cbdc1732fab8b755659a4a13437c6fe9e8e1cb440a251298ba5b321797ca0a57

Analysis

max time kernel
154s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
04/10/2023, 20:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3aef193f-887a-428b-9c36-218e63aa8560.pdf
Size

380KB
MD5

26afd327396c68edda205626380378dd
SHA1

610bb33ccd7d190c59d21919ebd49add1c3b9950
SHA256

cbdc1732fab8b755659a4a13437c6fe9e8e1cb440a251298ba5b321797ca0a57
SHA512

8f4bae757beb4b0220b922f96560f7fffaf762e3761bc0d2c706409001734f77f7bd20374c160c26abc0198c17e99eb0a1f24ffe5fff681ce0ab2612e8408e5a
SSDEEP

6144:+11kmBpchfRNDCe3fjpmHvceSa6nlYpclUF5mAqzdY+9aa5rZvZeDdl:+nkAchDCePVTeD6nlYpqUF+0a5rZRkl

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1045988481-1457812719-2617974652-1000_Classes\Local Settings\MuiCache	AdobeCollabSync.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
2292	AcroRd32.exe
2292	AcroRd32.exe
2292	AcroRd32.exe
2292	AcroRd32.exe
2292	AcroRd32.exe
2292	AcroRd32.exe
2292	AcroRd32.exe
2292	AcroRd32.exe
2292	AcroRd32.exe
2292	AcroRd32.exe
2292	AcroRd32.exe
2292	AcroRd32.exe
2292	AcroRd32.exe
2292	AcroRd32.exe
2292	AcroRd32.exe
2292	AcroRd32.exe
2292	AcroRd32.exe
2292	AcroRd32.exe
2292	AcroRd32.exe
2292	AcroRd32.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
840	AdobeCollabSync.exe
2292	AcroRd32.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
840	AdobeCollabSync.exe

Suspicious use of SetWindowsHookEx 9 IoCs

pid	Process
2292	AcroRd32.exe
2292	AcroRd32.exe
2292	AcroRd32.exe
2292	AcroRd32.exe
2292	AcroRd32.exe
2292	AcroRd32.exe
2292	AcroRd32.exe
2292	AcroRd32.exe
2292	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2292 wrote to memory of 1068	2292	AcroRd32.exe	87
PID 2292 wrote to memory of 1068	2292	AcroRd32.exe	87
PID 2292 wrote to memory of 1068	2292	AcroRd32.exe	87
PID 1068 wrote to memory of 1860	1068	AdobeCollabSync.exe	89
PID 1068 wrote to memory of 1860	1068	AdobeCollabSync.exe	89
PID 1068 wrote to memory of 1860	1068	AdobeCollabSync.exe	89
PID 2292 wrote to memory of 840	2292	AcroRd32.exe	90
PID 2292 wrote to memory of 840	2292	AcroRd32.exe	90
PID 2292 wrote to memory of 840	2292	AcroRd32.exe	90
PID 840 wrote to memory of 1852	840	AdobeCollabSync.exe	91
PID 840 wrote to memory of 1852	840	AdobeCollabSync.exe	91
PID 840 wrote to memory of 1852	840	AdobeCollabSync.exe	91
PID 1860 wrote to memory of 4560	1860	AdobeCollabSync.exe	94
PID 1860 wrote to memory of 4560	1860	AdobeCollabSync.exe	94
PID 1860 wrote to memory of 4560	1860	AdobeCollabSync.exe	94
PID 2292 wrote to memory of 4840	2292	AcroRd32.exe	103
PID 2292 wrote to memory of 4840	2292	AcroRd32.exe	103
PID 2292 wrote to memory of 4840	2292	AcroRd32.exe	103
PID 4840 wrote to memory of 1248	4840	RdrCEF.exe	104
PID 4840 wrote to memory of 1248	4840	RdrCEF.exe	104
PID 4840 wrote to memory of 1248	4840	RdrCEF.exe	104
PID 4840 wrote to memory of 1248	4840	RdrCEF.exe	104
PID 4840 wrote to memory of 1248	4840	RdrCEF.exe	104
PID 4840 wrote to memory of 1248	4840	RdrCEF.exe	104
PID 4840 wrote to memory of 1248	4840	RdrCEF.exe	104
PID 4840 wrote to memory of 1248	4840	RdrCEF.exe	104
PID 4840 wrote to memory of 1248	4840	RdrCEF.exe	104
PID 4840 wrote to memory of 1248	4840	RdrCEF.exe	104
PID 4840 wrote to memory of 1248	4840	RdrCEF.exe	104
PID 4840 wrote to memory of 1248	4840	RdrCEF.exe	104
PID 4840 wrote to memory of 1248	4840	RdrCEF.exe	104
PID 4840 wrote to memory of 1248	4840	RdrCEF.exe	104
PID 4840 wrote to memory of 1248	4840	RdrCEF.exe	104
PID 4840 wrote to memory of 1248	4840	RdrCEF.exe	104
PID 4840 wrote to memory of 1248	4840	RdrCEF.exe	104
PID 4840 wrote to memory of 1248	4840	RdrCEF.exe	104
PID 4840 wrote to memory of 1248	4840	RdrCEF.exe	104
PID 4840 wrote to memory of 1248	4840	RdrCEF.exe	104
PID 4840 wrote to memory of 1248	4840	RdrCEF.exe	104
PID 4840 wrote to memory of 1248	4840	RdrCEF.exe	104
PID 4840 wrote to memory of 1248	4840	RdrCEF.exe	104
PID 4840 wrote to memory of 1248	4840	RdrCEF.exe	104
PID 4840 wrote to memory of 1248	4840	RdrCEF.exe	104
PID 4840 wrote to memory of 1248	4840	RdrCEF.exe	104
PID 4840 wrote to memory of 1248	4840	RdrCEF.exe	104
PID 4840 wrote to memory of 1248	4840	RdrCEF.exe	104
PID 4840 wrote to memory of 1248	4840	RdrCEF.exe	104
PID 4840 wrote to memory of 1248	4840	RdrCEF.exe	104
PID 4840 wrote to memory of 1248	4840	RdrCEF.exe	104
PID 4840 wrote to memory of 1248	4840	RdrCEF.exe	104
PID 4840 wrote to memory of 1248	4840	RdrCEF.exe	104
PID 4840 wrote to memory of 1248	4840	RdrCEF.exe	104
PID 4840 wrote to memory of 1248	4840	RdrCEF.exe	104
PID 4840 wrote to memory of 1248	4840	RdrCEF.exe	104
PID 4840 wrote to memory of 1248	4840	RdrCEF.exe	104
PID 4840 wrote to memory of 1248	4840	RdrCEF.exe	104
PID 4840 wrote to memory of 1248	4840	RdrCEF.exe	104
PID 4840 wrote to memory of 1248	4840	RdrCEF.exe	104
PID 4840 wrote to memory of 1248	4840	RdrCEF.exe	104
PID 4840 wrote to memory of 1248	4840	RdrCEF.exe	104
PID 4840 wrote to memory of 1248	4840	RdrCEF.exe	104
PID 4840 wrote to memory of 220	4840	RdrCEF.exe	105
PID 4840 wrote to memory of 220	4840	RdrCEF.exe	105
PID 4840 wrote to memory of 220	4840	RdrCEF.exe	105

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\3aef193f-887a-428b-9c36-218e63aa8560.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2292
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1068
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c --type=collab-renderer --proc=1068
    3⤵
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:1860
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe" GetChannelUri
      4⤵
      PID:4560
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c
  2⤵
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:840
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c --type=collab-renderer --proc=840
    3⤵
    PID:1852
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4840
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=1FBB87F9141BB992977E6BE4F0B7A937 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=1FBB87F9141BB992977E6BE4F0B7A937 --renderer-client-id=2 --mojo-platform-channel-handle=1688 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1248
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=12A0DC91D2173754E31D9502033DBAC4 --mojo-platform-channel-handle=2012 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:220
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=9F7FDDF57F1F7CB19F5837E3AF4EB477 --mojo-platform-channel-handle=2468 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:908
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=0A15FA4A98279E5790497BC879788617 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=0A15FA4A98279E5790497BC879788617 --renderer-client-id=5 --mojo-platform-channel-handle=1804 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4968
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E715A1C62BAF303F613C5550E7DC9B89 --mojo-platform-channel-handle=1608 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1728
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=AA10EBED0C1422CC059C6A10A561673B --mojo-platform-channel-handle=2708 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2912
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=159E73435A744B243AC584667CD1C835 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=159E73435A744B243AC584667CD1C835 --renderer-client-id=10 --mojo-platform-channel-handle=1628 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:3056
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  PID:472

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
36KB

MD5
b30d3becc8731792523d599d949e63f5

SHA1
19350257e42d7aee17fb3bf139a9d3adb330fad4

SHA256
b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

SHA512
523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
11cddc2f3afbee585025534dea97eba6

SHA1
2294e6982bd715ea4d97bc190045f5eb33e6848d

SHA256
76f4fdea1b20cff93dcbc13c0f0eb132e740188e369834f502d53d4c166e7c1e

SHA512
788c3bd6ba761daa9a3db8e3125e2bc1bc3b18e97d3015a575cdedf894c95412bbb840a570496e2068f667873b0103adcd30151a3223643cb73b221c7643068a

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\DesktopNotification\NotificationsDB\notificationsDB

Filesize
24KB

MD5
4fe2b64a2631d0d6eb30b8f42b49bcf5

SHA1
10c931554e79c2f4280a65ef2ad57ff61a2429ec

SHA256
4901703febb24c665059d25ae6d0769c55051bcdc1b7a72b600252d4c3b0eca0

SHA512
8ad48178aa8d835e0c2028688e41f575e50e21b6b4b59161d08984c300911fda1a4614738bfa5557c3f2d254373a61497b491cbc7fb163afea2dbe08fcb67004

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\eac4cf9da8b4acca06ece00ca75105a1.db

Filesize
4KB

MD5
db094082d4f0575ec4b04cb4c4ed7b2f

SHA1
acbf2301b40ac443be9f5af638c7164d3d326a31

SHA256
647d621210c2a281180a1e678b7be08962610a0e1754bd310c5c6c558a8c5c98

SHA512
48e2889a52fbcae6e7c3004e4feb3f4b1ce32c4e441ba05e24f79c869561bbbcb95ecc0ba1e9743595ecd1f9a6480ae5b2f78af20790f037e39e58902b0db2b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Eureka\AcroCoreSync\Adobe\CoreSync\EntitySync\eac4cf9da8b4acca06ece00ca75105a1.db-wal

Filesize
128KB

MD5
bb65c8cfbea32683dd2234dfedb94d86

SHA1
eb32b9c79fc9be232c4028fcd3c2ccba22b5dee4

SHA256
cc1f212f90cb2ea07a2827ff26688353358ec77786f4d635d6600c53153531fc

SHA512
66d5abbbf7da67258653c722ba37ee45006c6a2ce7c398d3e1901ffb8cf4b679046e70fab02282557c8e35d0966aa2ccf081b5d0c2c439432ec64ac509c6189c

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Eureka\AcroCoreSync\CreativeCloud\CoreSync\EntitySync-2023-10-04.log

Filesize
2KB

MD5
fcf2ede10c03edaa99b5f964ea030506

SHA1
dbcddf7f572cbbac859cb6b65be3e96a83402eea

SHA256
0f6538611f0fa382c8ad0707d19d14d6d76e2682803421b4ed0ac77ad35982d6

SHA512
026ceb0f77344acde4bab5d96b1752035450d7dae45b1b9563e2d8217c5258925a1a4ed48be66909605b7571bbeb2acf35272b89f68d2596b31feefea5a2fb60

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
245950c48f668cf2fcb3c64778e64089

SHA1
3a5a14c820f58e35a3fc6f5de29669f0840587d8

SHA256
a027cf12f2055635a3020f08e0448b2f0314791260ccd25570426088c5b0e307

SHA512
4fc8448536663b551cc716d78715f06d4ed217fbdf755924f0b30aebbb6212798a61c6638f919d5c14bdb6998d6a12f0ca37281f3c7f484c1821fbfc98d4a24d

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
245950c48f668cf2fcb3c64778e64089

SHA1
3a5a14c820f58e35a3fc6f5de29669f0840587d8

SHA256
a027cf12f2055635a3020f08e0448b2f0314791260ccd25570426088c5b0e307

SHA512
4fc8448536663b551cc716d78715f06d4ed217fbdf755924f0b30aebbb6212798a61c6638f919d5c14bdb6998d6a12f0ca37281f3c7f484c1821fbfc98d4a24d

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
aebe0d2eb7a2077a55e57a955e62406a

SHA1
3f811b8148f12220f4b45699135e6d21c9847d8a

SHA256
87aa4c64348b534771f03919b5bdca09596e89f6e0cca0a992bb3d290ec4155a

SHA512
efa1b082925a4e478fcea74764bbacb91d43da8c01c4b360a34e6f7402af23f91c93b5e91c6266120e144b5300e8dae73a62a7b6d7c4328410128f6a72a7baed

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
780aebfd8d64d48798becf1ae79bd4e2

SHA1
d76d0e7825cbf0825b722cb82cdd7ef5cbe30a6e

SHA256
354da1f35520a2b10c5ed02ee49d31bb4283119c9cabe7690ab2f2fe26318557

SHA512
19e722ab344197cd2b8cd16986add5d3db8a1d883a330d67123ab4c5a71bef7efbda17beb401d0e670070e7390c4cb471ca909abb6005bd62e436d56e4f4a58a

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
e57c3c30293bccc228548826cdca3c37

SHA1
f4c4f39a1b3187759985c146efe4ac745990f388

SHA256
6e638662b10d8d3424a65d2ef3512ed0e38dd369a8c5b8f211a455d1e01f1842

SHA512
f6e5690ea040d3b2e45fd5da0a818c11b38ca636dff99914c70001dbe085e13412831ee07dc1d7397c5c2d481f70a4b7e8ff8f0e1014694ba7d9d97f1b0998af

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
e57c3c30293bccc228548826cdca3c37

SHA1
f4c4f39a1b3187759985c146efe4ac745990f388

SHA256
6e638662b10d8d3424a65d2ef3512ed0e38dd369a8c5b8f211a455d1e01f1842

SHA512
f6e5690ea040d3b2e45fd5da0a818c11b38ca636dff99914c70001dbe085e13412831ee07dc1d7397c5c2d481f70a4b7e8ff8f0e1014694ba7d9d97f1b0998af

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\resources\resource-18

Filesize
3.4MB

MD5
44047c4b3f1013d694b5d01098c8a0a8

SHA1
236b4716b08b4f4d031d9d55eb46b37d3c8ca6b9

SHA256
eaebc3b6731ad0d4eea255da74d0c5e6babb22dee4e558644a5fa0fa9a9c5fbf

SHA512
cc99e8877c77f65bf05e50cc64a25bdfaea3370be503151a24026977a6b9e80cf2c585081cc21cb1ce0bf93c776e1b452972dcb19d6ca1a1ff01474332079ed1

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\resources\resource-18

Filesize
3.4MB

MD5
44047c4b3f1013d694b5d01098c8a0a8

SHA1
236b4716b08b4f4d031d9d55eb46b37d3c8ca6b9

SHA256
eaebc3b6731ad0d4eea255da74d0c5e6babb22dee4e558644a5fa0fa9a9c5fbf

SHA512
cc99e8877c77f65bf05e50cc64a25bdfaea3370be503151a24026977a6b9e80cf2c585081cc21cb1ce0bf93c776e1b452972dcb19d6ca1a1ff01474332079ed1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
471B

MD5
944f8bb6338e11acfc6334a5e2d0b852

SHA1
04ebb54cf143e0650004fa1a9f41fc1f323dae2f

SHA256
f7870c7d8c2844edbc15808fa4aff8a910330f3de0b035ec59dfabd0c4a46973

SHA512
1096d8dba10d6a80fba61ff8ae156aecfe4c246784c70f2ed32d1f14d9f6f101a17c4dbac68a6476ac5076709f152eba962c3d820502be231332092e84fbc60a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
400B

MD5
ff1e444076ca24b12482af344071e319

SHA1
db4a7a6dbd93ec0c86a7563488b2c5b057acf656

SHA256
7c5b497e33f62400728215773ec90ea722da5662350ed06ed2e33ee1ae943fe1

SHA512
e20c4a199da45ca20343352c2a6aab0e733a06711022103b7a40d273f49aa18e454bfcf0c86535a785103d01fb0c86f118809291c88e51c0d0c621d9f8ca4c56

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Filesize
12KB

MD5
b22b607f499f99d86cacf5fe4ed6419a

SHA1
85ae77f7ea7f874a0721cb257656f992db96632b

SHA256
af115bbde4108c6adc06e81703408c4d2346a062e55ffc6755716e9f625371b4

SHA512
8eac8d4394a1a56d5e4f7b7c414ebe399f2b5b0d1b62908b6559eeeaa2145c7454f6f3017028a6569313c80af3373224f9e4ed83707c04a7a8bb3292ebc7bd43

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata

Filesize
14KB

MD5
947f93fe0eed44767626846f28cfde05

SHA1
f6276d2a2b4a9d8a8e23c84019cd3961e9d60e88

SHA256
06a576fc14e995c437b26c0d150b4e84cd745e7cedfd972a84b42b51c842fc9b

SHA512
f97739eb0d22a99b06ef340aefb0d5a5b45b679d28accff3de2565166392c7d2fabaa33f945696f7d456ba2ef323f48e43eb26578f71c8b2e8ed32fb4dc69bc9

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata

Filesize
5.0MB

MD5
76b38860f377c77e2f952fbf8b9c3efe

SHA1
4165433fcccc6254b9154c0e8c695525bddd85d9

SHA256
592e16600eeaba7f3bb4823764799bae23c0eb5bc8ae151257c97038547bf7a9

SHA512
96cd363f7e2e66138ebea2a488eb457ef2cf1c40b621f80cf713267493816b246548a1fd33119f7f79b7bffb5f47408d6a7a96ecf67b3b81a74663f333eb0fca

Download Submit
memory/2292-181-0x0000000010920000-0x00000000109EB000-memory.dmp

Filesize
812KB

Download
memory/2292-180-0x0000000010920000-0x0000000010A6D000-memory.dmp

Filesize
1.3MB

Download
memory/2292-196-0x0000000010920000-0x0000000010A6D000-memory.dmp

Filesize
1.3MB

Download
memory/2292-197-0x0000000010920000-0x00000000109EB000-memory.dmp

Filesize
812KB

Download