpgCyVRIaPNE+Tde

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AcroRd32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

AcroRd32.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

Processes:

AcroRd32.exe

pid	process
4048	AcroRd32.exe
4048	AcroRd32.exe
4048	AcroRd32.exe
4048	AcroRd32.exe
4048	AcroRd32.exe
4048	AcroRd32.exe
4048	AcroRd32.exe
4048	AcroRd32.exe
4048	AcroRd32.exe
4048	AcroRd32.exe
4048	AcroRd32.exe
4048	AcroRd32.exe
4048	AcroRd32.exe
4048	AcroRd32.exe
4048	AcroRd32.exe
4048	AcroRd32.exe
4048	AcroRd32.exe
4048	AcroRd32.exe
4048	AcroRd32.exe
4048	AcroRd32.exe

Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

AdobeCollabSync.exeAdobeCollabSync.exeAdobeCollabSync.exeAcroRd32.exe

pid process

2856 AdobeCollabSync.exe
2524 AdobeCollabSync.exe
3020 AdobeCollabSync.exe
4048 AcroRd32.exe
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

AdobeCollabSync.exeAdobeCollabSync.exeAdobeCollabSync.exe

pid process

2856 AdobeCollabSync.exe
2524 AdobeCollabSync.exe
3020 AdobeCollabSync.exe
Suspicious use of SetWindowsHookEx 7 IoCs

Processes:

AcroRd32.exe

pid process

4048 AcroRd32.exe
4048 AcroRd32.exe
4048 AcroRd32.exe
4048 AcroRd32.exe
4048 AcroRd32.exe
4048 AcroRd32.exe
4048 AcroRd32.exe

pid	process
2856	AdobeCollabSync.exe
2524	AdobeCollabSync.exe
3020	AdobeCollabSync.exe
4048	AcroRd32.exe

pid	process
2856	AdobeCollabSync.exe
2524	AdobeCollabSync.exe
3020	AdobeCollabSync.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

AcroRd32.exeAdobeCollabSync.exeAdobeCollabSync.exeAdobeCollabSync.exeRdrCEF.exe

description	pid	process	target process
PID 4048 wrote to memory of 2524	4048	AcroRd32.exe	AdobeCollabSync.exe
PID 4048 wrote to memory of 2524	4048	AcroRd32.exe	AdobeCollabSync.exe
PID 4048 wrote to memory of 2524	4048	AcroRd32.exe	AdobeCollabSync.exe
PID 2524 wrote to memory of 4264	2524	AdobeCollabSync.exe	AdobeCollabSync.exe
PID 2524 wrote to memory of 4264	2524	AdobeCollabSync.exe	AdobeCollabSync.exe
PID 2524 wrote to memory of 4264	2524	AdobeCollabSync.exe	AdobeCollabSync.exe
PID 4048 wrote to memory of 2856	4048	AcroRd32.exe	AdobeCollabSync.exe
PID 4048 wrote to memory of 2856	4048	AcroRd32.exe	AdobeCollabSync.exe
PID 4048 wrote to memory of 2856	4048	AcroRd32.exe	AdobeCollabSync.exe
PID 2856 wrote to memory of 4868	2856	AdobeCollabSync.exe	AdobeCollabSync.exe
PID 2856 wrote to memory of 4868	2856	AdobeCollabSync.exe	AdobeCollabSync.exe
PID 2856 wrote to memory of 4868	2856	AdobeCollabSync.exe	AdobeCollabSync.exe
PID 4048 wrote to memory of 3020	4048	AcroRd32.exe	AdobeCollabSync.exe
PID 4048 wrote to memory of 3020	4048	AcroRd32.exe	AdobeCollabSync.exe
PID 4048 wrote to memory of 3020	4048	AcroRd32.exe	AdobeCollabSync.exe
PID 3020 wrote to memory of 1404	3020	AdobeCollabSync.exe	AdobeCollabSync.exe
PID 3020 wrote to memory of 1404	3020	AdobeCollabSync.exe	AdobeCollabSync.exe
PID 3020 wrote to memory of 1404	3020	AdobeCollabSync.exe	AdobeCollabSync.exe
PID 4048 wrote to memory of 4444	4048	AcroRd32.exe	RdrCEF.exe
PID 4048 wrote to memory of 4444	4048	AcroRd32.exe	RdrCEF.exe
PID 4048 wrote to memory of 4444	4048	AcroRd32.exe	RdrCEF.exe
PID 4444 wrote to memory of 3080	4444	RdrCEF.exe	RdrCEF.exe
PID 4444 wrote to memory of 3080	4444	RdrCEF.exe	RdrCEF.exe
PID 4444 wrote to memory of 3080	4444	RdrCEF.exe	RdrCEF.exe
PID 4444 wrote to memory of 3080	4444	RdrCEF.exe	RdrCEF.exe
PID 4444 wrote to memory of 3080	4444	RdrCEF.exe	RdrCEF.exe
PID 4444 wrote to memory of 3080	4444	RdrCEF.exe	RdrCEF.exe
PID 4444 wrote to memory of 3080	4444	RdrCEF.exe	RdrCEF.exe
PID 4444 wrote to memory of 3080	4444	RdrCEF.exe	RdrCEF.exe
PID 4444 wrote to memory of 3080	4444	RdrCEF.exe	RdrCEF.exe
PID 4444 wrote to memory of 3080	4444	RdrCEF.exe	RdrCEF.exe
PID 4444 wrote to memory of 3080	4444	RdrCEF.exe	RdrCEF.exe
PID 4444 wrote to memory of 3080	4444	RdrCEF.exe	RdrCEF.exe
PID 4444 wrote to memory of 3080	4444	RdrCEF.exe	RdrCEF.exe
PID 4444 wrote to memory of 3080	4444	RdrCEF.exe	RdrCEF.exe
PID 4444 wrote to memory of 3080	4444	RdrCEF.exe	RdrCEF.exe
PID 4444 wrote to memory of 3080	4444	RdrCEF.exe	RdrCEF.exe
PID 4444 wrote to memory of 3080	4444	RdrCEF.exe	RdrCEF.exe
PID 4444 wrote to memory of 3080	4444	RdrCEF.exe	RdrCEF.exe
PID 4444 wrote to memory of 3080	4444	RdrCEF.exe	RdrCEF.exe
PID 4444 wrote to memory of 3080	4444	RdrCEF.exe	RdrCEF.exe
PID 4444 wrote to memory of 3080	4444	RdrCEF.exe	RdrCEF.exe
PID 4444 wrote to memory of 3080	4444	RdrCEF.exe	RdrCEF.exe
PID 4444 wrote to memory of 3080	4444	RdrCEF.exe	RdrCEF.exe
PID 4444 wrote to memory of 3080	4444	RdrCEF.exe	RdrCEF.exe
PID 4444 wrote to memory of 3080	4444	RdrCEF.exe	RdrCEF.exe
PID 4444 wrote to memory of 3080	4444	RdrCEF.exe	RdrCEF.exe
PID 4444 wrote to memory of 3080	4444	RdrCEF.exe	RdrCEF.exe
PID 4444 wrote to memory of 3080	4444	RdrCEF.exe	RdrCEF.exe
PID 4444 wrote to memory of 3080	4444	RdrCEF.exe	RdrCEF.exe
PID 4444 wrote to memory of 3080	4444	RdrCEF.exe	RdrCEF.exe
PID 4444 wrote to memory of 3080	4444	RdrCEF.exe	RdrCEF.exe
PID 4444 wrote to memory of 3080	4444	RdrCEF.exe	RdrCEF.exe
PID 4444 wrote to memory of 3080	4444	RdrCEF.exe	RdrCEF.exe
PID 4444 wrote to memory of 3080	4444	RdrCEF.exe	RdrCEF.exe
PID 4444 wrote to memory of 3080	4444	RdrCEF.exe	RdrCEF.exe
PID 4444 wrote to memory of 3080	4444	RdrCEF.exe	RdrCEF.exe
PID 4444 wrote to memory of 3080	4444	RdrCEF.exe	RdrCEF.exe
PID 4444 wrote to memory of 3080	4444	RdrCEF.exe	RdrCEF.exe
PID 4444 wrote to memory of 3080	4444	RdrCEF.exe	RdrCEF.exe
PID 4444 wrote to memory of 3080	4444	RdrCEF.exe	RdrCEF.exe
PID 4444 wrote to memory of 3080	4444	RdrCEF.exe	RdrCEF.exe
PID 4444 wrote to memory of 4676	4444	RdrCEF.exe	RdrCEF.exe
PID 4444 wrote to memory of 4676	4444	RdrCEF.exe	RdrCEF.exe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\fw8ben.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4048
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c
  2⤵
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2524
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c --type=collab-renderer --proc=2524
    3⤵
    PID:4264
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c
  2⤵
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2856
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c --type=collab-renderer --proc=2856
    3⤵
    PID:4868
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c
  2⤵
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3020
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c --type=collab-renderer --proc=3020
    3⤵
    PID:1404
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4444
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E8B332EA1DD55EF7311D3FE9CF354B90 --mojo-platform-channel-handle=1592 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3080
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=322837A0064F0008F600E605CF66255A --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=322837A0064F0008F600E605CF66255A --renderer-client-id=2 --mojo-platform-channel-handle=1612 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4676
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=682A4E7BF0ADA64A095E912BABB4A2A0 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=682A4E7BF0ADA64A095E912BABB4A2A0 --renderer-client-id=4 --mojo-platform-channel-handle=2256 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:3996
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=13810437DBC86729B9E384EBA177C624 --mojo-platform-channel-handle=1708 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3240
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=70006852833B1FE28C86F05161ADAB78 --mojo-platform-channel-handle=2568 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4980
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=FC1B858499A162BC1C0CA1FDA3C9FC09 --mojo-platform-channel-handle=2692 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1760

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\eac4cf9da8b4acca06ece00ca75105a1.db

Filesize
4KB

MD5
db094082d4f0575ec4b04cb4c4ed7b2f

SHA1
acbf2301b40ac443be9f5af638c7164d3d326a31

SHA256
647d621210c2a281180a1e678b7be08962610a0e1754bd310c5c6c558a8c5c98

SHA512
48e2889a52fbcae6e7c3004e4feb3f4b1ce32c4e441ba05e24f79c869561bbbcb95ecc0ba1e9743595ecd1f9a6480ae5b2f78af20790f037e39e58902b0db2b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Eureka\AcroCoreSync\CreativeCloud\CoreSync\EntitySync-2023-05-01.log

Filesize
2KB

MD5
ae20669034457b43cf52300d09a28025

SHA1
443d33d4457198a255510189f4067d729daa5922

SHA256
ca6b8279a57d49252833fd0120a0cc29d38713b143e0f3a85733c6fea17ce898

SHA512
d9ffdb87a8f5dd09f64119c6b8c019ee63d7ef8cc61379351c14e1b2208796d4d334f115ba0e18775caaef8cefff6369f8996039379608e19f1a6de9ceaeba73

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Eureka\AcroCoreSync\CreativeCloud\CoreSync\EntitySync-2023-05-01.log

Filesize
4KB

MD5
22a82786161e2c15f22f36f7aecc29b4

SHA1
2ec595993ad66c8efc86bf03d27a6a992c004626

SHA256
1b2e9836286089ed4a2c24dde77c8b0f1d437b4572d1354bfcaa8ae0a7889587

SHA512
e2b46baf3c215281cd3253769bd7508d945b4fb21c2bf142dccf68c2ce510e3baef90cce42528d62d82b67eca6c832aca1d11c5a1b8ebc93749b1f1185c414bd

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads