b821dc1172c91b348a65675529cc792782f11fc1ae8579df92d627113203f918

Resubmissions

30-04-2023 22:53

230430-2vfrcaga25 1

30-04-2023 22:49

230430-2rzp2sff69 1

Analysis

max time kernel
141s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
30-04-2023 22:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fw8ben.pdf
Size

66KB
MD5

1242833dff6c214973bd2bf902443133
SHA1

d8aa699678d12de6ac468a864d4fae7999aa904b
SHA256

b821dc1172c91b348a65675529cc792782f11fc1ae8579df92d627113203f918
SHA512

4c380cd1df110be4366f94153a94aad2d0ce979370338f9ea704a0d0ab986a977411833264bb1d807b0cb16ee64f7517f7b1e10458030b260ed337bc0db366ef
SSDEEP

1536:dLgw1Ok1CLm9YqtSYIIJPN4n9S5Vj1XTrTdkf:GpgCyVRIaPNE+Tde

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AcroRd32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

AcroRd32.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 1 IoCs

Processes:

AdobeCollabSync.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\MuiCache AdobeCollabSync.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings\MuiCache	AdobeCollabSync.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

Processes:

AcroRd32.exe

pid	process
4444	AcroRd32.exe
4444	AcroRd32.exe
4444	AcroRd32.exe
4444	AcroRd32.exe
4444	AcroRd32.exe
4444	AcroRd32.exe
4444	AcroRd32.exe
4444	AcroRd32.exe
4444	AcroRd32.exe
4444	AcroRd32.exe
4444	AcroRd32.exe
4444	AcroRd32.exe
4444	AcroRd32.exe
4444	AcroRd32.exe
4444	AcroRd32.exe
4444	AcroRd32.exe
4444	AcroRd32.exe
4444	AcroRd32.exe
4444	AcroRd32.exe
4444	AcroRd32.exe

Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

AdobeCollabSync.exeAcroRd32.exe

pid process

3604 AdobeCollabSync.exe
4444 AcroRd32.exe
Suspicious use of SendNotifyMessage 1 IoCs

Processes:

AdobeCollabSync.exe

pid process

3604 AdobeCollabSync.exe
Suspicious use of SetWindowsHookEx 7 IoCs

Processes:

AcroRd32.exe

pid process

4444 AcroRd32.exe
4444 AcroRd32.exe
4444 AcroRd32.exe
4444 AcroRd32.exe
4444 AcroRd32.exe
4444 AcroRd32.exe
4444 AcroRd32.exe

pid	process
3604	AdobeCollabSync.exe
4444	AcroRd32.exe

pid	process
3604	AdobeCollabSync.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

AcroRd32.exeAdobeCollabSync.exeAdobeCollabSync.exeAdobeCollabSync.exeRdrCEF.exe

description	pid	process	target process
PID 4444 wrote to memory of 4496	4444	AcroRd32.exe	AdobeCollabSync.exe
PID 4444 wrote to memory of 4496	4444	AcroRd32.exe	AdobeCollabSync.exe
PID 4444 wrote to memory of 4496	4444	AcroRd32.exe	AdobeCollabSync.exe
PID 4496 wrote to memory of 544	4496	AdobeCollabSync.exe	AdobeCollabSync.exe
PID 4496 wrote to memory of 544	4496	AdobeCollabSync.exe	AdobeCollabSync.exe
PID 4496 wrote to memory of 544	4496	AdobeCollabSync.exe	AdobeCollabSync.exe
PID 4444 wrote to memory of 3604	4444	AcroRd32.exe	AdobeCollabSync.exe
PID 4444 wrote to memory of 3604	4444	AcroRd32.exe	AdobeCollabSync.exe
PID 4444 wrote to memory of 3604	4444	AcroRd32.exe	AdobeCollabSync.exe
PID 3604 wrote to memory of 1844	3604	AdobeCollabSync.exe	AdobeCollabSync.exe
PID 3604 wrote to memory of 1844	3604	AdobeCollabSync.exe	AdobeCollabSync.exe
PID 3604 wrote to memory of 1844	3604	AdobeCollabSync.exe	AdobeCollabSync.exe
PID 544 wrote to memory of 4188	544	AdobeCollabSync.exe	FullTrustNotifier.exe
PID 544 wrote to memory of 4188	544	AdobeCollabSync.exe	FullTrustNotifier.exe
PID 544 wrote to memory of 4188	544	AdobeCollabSync.exe	FullTrustNotifier.exe
PID 4444 wrote to memory of 4300	4444	AcroRd32.exe	RdrCEF.exe
PID 4444 wrote to memory of 4300	4444	AcroRd32.exe	RdrCEF.exe
PID 4444 wrote to memory of 4300	4444	AcroRd32.exe	RdrCEF.exe
PID 4300 wrote to memory of 2316	4300	RdrCEF.exe	RdrCEF.exe
PID 4300 wrote to memory of 2316	4300	RdrCEF.exe	RdrCEF.exe
PID 4300 wrote to memory of 2316	4300	RdrCEF.exe	RdrCEF.exe
PID 4300 wrote to memory of 2316	4300	RdrCEF.exe	RdrCEF.exe
PID 4300 wrote to memory of 2316	4300	RdrCEF.exe	RdrCEF.exe
PID 4300 wrote to memory of 2316	4300	RdrCEF.exe	RdrCEF.exe
PID 4300 wrote to memory of 2316	4300	RdrCEF.exe	RdrCEF.exe
PID 4300 wrote to memory of 2316	4300	RdrCEF.exe	RdrCEF.exe
PID 4300 wrote to memory of 2316	4300	RdrCEF.exe	RdrCEF.exe
PID 4300 wrote to memory of 2316	4300	RdrCEF.exe	RdrCEF.exe
PID 4300 wrote to memory of 2316	4300	RdrCEF.exe	RdrCEF.exe
PID 4300 wrote to memory of 2316	4300	RdrCEF.exe	RdrCEF.exe
PID 4300 wrote to memory of 2316	4300	RdrCEF.exe	RdrCEF.exe
PID 4300 wrote to memory of 2316	4300	RdrCEF.exe	RdrCEF.exe
PID 4300 wrote to memory of 2316	4300	RdrCEF.exe	RdrCEF.exe
PID 4300 wrote to memory of 2316	4300	RdrCEF.exe	RdrCEF.exe
PID 4300 wrote to memory of 2316	4300	RdrCEF.exe	RdrCEF.exe
PID 4300 wrote to memory of 2316	4300	RdrCEF.exe	RdrCEF.exe
PID 4300 wrote to memory of 2316	4300	RdrCEF.exe	RdrCEF.exe
PID 4300 wrote to memory of 2316	4300	RdrCEF.exe	RdrCEF.exe
PID 4300 wrote to memory of 2316	4300	RdrCEF.exe	RdrCEF.exe
PID 4300 wrote to memory of 2316	4300	RdrCEF.exe	RdrCEF.exe
PID 4300 wrote to memory of 2316	4300	RdrCEF.exe	RdrCEF.exe
PID 4300 wrote to memory of 2316	4300	RdrCEF.exe	RdrCEF.exe
PID 4300 wrote to memory of 2316	4300	RdrCEF.exe	RdrCEF.exe
PID 4300 wrote to memory of 2316	4300	RdrCEF.exe	RdrCEF.exe
PID 4300 wrote to memory of 2316	4300	RdrCEF.exe	RdrCEF.exe
PID 4300 wrote to memory of 2316	4300	RdrCEF.exe	RdrCEF.exe
PID 4300 wrote to memory of 2316	4300	RdrCEF.exe	RdrCEF.exe
PID 4300 wrote to memory of 2316	4300	RdrCEF.exe	RdrCEF.exe
PID 4300 wrote to memory of 2316	4300	RdrCEF.exe	RdrCEF.exe
PID 4300 wrote to memory of 2316	4300	RdrCEF.exe	RdrCEF.exe
PID 4300 wrote to memory of 2316	4300	RdrCEF.exe	RdrCEF.exe
PID 4300 wrote to memory of 2316	4300	RdrCEF.exe	RdrCEF.exe
PID 4300 wrote to memory of 2316	4300	RdrCEF.exe	RdrCEF.exe
PID 4300 wrote to memory of 2316	4300	RdrCEF.exe	RdrCEF.exe
PID 4300 wrote to memory of 2316	4300	RdrCEF.exe	RdrCEF.exe
PID 4300 wrote to memory of 2316	4300	RdrCEF.exe	RdrCEF.exe
PID 4300 wrote to memory of 2316	4300	RdrCEF.exe	RdrCEF.exe
PID 4300 wrote to memory of 2316	4300	RdrCEF.exe	RdrCEF.exe
PID 4300 wrote to memory of 2316	4300	RdrCEF.exe	RdrCEF.exe
PID 4300 wrote to memory of 2288	4300	RdrCEF.exe	RdrCEF.exe
PID 4300 wrote to memory of 2288	4300	RdrCEF.exe	RdrCEF.exe
PID 4300 wrote to memory of 2288	4300	RdrCEF.exe	RdrCEF.exe
PID 4300 wrote to memory of 2288	4300	RdrCEF.exe	RdrCEF.exe
PID 4300 wrote to memory of 2288	4300	RdrCEF.exe	RdrCEF.exe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\fw8ben.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4444
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4496
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c --type=collab-renderer --proc=4496
    3⤵
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:544
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe" GetChannelUri
      4⤵
      PID:4188
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c
  2⤵
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3604
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c --type=collab-renderer --proc=3604
    3⤵
    PID:1844
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4300
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=0DF312D056C6E7445470DE555A283375 --mojo-platform-channel-handle=1732 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2316
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=5C9EF4E45ECF1EF306321C7A1981582F --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=5C9EF4E45ECF1EF306321C7A1981582F --renderer-client-id=2 --mojo-platform-channel-handle=1720 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2288
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=67A1E7F81C33D9850C73F52987912DED --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=67A1E7F81C33D9850C73F52987912DED --renderer-client-id=4 --mojo-platform-channel-handle=2164 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:3384
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=BFFDD724B246C7B5F1B6E5701062D374 --mojo-platform-channel-handle=2296 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2192
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B569E04DA573AC3F3E1E9AD370919A97 --mojo-platform-channel-handle=2548 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:216
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D0E217867B6A8918D9C691BA68853FEF --mojo-platform-channel-handle=1764 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3120

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
36KB

MD5
b30d3becc8731792523d599d949e63f5

SHA1
19350257e42d7aee17fb3bf139a9d3adb330fad4

SHA256
b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

SHA512
523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
44f4cca7af79967765e90dbdaa7a2d84

SHA1
d5b10e0c31ea482da5397973f65e0c97999e5641

SHA256
7d89194616353b1e7866dddcbbf79fde953deccc7b84e102c1577e16d77ca30b

SHA512
c9a265dace3c54a25b1ca1a44f96bcc456f932d7a3699d959b3e17802b1afe21087d53de8e2fae4edded2151c34f28a9619682e9610523149267d52b207a10c6

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
c2f951dbb4b98be71a618f3175178fc4

SHA1
d7bfd37a777e40020e44aa36be2673da99ad4e9b

SHA256
ad679814eae830d02a98353f6ba9532b4db79cb9f80e6caa4f51f489aa77e41a

SHA512
3b7e9974c99155bfd89d3ae8c19182df36d60b3752b79ce1b23ea65aa50c9202b189f1ae1c29ff5e58c998408da61679b4229a6607b38ba4784abe377f1a828a

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
1b82da2ec787f4b7a453b8d4f7a6e7c7

SHA1
f1ab1a922937334549369fff4ccfe2210d17995e

SHA256
a2da620b91d8924d1c855176f69ffcb81482b28baca1d41c9d5903e9f8738ad5

SHA512
71d577410ff57eae4791911494a4d4692cbbe85bd7ad70e57db7b2c085834274bae478f9bd98ee19a39d69c26d13952f06880c916daa5c3c6ad33fc3bec70062

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\eac4cf9da8b4acca06ece00ca75105a1.db

Filesize
4KB

MD5
db094082d4f0575ec4b04cb4c4ed7b2f

SHA1
acbf2301b40ac443be9f5af638c7164d3d326a31

SHA256
647d621210c2a281180a1e678b7be08962610a0e1754bd310c5c6c558a8c5c98

SHA512
48e2889a52fbcae6e7c3004e4feb3f4b1ce32c4e441ba05e24f79c869561bbbcb95ecc0ba1e9743595ecd1f9a6480ae5b2f78af20790f037e39e58902b0db2b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\eac4cf9da8b4acca06ece00ca75105a1.db-wal

Filesize
128KB

MD5
697e70ccc031bbf7b12f9b1200745cb8

SHA1
42eb114ee549f8fe6ebaa60de7ad590d5c1207d7

SHA256
541b1879c05f3d098c8029a5ec0ff0bbdc6a85777bf41cd72cfa5ab3e2adc9f4

SHA512
75a2779c1c34eb247b938887ea226bf203cbcbb08c552fafac5eaff3ab0a84a3a5d36598c730efe895717a2e901960644d54826ec2aa699a090c05ddccea61cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Eureka\AcroCoreSync\CreativeCloud\CoreSync\EntitySync-2023-05-01.log

Filesize
2KB

MD5
449c45955dfca2b733dd105747d89bcb

SHA1
988a7e021e16dbb413b5b4fe3979d804637b7761

SHA256
3af74659ab515389773f61b7cd2bf2ef304d297b1c4a21d31763d31f77dc45aa

SHA512
d5cf56cea16bab5f164e50ce4ff509786f7128638911db2ac2913aaf29434eee9b971904ce1cd582352047c3f71812af9f1b0ac5f5e9d45e387c10da3d4f039e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
245950c48f668cf2fcb3c64778e64089

SHA1
3a5a14c820f58e35a3fc6f5de29669f0840587d8

SHA256
a027cf12f2055635a3020f08e0448b2f0314791260ccd25570426088c5b0e307

SHA512
4fc8448536663b551cc716d78715f06d4ed217fbdf755924f0b30aebbb6212798a61c6638f919d5c14bdb6998d6a12f0ca37281f3c7f484c1821fbfc98d4a24d

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
245950c48f668cf2fcb3c64778e64089

SHA1
3a5a14c820f58e35a3fc6f5de29669f0840587d8

SHA256
a027cf12f2055635a3020f08e0448b2f0314791260ccd25570426088c5b0e307

SHA512
4fc8448536663b551cc716d78715f06d4ed217fbdf755924f0b30aebbb6212798a61c6638f919d5c14bdb6998d6a12f0ca37281f3c7f484c1821fbfc98d4a24d

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
aebe0d2eb7a2077a55e57a955e62406a

SHA1
3f811b8148f12220f4b45699135e6d21c9847d8a

SHA256
87aa4c64348b534771f03919b5bdca09596e89f6e0cca0a992bb3d290ec4155a

SHA512
efa1b082925a4e478fcea74764bbacb91d43da8c01c4b360a34e6f7402af23f91c93b5e91c6266120e144b5300e8dae73a62a7b6d7c4328410128f6a72a7baed

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
eb0a6c3cd8c4291138a10e3630652a50

SHA1
ddab4417c66489eb55c3caeee7c21268bfd663cf

SHA256
10358899fe359f0034fac4e9c2d4f846b8ec7546f8e45a2aa508527cf9073bac

SHA512
b6764b4faa9f31274040ed55371744e06e5a89b55c4386be4c998620d164a0706c72e38168c99abc28f9fa731ea019500d2d2e36f597b87e42e8c233d64b19c4

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
3854bef3a9661f0099db301f715ff004

SHA1
f9c385280a4034ae7878373cd392f43b21cf8697

SHA256
29d720330f0b6d2892b05cff117241a4fb2c7afa5f026368fec059bff613daea

SHA512
163c7bd7feead673b93354aec1329e1679fce33b36cb85aa687585ae28b06233e58438a134595d01c1a692bd85bade0cc2e24395afe4ae500e90b07e24e44869

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
b0a1a7368e769ddb8f7e618fa080d078

SHA1
7799b7364e1c6b6edf61a7c34031bc1278c2144f

SHA256
d4719eb3cd6036dd02653c8a167d801d91728ec48f44ec5d1f5c6e5ca6f38ed9

SHA512
df66aae1af016d4ee45582a7e1509ab1c5db893de5d2be7486946c72970644cc6a2d70b7277ab85da8189f3819d19ac02572f9414fd15528512bca328646c60b

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
b0a1a7368e769ddb8f7e618fa080d078

SHA1
7799b7364e1c6b6edf61a7c34031bc1278c2144f

SHA256
d4719eb3cd6036dd02653c8a167d801d91728ec48f44ec5d1f5c6e5ca6f38ed9

SHA512
df66aae1af016d4ee45582a7e1509ab1c5db893de5d2be7486946c72970644cc6a2d70b7277ab85da8189f3819d19ac02572f9414fd15528512bca328646c60b

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\resources\resource-18

Filesize
3.3MB

MD5
6fb3c5c3da028b61fd1269deb8f5e2d1

SHA1
9980e7b4cb197d8b2ea30a76d1a57245b93ce36b

SHA256
a14d5eb762895f53befde4f746048987d7ea15684884b2bb7af55a1aacc868ec

SHA512
2f516e5c5f4dcb6a96e386943b577e0765b6490492b098b5228e872b1c0e02d91f1c102765e62e83e3d1b8534b842b2a81bcf43c4a5539f96a3b5d0978414ad1

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\resources\resource-18

Filesize
3.3MB

MD5
6fb3c5c3da028b61fd1269deb8f5e2d1

SHA1
9980e7b4cb197d8b2ea30a76d1a57245b93ce36b

SHA256
a14d5eb762895f53befde4f746048987d7ea15684884b2bb7af55a1aacc868ec

SHA512
2f516e5c5f4dcb6a96e386943b577e0765b6490492b098b5228e872b1c0e02d91f1c102765e62e83e3d1b8534b842b2a81bcf43c4a5539f96a3b5d0978414ad1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
471B

MD5
ac5388b520b0dc5ea14ce05be04048e5

SHA1
c9a9ed4a25e1656644d9c0e4c9b0633880bdaaf8

SHA256
36821d71a50751bf181347ee0875ed80e58777dab88299c77a05c29021991884

SHA512
771ae35e327b4df3f2aa30fbba3efd0c0b2f58418e2a40493850af43f51cd6f588adbbde06fa011566ff8f774164d2cb70e02b89d3f92324ad7cc0fbdf88e42b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
430B

MD5
98710e06f4d54d585fd71daa76c1f797

SHA1
9f80593967e77c4c520f56d2bb391952d3825af3

SHA256
ff965ec0b90e67b379e2c63edbc150be6bcd2e9060fba641bd50aa33c2a13436

SHA512
ff7725e5f9dc7e954414d6054a613a097b167aa1ae44f98336110fb9f81bdb057be090e30e1d46f9b14ca0f820cb6ac3b93eeaca02f73cb8c365b6946bcdc81f

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Filesize
12KB

MD5
8c26f1f12fab92e697c7ac64d039d821

SHA1
df0e34bef10d39be657c962cbd56a8eb855e69b0

SHA256
c72eba366369274967146a854012db239f1113323382f786125f4bd825b617f3

SHA512
ea82f3c52ad712418d85d847c66acfb67d7591114318cd3134c95e2d8aa91ac96be43e4a9838ac82d6e0d1520675cad78eff45ef9504153bbb4f1527cb298bc9

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata

Filesize
14KB

MD5
947f93fe0eed44767626846f28cfde05

SHA1
f6276d2a2b4a9d8a8e23c84019cd3961e9d60e88

SHA256
06a576fc14e995c437b26c0d150b4e84cd745e7cedfd972a84b42b51c842fc9b

SHA512
f97739eb0d22a99b06ef340aefb0d5a5b45b679d28accff3de2565166392c7d2fabaa33f945696f7d456ba2ef323f48e43eb26578f71c8b2e8ed32fb4dc69bc9

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata

Filesize
4.7MB

MD5
27ce3e342cb770dc10ba273dd9877283

SHA1
94b3bbd416aaef0db11867db495edb1fe7273a97

SHA256
d1316521b7859443d5066a515737e96af937f028e8a5c630af6d7f29a441c411

SHA512
e45aff02d09d589eb73f16fa737893b49ba4b2a8566abdf585cfbea26fe564e247478b3db26418c593dd485ca4df7b1d733ad52ae546c734d4cc719617d9ae76

Download Submit
memory/4444-371-0x0000000010E10000-0x0000000010EDB000-memory.dmp

Filesize
812KB

Download