e0fe88e3912ee3f9447c30b42ecfafe05ededd091b844fd4c96e1eeb680fb650

Resubmissions

12/03/2024, 13:07

240312-qcycwshe5w 3

12/03/2024, 13:00

240312-p8qr9abd93 3

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
12/03/2024, 13:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CNH-e (1).pdf
Size

283KB
MD5

57dd547799d1935e69b55757171de1f7
SHA1

04f730003cf3d3a8266731b201b5853937cc1a29
SHA256

88ce8d5d371c571971933d756c49c7096922edbe1d1ed49d6b5096639960ab04
SHA512

9340d83cf08bc0e6dd52a5e0a75fb18d8de073e7be6d99459c0972fcec5229b2cde0c0029a261faa641c17b126e1cead7f0b3691c809c892948ed56a4716b0b6
SSDEEP

6144:1b5HtGAHwbRxuIGNuu+gblp+u2OWRGKMfvfxCYH:1b5NGAHKRxGNuuVlp+LRVsfxCK

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings\MuiCache	AdobeCollabSync.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
3732	AcroRd32.exe
3732	AcroRd32.exe
3732	AcroRd32.exe
3732	AcroRd32.exe
3732	AcroRd32.exe
3732	AcroRd32.exe
3732	AcroRd32.exe
3732	AcroRd32.exe
3732	AcroRd32.exe
3732	AcroRd32.exe
3732	AcroRd32.exe
3732	AcroRd32.exe
3732	AcroRd32.exe
3732	AcroRd32.exe
3732	AcroRd32.exe
3732	AcroRd32.exe
3732	AcroRd32.exe
3732	AcroRd32.exe
3732	AcroRd32.exe
3732	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3732	AcroRd32.exe

Suspicious use of SetWindowsHookEx 9 IoCs

pid	Process
3732	AcroRd32.exe
3732	AcroRd32.exe
3732	AcroRd32.exe
3732	AcroRd32.exe
3732	AcroRd32.exe
3732	AcroRd32.exe
3732	AcroRd32.exe
3732	AcroRd32.exe
3732	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3732 wrote to memory of 3648	3732	AcroRd32.exe	92
PID 3732 wrote to memory of 3648	3732	AcroRd32.exe	92
PID 3732 wrote to memory of 3648	3732	AcroRd32.exe	92
PID 3648 wrote to memory of 1828	3648	AdobeCollabSync.exe	93
PID 3648 wrote to memory of 1828	3648	AdobeCollabSync.exe	93
PID 3648 wrote to memory of 1828	3648	AdobeCollabSync.exe	93
PID 1828 wrote to memory of 3284	1828	AdobeCollabSync.exe	100
PID 1828 wrote to memory of 3284	1828	AdobeCollabSync.exe	100
PID 1828 wrote to memory of 3284	1828	AdobeCollabSync.exe	100
PID 3732 wrote to memory of 3516	3732	AcroRd32.exe	104
PID 3732 wrote to memory of 3516	3732	AcroRd32.exe	104
PID 3732 wrote to memory of 3516	3732	AcroRd32.exe	104
PID 3516 wrote to memory of 3852	3516	RdrCEF.exe	105
PID 3516 wrote to memory of 3852	3516	RdrCEF.exe	105
PID 3516 wrote to memory of 3852	3516	RdrCEF.exe	105
PID 3516 wrote to memory of 3852	3516	RdrCEF.exe	105
PID 3516 wrote to memory of 3852	3516	RdrCEF.exe	105
PID 3516 wrote to memory of 3852	3516	RdrCEF.exe	105
PID 3516 wrote to memory of 3852	3516	RdrCEF.exe	105
PID 3516 wrote to memory of 3852	3516	RdrCEF.exe	105
PID 3516 wrote to memory of 3852	3516	RdrCEF.exe	105
PID 3516 wrote to memory of 3852	3516	RdrCEF.exe	105
PID 3516 wrote to memory of 3852	3516	RdrCEF.exe	105
PID 3516 wrote to memory of 3852	3516	RdrCEF.exe	105
PID 3516 wrote to memory of 3852	3516	RdrCEF.exe	105
PID 3516 wrote to memory of 3852	3516	RdrCEF.exe	105
PID 3516 wrote to memory of 3852	3516	RdrCEF.exe	105
PID 3516 wrote to memory of 3852	3516	RdrCEF.exe	105
PID 3516 wrote to memory of 3852	3516	RdrCEF.exe	105
PID 3516 wrote to memory of 3852	3516	RdrCEF.exe	105
PID 3516 wrote to memory of 3852	3516	RdrCEF.exe	105
PID 3516 wrote to memory of 3852	3516	RdrCEF.exe	105
PID 3516 wrote to memory of 3852	3516	RdrCEF.exe	105
PID 3516 wrote to memory of 3852	3516	RdrCEF.exe	105
PID 3516 wrote to memory of 3852	3516	RdrCEF.exe	105
PID 3516 wrote to memory of 3852	3516	RdrCEF.exe	105
PID 3516 wrote to memory of 3852	3516	RdrCEF.exe	105
PID 3516 wrote to memory of 3852	3516	RdrCEF.exe	105
PID 3516 wrote to memory of 3852	3516	RdrCEF.exe	105
PID 3516 wrote to memory of 3852	3516	RdrCEF.exe	105
PID 3516 wrote to memory of 3852	3516	RdrCEF.exe	105
PID 3516 wrote to memory of 3852	3516	RdrCEF.exe	105
PID 3516 wrote to memory of 3852	3516	RdrCEF.exe	105
PID 3516 wrote to memory of 3852	3516	RdrCEF.exe	105
PID 3516 wrote to memory of 3852	3516	RdrCEF.exe	105
PID 3516 wrote to memory of 3852	3516	RdrCEF.exe	105
PID 3516 wrote to memory of 3852	3516	RdrCEF.exe	105
PID 3516 wrote to memory of 3852	3516	RdrCEF.exe	105
PID 3516 wrote to memory of 3852	3516	RdrCEF.exe	105
PID 3516 wrote to memory of 3852	3516	RdrCEF.exe	105
PID 3516 wrote to memory of 3852	3516	RdrCEF.exe	105
PID 3516 wrote to memory of 3852	3516	RdrCEF.exe	105
PID 3516 wrote to memory of 3852	3516	RdrCEF.exe	105
PID 3516 wrote to memory of 4572	3516	RdrCEF.exe	106
PID 3516 wrote to memory of 4572	3516	RdrCEF.exe	106
PID 3516 wrote to memory of 4572	3516	RdrCEF.exe	106
PID 3516 wrote to memory of 4572	3516	RdrCEF.exe	106
PID 3516 wrote to memory of 4572	3516	RdrCEF.exe	106
PID 3516 wrote to memory of 4572	3516	RdrCEF.exe	106
PID 3516 wrote to memory of 4572	3516	RdrCEF.exe	106
PID 3516 wrote to memory of 4572	3516	RdrCEF.exe	106
PID 3516 wrote to memory of 4572	3516	RdrCEF.exe	106
PID 3516 wrote to memory of 4572	3516	RdrCEF.exe	106
PID 3516 wrote to memory of 4572	3516	RdrCEF.exe	106

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\CNH-e (1).pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3732
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3648
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c --type=collab-renderer --proc=3648
    3⤵
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:1828
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe" GetChannelUri
      4⤵
      PID:3284
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3516
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B9247C686B0A3D3653021EFE1601B16F --mojo-platform-channel-handle=1732 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3852
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=79BB444C8F94CB198EF808A08DC9E863 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=79BB444C8F94CB198EF808A08DC9E863 --renderer-client-id=2 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4572
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D8B0E33E37BD3674816B37FE2D239F3E --mojo-platform-channel-handle=2316 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:468
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=9AAABD84FAA7837EDE176752974F67C2 --mojo-platform-channel-handle=2472 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4172
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=DE43C1916F3A6007A330BC2D6F91879C --mojo-platform-channel-handle=2392 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:5024
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=A8DECCE9C9D8712EA9596E8107371BCD --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=A8DECCE9C9D8712EA9596E8107371BCD --renderer-client-id=8 --mojo-platform-channel-handle=2496 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4332
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=525260848474F7172464872464E7962F --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=525260848474F7172464872464E7962F --renderer-client-id=10 --mojo-platform-channel-handle=2612 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
36KB

MD5
b30d3becc8731792523d599d949e63f5

SHA1
19350257e42d7aee17fb3bf139a9d3adb330fad4

SHA256
b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

SHA512
523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
28e9c147c3dc6ba506343951140891a2

SHA1
0390e1b78175f5220eb849c33f95638ecde54122

SHA256
ecfd3080b3bdffc36afce994f0b4c409852fa4097f03d39d66bd288dd012479f

SHA512
0ad110708b14e315312d4996a8ccad406cccc267df3035fbc7fc3061765f66c68668fcd4ebcf37dfee36c59f7c728ae0af7689ff97fa6ee5acc95110189fd907

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\DesktopNotification\NotificationsDB\notificationsDB

Filesize
24KB

MD5
4fe2b64a2631d0d6eb30b8f42b49bcf5

SHA1
10c931554e79c2f4280a65ef2ad57ff61a2429ec

SHA256
4901703febb24c665059d25ae6d0769c55051bcdc1b7a72b600252d4c3b0eca0

SHA512
8ad48178aa8d835e0c2028688e41f575e50e21b6b4b59161d08984c300911fda1a4614738bfa5557c3f2d254373a61497b491cbc7fb163afea2dbe08fcb67004

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
245950c48f668cf2fcb3c64778e64089

SHA1
3a5a14c820f58e35a3fc6f5de29669f0840587d8

SHA256
a027cf12f2055635a3020f08e0448b2f0314791260ccd25570426088c5b0e307

SHA512
4fc8448536663b551cc716d78715f06d4ed217fbdf755924f0b30aebbb6212798a61c6638f919d5c14bdb6998d6a12f0ca37281f3c7f484c1821fbfc98d4a24d

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
aebe0d2eb7a2077a55e57a955e62406a

SHA1
3f811b8148f12220f4b45699135e6d21c9847d8a

SHA256
87aa4c64348b534771f03919b5bdca09596e89f6e0cca0a992bb3d290ec4155a

SHA512
efa1b082925a4e478fcea74764bbacb91d43da8c01c4b360a34e6f7402af23f91c93b5e91c6266120e144b5300e8dae73a62a7b6d7c4328410128f6a72a7baed

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
72b176bb972bace5fe22916d15014e95

SHA1
e49dd9bfd2104ff79bfbeeb628c40a25378940df

SHA256
8436d6b18c951e569ad051c2d6cb52bfe44bd1bd68c12ce2cd41e8e6b7de5489

SHA512
cce39b917cd91d343f8d15d9c661940552daa8c950f51f6cfa3ccb59ec2eecc0fdee3e13084ca539f88cf2b5fad2ba9b6e5e359ae5f2444d0ed672ea122d8a84

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
503de5e9f961e2f05ae7b6da888b5d6c

SHA1
f63eb7c96576362ee95a3f24d945879279aae37d

SHA256
c433d25750378af2b19f618f57159a700357f49d7fa354baf01534b63cd790f3

SHA512
b5bce7a4bb980b11cf703424bb7b8d1eb596592a90dd9e863d8fb2d93c5a5dcb44c6bcff7a76a8af40a6e87f05ca497519ace2283304fe33c900eee53ba4300e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
378d98b714e659ebde3124688f6a7143

SHA1
d9f1316b504ae15797c68d7d125e5711aba99e19

SHA256
1b5a8fe2aadc56d12af4246590c499471c357330f1d26611c10d9d4fb8ccada3

SHA512
bbab082123aa6229819d2af10a8708e7c4b1fa20aa576fb9332493d2d6db845c6ce547ddcb0497dbb77e1ae78d3652c2cafc325c8060882981581b5e04f4bb82

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\resources\resource-18

Filesize
3.6MB

MD5
a8c8361b7f2302396e258a3409e8371c

SHA1
cd84724e89830994e8b958a0c0a9db2b5fd3db08

SHA256
152951ea34b49de148c3d4f11fa81875193576c8aa4a49abc5fa756cd3e12f42

SHA512
29d08b72d345cc95e0ce998bde0967f63cb72bf3a8316ff49f009aadeab3872f99f0a3bb5230f5f3f2655cf6e1dc04ffcc716dcc7f6050814339b25a0824e60b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
471B

MD5
17e5b20cb72453469315dd7ffe8ce5b3

SHA1
bc8dc064dd1a2ecd26c960adab926dfe3eaae520

SHA256
be4be9b9934fd13e8dab8010a103603ff6554cc0150c022abc90f941636c1eae

SHA512
d4d06188e8c5e240c151d57e0c5bcfd0bb992fb30e9fb873a31e99aee319e8ea6803800e0dfa8ead381f5436b26e6d2d44184f26eb70a0ebb771e0f91ba00233

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
400B

MD5
5258e572072da4d8eba57fbd135e9eaf

SHA1
fae10c33f5a93e1327b1b217e478b1d4da57554d

SHA256
78a78d122181321342e1060b5acb0c65185711d5ecbe1e8dd273a461e79beac6

SHA512
f3a2ef2602588a7d12b959821973434d4c7e1c8377a7fe1e83946289dcfe9efb32396e946f93fbb5a4c55d421f6ad96ba1315f36496eb227d5a3c9882e57f644

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Filesize
12KB

MD5
cfd5d480d43d59d1d6e933ceafd2c98b

SHA1
4f0a3e691562e1c2370d5fed210b1cbf9e1129e6

SHA256
6abffe437f96060ec2ff9857b6a662d47fc1cac9025d31c87dcb1a168a3fd3a3

SHA512
867cc8fb77534bdae243e013068bfde92fe27eb0c275a34c9962c8a9d43fbcc46bda55dbb7f479ed02b5f5ad0450e3bf5e508b18bfd15ffdc986836f969d5bc4

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Filesize
12KB

MD5
05ec696b7911de84aeeb09ed7a6dc3bf

SHA1
e32d9fbe5934350d1ef22126e3a014df2d6a7cf7

SHA256
6b21690407313fe262d68aab312d2329e916d7678b33cb875d3bcef71426036c

SHA512
436ef44d8751dccf31b46deafa61afc544858179b929e1118c49d50f922f58ae2a8f5798c2ebb19d4fcc2b53c79132035f87de5f2d209d3aeff8d79a3b91b643

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata

Filesize
14KB

MD5
947f93fe0eed44767626846f28cfde05

SHA1
f6276d2a2b4a9d8a8e23c84019cd3961e9d60e88

SHA256
06a576fc14e995c437b26c0d150b4e84cd745e7cedfd972a84b42b51c842fc9b

SHA512
f97739eb0d22a99b06ef340aefb0d5a5b45b679d28accff3de2565166392c7d2fabaa33f945696f7d456ba2ef323f48e43eb26578f71c8b2e8ed32fb4dc69bc9

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata

Filesize
5.3MB

MD5
97f2aebb4c3cb058995441277db99da3

SHA1
eaef8a3e37740115632646e64eb2810dc2eec1e6

SHA256
793125c5420b86d763c7c3fd5191d0448480732551b1e5dc10f09eefb05b3380

SHA512
fa325d799ff464718a4073946c7b7b2d43c1ebd34904726bb0f030c9cecef1a5f1988fc4eae5b1388110cd1b93b1e427501e95d96ddd21a3ffdbf7c49c2e466a

Download Submit