434d39bfbcee378ed62a02aa40acc6507aa00b2a3cb0bf356c0b23cc9eebcd77

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10-04-2024 10:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NewCovid-21/GEO-CFUND-2009_CCM Agreement_Facesheet - signed.pdf
Size

1.2MB
MD5

c326ba10fb458ca8b17a12047664ba61
SHA1

897439fae9312219b87e6b62d0d7d0bcdf419eff
SHA256

bbab12dc486b1c6fcf9e343ec1474d0f8967de988444d7f838f1b4dcab343e8a
SHA512

d647695b7bfc10d8c94af873506cb02c51ecdf672f151b175a3b42f78138fa401824b7a4f813d400acb35dbbc365968261282718672bc25d30040cf8e2e61941
SSDEEP

24576:iPO7CFXws3rSFQh08q/SjCUO+rT4p/5bKTeUXBXJbM:i73bSSh0oCU149KTLlJY

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\MuiCache	AdobeCollabSync.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
2820	AcroRd32.exe
2820	AcroRd32.exe
2820	AcroRd32.exe
2820	AcroRd32.exe
2820	AcroRd32.exe
2820	AcroRd32.exe
2820	AcroRd32.exe
2820	AcroRd32.exe
2820	AcroRd32.exe
2820	AcroRd32.exe
2820	AcroRd32.exe
2820	AcroRd32.exe
2820	AcroRd32.exe
2820	AcroRd32.exe
2820	AcroRd32.exe
2820	AcroRd32.exe
2820	AcroRd32.exe
2820	AcroRd32.exe
2820	AcroRd32.exe
2820	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2820	AcroRd32.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
2820	AcroRd32.exe
2820	AcroRd32.exe
2820	AcroRd32.exe
2820	AcroRd32.exe
2820	AcroRd32.exe
2820	AcroRd32.exe
2820	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2820 wrote to memory of 4556	2820	AcroRd32.exe	88
PID 2820 wrote to memory of 4556	2820	AcroRd32.exe	88
PID 2820 wrote to memory of 4556	2820	AcroRd32.exe	88
PID 4556 wrote to memory of 5056	4556	AdobeCollabSync.exe	91
PID 4556 wrote to memory of 5056	4556	AdobeCollabSync.exe	91
PID 4556 wrote to memory of 5056	4556	AdobeCollabSync.exe	91
PID 5056 wrote to memory of 2356	5056	AdobeCollabSync.exe	95
PID 5056 wrote to memory of 2356	5056	AdobeCollabSync.exe	95
PID 5056 wrote to memory of 2356	5056	AdobeCollabSync.exe	95
PID 2820 wrote to memory of 1048	2820	AcroRd32.exe	98
PID 2820 wrote to memory of 1048	2820	AcroRd32.exe	98
PID 2820 wrote to memory of 1048	2820	AcroRd32.exe	98
PID 1048 wrote to memory of 4612	1048	RdrCEF.exe	99
PID 1048 wrote to memory of 4612	1048	RdrCEF.exe	99
PID 1048 wrote to memory of 4612	1048	RdrCEF.exe	99
PID 1048 wrote to memory of 4612	1048	RdrCEF.exe	99
PID 1048 wrote to memory of 4612	1048	RdrCEF.exe	99
PID 1048 wrote to memory of 4612	1048	RdrCEF.exe	99
PID 1048 wrote to memory of 4612	1048	RdrCEF.exe	99
PID 1048 wrote to memory of 4612	1048	RdrCEF.exe	99
PID 1048 wrote to memory of 4612	1048	RdrCEF.exe	99
PID 1048 wrote to memory of 4612	1048	RdrCEF.exe	99
PID 1048 wrote to memory of 4612	1048	RdrCEF.exe	99
PID 1048 wrote to memory of 4612	1048	RdrCEF.exe	99
PID 1048 wrote to memory of 4612	1048	RdrCEF.exe	99
PID 1048 wrote to memory of 4612	1048	RdrCEF.exe	99
PID 1048 wrote to memory of 4612	1048	RdrCEF.exe	99
PID 1048 wrote to memory of 4612	1048	RdrCEF.exe	99
PID 1048 wrote to memory of 4612	1048	RdrCEF.exe	99
PID 1048 wrote to memory of 4612	1048	RdrCEF.exe	99
PID 1048 wrote to memory of 4612	1048	RdrCEF.exe	99
PID 1048 wrote to memory of 4612	1048	RdrCEF.exe	99
PID 1048 wrote to memory of 4612	1048	RdrCEF.exe	99
PID 1048 wrote to memory of 4612	1048	RdrCEF.exe	99
PID 1048 wrote to memory of 4612	1048	RdrCEF.exe	99
PID 1048 wrote to memory of 4612	1048	RdrCEF.exe	99
PID 1048 wrote to memory of 4612	1048	RdrCEF.exe	99
PID 1048 wrote to memory of 4612	1048	RdrCEF.exe	99
PID 1048 wrote to memory of 4612	1048	RdrCEF.exe	99
PID 1048 wrote to memory of 4612	1048	RdrCEF.exe	99
PID 1048 wrote to memory of 4612	1048	RdrCEF.exe	99
PID 1048 wrote to memory of 4612	1048	RdrCEF.exe	99
PID 1048 wrote to memory of 4612	1048	RdrCEF.exe	99
PID 1048 wrote to memory of 4612	1048	RdrCEF.exe	99
PID 1048 wrote to memory of 4612	1048	RdrCEF.exe	99
PID 1048 wrote to memory of 4612	1048	RdrCEF.exe	99
PID 1048 wrote to memory of 4612	1048	RdrCEF.exe	99
PID 1048 wrote to memory of 4612	1048	RdrCEF.exe	99
PID 1048 wrote to memory of 4612	1048	RdrCEF.exe	99
PID 1048 wrote to memory of 4612	1048	RdrCEF.exe	99
PID 1048 wrote to memory of 4612	1048	RdrCEF.exe	99
PID 1048 wrote to memory of 4612	1048	RdrCEF.exe	99
PID 1048 wrote to memory of 4612	1048	RdrCEF.exe	99
PID 1048 wrote to memory of 3968	1048	RdrCEF.exe	100
PID 1048 wrote to memory of 3968	1048	RdrCEF.exe	100
PID 1048 wrote to memory of 3968	1048	RdrCEF.exe	100
PID 1048 wrote to memory of 3968	1048	RdrCEF.exe	100
PID 1048 wrote to memory of 3968	1048	RdrCEF.exe	100
PID 1048 wrote to memory of 3968	1048	RdrCEF.exe	100
PID 1048 wrote to memory of 3968	1048	RdrCEF.exe	100
PID 1048 wrote to memory of 3968	1048	RdrCEF.exe	100
PID 1048 wrote to memory of 3968	1048	RdrCEF.exe	100
PID 1048 wrote to memory of 3968	1048	RdrCEF.exe	100
PID 1048 wrote to memory of 3968	1048	RdrCEF.exe	100

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\NewCovid-21\GEO-CFUND-2009_CCM Agreement_Facesheet - signed.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2820
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4556
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" -c --type=collab-renderer --proc=4556
    3⤵
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:5056
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe" GetChannelUri
      4⤵
      PID:2356
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1048
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=DE6DCC54B97DAACFEEAE45D1E2C17111 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4612
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=354CA2EE94BE8FBB5A8DAD069E2FC7ED --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=354CA2EE94BE8FBB5A8DAD069E2FC7ED --renderer-client-id=2 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:3968
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8B3F3D6AD9870280505E46A6D98BD3F9 --mojo-platform-channel-handle=2312 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1280
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=B791263EB6F8713B80C9E53F9D227017 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=B791263EB6F8713B80C9E53F9D227017 --renderer-client-id=5 --mojo-platform-channel-handle=1940 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:3896
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=08852C2E15B01A0E3A4F074A5111B465 --mojo-platform-channel-handle=2596 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1636
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=4A1FD060E237FAB6DA48179AC7FB0C40 --mojo-platform-channel-handle=1724 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4804
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=3AFBF8A9BD1F5710B397620151AA8B35 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=3AFBF8A9BD1F5710B397620151AA8B35 --renderer-client-id=10 --mojo-platform-channel-handle=2764 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4500

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
36KB

MD5
b30d3becc8731792523d599d949e63f5

SHA1
19350257e42d7aee17fb3bf139a9d3adb330fad4

SHA256
b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3

SHA512
523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
56KB

MD5
752a1f26b18748311b691c7d8fc20633

SHA1
c1f8e83eebc1cc1e9b88c773338eb09ff82ab862

SHA256
111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131

SHA512
a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
dc6dadc01eb5ae6de7287c7ce90b7234

SHA1
78d418c5984859a19eb0b2fb38bc96c3e32a5a3c

SHA256
6a46f3f639f5845d65bc3972b10d88fc3c3cdba8c10ca5d5fb0931207ca4bbc8

SHA512
67b0666937ff44dbf998edbe900ad7642900f9f5cffbe43142a654394955e06119fb0f8d8cdd3b0b178dd2d8706a180d0c0f0bac03d5742898e3017f669b6b41

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\DesktopNotification\NotificationsDB\notificationsDB

Filesize
24KB

MD5
4fe2b64a2631d0d6eb30b8f42b49bcf5

SHA1
10c931554e79c2f4280a65ef2ad57ff61a2429ec

SHA256
4901703febb24c665059d25ae6d0769c55051bcdc1b7a72b600252d4c3b0eca0

SHA512
8ad48178aa8d835e0c2028688e41f575e50e21b6b4b59161d08984c300911fda1a4614738bfa5557c3f2d254373a61497b491cbc7fb163afea2dbe08fcb67004

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
245950c48f668cf2fcb3c64778e64089

SHA1
3a5a14c820f58e35a3fc6f5de29669f0840587d8

SHA256
a027cf12f2055635a3020f08e0448b2f0314791260ccd25570426088c5b0e307

SHA512
4fc8448536663b551cc716d78715f06d4ed217fbdf755924f0b30aebbb6212798a61c6638f919d5c14bdb6998d6a12f0ca37281f3c7f484c1821fbfc98d4a24d

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
aebe0d2eb7a2077a55e57a955e62406a

SHA1
3f811b8148f12220f4b45699135e6d21c9847d8a

SHA256
87aa4c64348b534771f03919b5bdca09596e89f6e0cca0a992bb3d290ec4155a

SHA512
efa1b082925a4e478fcea74764bbacb91d43da8c01c4b360a34e6f7402af23f91c93b5e91c6266120e144b5300e8dae73a62a7b6d7c4328410128f6a72a7baed

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
f637f536bf5cb6bc03b9ad6628dcab5a

SHA1
06dcc465140f7ba2c3ece8cb31928a6d63d0ca20

SHA256
442ec0760183a1c8e281c594567bf0e89b94466fa764307f292a0a32356e07e1

SHA512
901285ef9c85274e9962ce8fbc448cf307ef50c23644f92111817ca4d4fbf9bbc94ad5445f51ffe8a44f954089e3b4cf57b4f0680c5d27c2c3226974d8e7c882

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\metadata\Synchronizer

Filesize
92KB

MD5
6c67671427278483d2728a48c10fffc4

SHA1
88cf1a5347c88491f2666921ee694a6a4e165640

SHA256
79dcdd710ec4d0a0fbdae0e1480777769029d6ee3187a250fa1765ba7b221822

SHA512
833a919cd5a604aac7951e893c789d1cefd1a1fb3f5889c15dc118c956c3aecd88580a37d4591f9d9876f6f629cee01b58df4081a285d26c7267d658d6496da0

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\Reader\Synchronizer\resources\resource-18

Filesize
3.6MB

MD5
eacf7fae6113ca0dc6577bf4a0b4cf8c

SHA1
a070901fb29267aaa25e1f85f77bfed1b3ef8446

SHA256
f0cbb9bed3f12ea767ee9572aefdea89338643b6b803b180f3c494a83745e83f

SHA512
9ef45a231319f1b86f7fc9a2f15048a3d28bed9e8fcc6007921ad9ad2dae9d9b3c3b0ee15cefbb9d80af8059c4bcb0ed5cd2eba4d4e3b27b29e6146f8eb9e22a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
471B

MD5
f5a650353ee243aaf1cf1f6889d25c76

SHA1
6bb2f62b62f2416cbd87e2d63908523cc2b7bbed

SHA256
535aca1a3b43aaa89e54f76365b0b26ea6f48e896fa5384dce5494fd8478c4f0

SHA512
f8951eb7a7c556f414d7b16aa36716288b7f8845b2fb578dbc7df6b23148f3f54272db8bb1ce7db6823f3dde2d31befd42e604bde44b15c6b508079028f82f0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
400B

MD5
a300c7e5377f19b964f0d8c12d91bae2

SHA1
fee5348a0ca37a548edb19f57d7270dca327278b

SHA256
60814744312b6e3f5389fcea6721c9c0fca6373a0d25385ba56ad7aa993e9fe5

SHA512
ccc4d168fc8a0830097477b621266cd0d16c20e2df51ea82aed6cb633ead7ab5c59f79ddb4fc5c061db6f2dee6361b5b8a5d54d67c105aadf2768df3cfa9a355

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

Filesize
12KB

MD5
b8c287a3d8453c3d0f594ba0f6541955

SHA1
19f8b3ae0e3c89b9cca3def9cf2ce9cc4f0afd2e

SHA256
7f7856faa8a00d94876b6e7c895730c08bcd5db1c3f07ba04267cf110a66ad72

SHA512
7bfd187c290f34892965f2bfe1607fbcf70ef89864de5f48fc9257c74ffa1a1654772a9a94fb7ff36ffcf39725b89837a6f2c69e768097407a03903031057da7

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata

Filesize
14KB

MD5
947f93fe0eed44767626846f28cfde05

SHA1
f6276d2a2b4a9d8a8e23c84019cd3961e9d60e88

SHA256
06a576fc14e995c437b26c0d150b4e84cd745e7cedfd972a84b42b51c842fc9b

SHA512
f97739eb0d22a99b06ef340aefb0d5a5b45b679d28accff3de2565166392c7d2fabaa33f945696f7d456ba2ef323f48e43eb26578f71c8b2e8ed32fb4dc69bc9

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\addressbook.acrodata

Filesize
5.3MB

MD5
c34fbec852686f9cdceb057afab88123

SHA1
1f0dc09dc3ddaee50f820a1d316b0bbbcf0d2b2c

SHA256
03140463d9f2ed2a98d80d9e7210d8d35a6c8db17daa313c8ccddb9a696d3c90

SHA512
a6676c35896339b38729c49d21d8b3ddbc916e02d9e98974d7ccc98acacc1bb4acfdd9072927341985fdf3a3c11da7f4cfbd06a9703d15dc552c8c8170cc3be4

Download Submit