Ethernet.pdf

General
Target

Ethernet.pdf

Filesize

67KB

Completed

21-11-2020 23:26

Score
1 /10
MD5

de1c8b96735c77f64bb9653e2d7de622

SHA1

d175c99d8fa98597f28b34869c97fe5d6ac850cb

SHA256

c2847ab9568ab4aabbe936b1816e779c5624d7d3d8c4bb10e401edf3f6bba357

Malware Config
Signatures 6

Filter: none

Defense Evasion
Discovery
  • Checks processor information in registry
    AcroRd32.exe

    Description

    Processor information is often read in order to detect sandboxing environments.

    TTPs

    Query RegistrySystem Information Discovery

    Reported IOCs

    descriptioniocprocess
    Key opened\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0AcroRd32.exe
    Key value queried\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHzAcroRd32.exe
  • Modifies Internet Explorer settings
    AcroRd32.exe

    Tags

    TTPs

    Modify Registry

    Reported IOCs

    descriptioniocprocess
    Key created\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATIONAcroRd32.exe
  • Suspicious behavior: EnumeratesProcesses
    AcroRd32.exe

    Reported IOCs

    pidprocess
    640AcroRd32.exe
    640AcroRd32.exe
    640AcroRd32.exe
    640AcroRd32.exe
    640AcroRd32.exe
    640AcroRd32.exe
    640AcroRd32.exe
    640AcroRd32.exe
    640AcroRd32.exe
    640AcroRd32.exe
    640AcroRd32.exe
    640AcroRd32.exe
    640AcroRd32.exe
    640AcroRd32.exe
    640AcroRd32.exe
    640AcroRd32.exe
    640AcroRd32.exe
    640AcroRd32.exe
  • Suspicious use of FindShellTrayWindow
    AcroRd32.exe

    Reported IOCs

    pidprocess
    640AcroRd32.exe
  • Suspicious use of SetWindowsHookEx
    AcroRd32.exe

    Reported IOCs

    pidprocess
    640AcroRd32.exe
    640AcroRd32.exe
    640AcroRd32.exe
    640AcroRd32.exe
    640AcroRd32.exe
  • Suspicious use of WriteProcessMemory
    AcroRd32.exeRdrCEF.exe

    Reported IOCs

    descriptionpidprocesstarget process
    PID 640 wrote to memory of 204640AcroRd32.exeRdrCEF.exe
    PID 640 wrote to memory of 204640AcroRd32.exeRdrCEF.exe
    PID 640 wrote to memory of 204640AcroRd32.exeRdrCEF.exe
    PID 204 wrote to memory of 2856204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2856204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2856204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2856204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2856204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2856204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2856204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2856204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2856204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2856204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2856204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2856204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2856204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2856204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2856204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2856204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2856204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2856204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2856204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2856204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2856204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2856204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2856204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2856204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2856204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2856204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2856204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2856204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2856204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2856204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2856204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2856204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2856204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2856204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2856204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2856204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2856204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2856204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2856204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2856204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2856204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 4048204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 4048204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 4048204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 4048204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 4048204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 4048204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 4048204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 4048204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 4048204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 4048204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 4048204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 4048204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 4048204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 4048204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 4048204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 4048204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 4048204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 4048204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 4048204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 4048204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 4048204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 4048204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 4048204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 4048204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 4048204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 4048204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 4048204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 4048204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 4048204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 4048204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 4048204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 4048204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 4048204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 4048204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 4048204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 4048204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 4048204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 4048204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 4048204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 4048204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 4048204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 4048204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 4048204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2184204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2184204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2184204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2184204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2184204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2184204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2184204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2184204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2184204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2184204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2184204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2184204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2184204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2184204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2184204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2184204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2184204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2184204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2184204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2184204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2184204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2184204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2184204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2184204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2184204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2184204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2184204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2184204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2184204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2184204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2184204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2184204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2184204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2184204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2184204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2184204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2184204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2184204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2184204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2184204RdrCEF.exeRdrCEF.exe
    PID 204 wrote to memory of 2184204RdrCEF.exeRdrCEF.exe
Processes 8
  • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Ethernet.pdf"
    Checks processor information in registry
    Modifies Internet Explorer settings
    Suspicious behavior: EnumeratesProcesses
    Suspicious use of FindShellTrayWindow
    Suspicious use of SetWindowsHookEx
    Suspicious use of WriteProcessMemory
    PID:640
    • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
      Suspicious use of WriteProcessMemory
      PID:204
      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=430401394C4E711ED5F95F82ECEE26EE --mojo-platform-channel-handle=1624 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
        PID:2856
      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=CFA33CC85956F43EAD86C92D137D5D07 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=CFA33CC85956F43EAD86C92D137D5D07 --renderer-client-id=2 --mojo-platform-channel-handle=1652 --allow-no-sandbox-job /prefetch:1
        PID:4048
      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=B1179F0E3EE3D12793EFF542B216FC12 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=B1179F0E3EE3D12793EFF542B216FC12 --renderer-client-id=4 --mojo-platform-channel-handle=2088 --allow-no-sandbox-job /prefetch:1
        PID:2184
      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=4C84B407D2A49FCD1135069D368E7FEF --mojo-platform-channel-handle=2504 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
        PID:1528
      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A4E828CC72948DF9544BD9A316B15566 --mojo-platform-channel-handle=1848 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
        PID:1280
      • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=EE4809C3D0B3E924B7BE28D8B9E5CED7 --mojo-platform-channel-handle=2536 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
        PID:3748
Network
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Replay Monitor
                      00:00 00:00
                      Downloads

                      • memory/204-0-0x0000000000000000-mapping.dmp

                        Download

                      • memory/1280-18-0x0000000000000000-mapping.dmp

                        Download

                      • memory/1280-17-0x0000000076FC2000-0x0000000076FC200C-memory.dmp

                        Download

                      • memory/1528-15-0x0000000000000000-mapping.dmp

                        Download

                      • memory/1528-14-0x0000000076FC2000-0x0000000076FC200C-memory.dmp

                        Download

                      • memory/2184-9-0x0000000076FC2000-0x0000000076FC200C-memory.dmp

                        Download

                      • memory/2184-10-0x0000000000000000-mapping.dmp

                        Download

                      • memory/2856-1-0x0000000076FC2000-0x0000000076FC200C-memory.dmp

                        Download

                      • memory/2856-2-0x0000000000000000-mapping.dmp

                        Download

                      • memory/3748-20-0x0000000076FC2000-0x0000000076FC200C-memory.dmp

                        Download

                      • memory/3748-21-0x0000000000000000-mapping.dmp

                        Download

                      • memory/4048-5-0x0000000000000000-mapping.dmp

                        Download

                      • memory/4048-4-0x0000000076FC2000-0x0000000076FC200C-memory.dmp

                        Download