1ed0dfd145a9cd380d6123b16782c58639b097aa5df697d30f50c817365d5f38

General

Target

90802988488383124538745008o 21482540965o 7867601104935o 66576450886310325399264013o 4983890292634o 9.pdf
Size

129KB
MD5

fd62dee8094e9800dbcc755d91590a0a
SHA1

eeddf773536799fcf80cb63c3ae285dd94c170cd
SHA256

1ed0dfd145a9cd380d6123b16782c58639b097aa5df697d30f50c817365d5f38
SHA512

250573602b3d720b8decb3c3b2ba769ad7f2d2082e0583b24cc95c05f25b5fe1f7f5df533731df486aee3249e02b66ab2f209d55b54405a550397638c10210a0

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AcroRd32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

AcroRd32.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-941723256-3451054534-3089625102-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious behavior: EnumeratesProcesses 24 IoCs

Processes:

AcroRd32.exe

pid	process
3048	AcroRd32.exe
3048	AcroRd32.exe
3048	AcroRd32.exe
3048	AcroRd32.exe
3048	AcroRd32.exe
3048	AcroRd32.exe
3048	AcroRd32.exe
3048	AcroRd32.exe
3048	AcroRd32.exe
3048	AcroRd32.exe
3048	AcroRd32.exe
3048	AcroRd32.exe
3048	AcroRd32.exe
3048	AcroRd32.exe
3048	AcroRd32.exe
3048	AcroRd32.exe
3048	AcroRd32.exe
3048	AcroRd32.exe
3048	AcroRd32.exe
3048	AcroRd32.exe
3048	AcroRd32.exe
3048	AcroRd32.exe
3048	AcroRd32.exe
3048	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

AcroRd32.exe

pid process

3048 AcroRd32.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

AcroRd32.exe

pid process

3048 AcroRd32.exe
3048 AcroRd32.exe
3048 AcroRd32.exe
3048 AcroRd32.exe
3048 AcroRd32.exe
3048 AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

AcroRd32.exeRdrCEF.exe

description	pid	process	target process
PID 3048 wrote to memory of 2300	3048	AcroRd32.exe	RdrCEF.exe
PID 3048 wrote to memory of 2300	3048	AcroRd32.exe	RdrCEF.exe
PID 3048 wrote to memory of 2300	3048	AcroRd32.exe	RdrCEF.exe
PID 3048 wrote to memory of 856	3048	AcroRd32.exe	RdrCEF.exe
PID 3048 wrote to memory of 856	3048	AcroRd32.exe	RdrCEF.exe
PID 3048 wrote to memory of 856	3048	AcroRd32.exe	RdrCEF.exe
PID 3048 wrote to memory of 3368	3048	AcroRd32.exe	RdrCEF.exe
PID 3048 wrote to memory of 3368	3048	AcroRd32.exe	RdrCEF.exe
PID 3048 wrote to memory of 3368	3048	AcroRd32.exe	RdrCEF.exe
PID 3048 wrote to memory of 1780	3048	AcroRd32.exe	RdrCEF.exe
PID 3048 wrote to memory of 1780	3048	AcroRd32.exe	RdrCEF.exe
PID 3048 wrote to memory of 1780	3048	AcroRd32.exe	RdrCEF.exe
PID 3368 wrote to memory of 996	3368	RdrCEF.exe	RdrCEF.exe
PID 3368 wrote to memory of 996	3368	RdrCEF.exe	RdrCEF.exe
PID 3368 wrote to memory of 996	3368	RdrCEF.exe	RdrCEF.exe
PID 3368 wrote to memory of 996	3368	RdrCEF.exe	RdrCEF.exe
PID 3368 wrote to memory of 996	3368	RdrCEF.exe	RdrCEF.exe
PID 3368 wrote to memory of 996	3368	RdrCEF.exe	RdrCEF.exe
PID 3368 wrote to memory of 996	3368	RdrCEF.exe	RdrCEF.exe
PID 3368 wrote to memory of 996	3368	RdrCEF.exe	RdrCEF.exe
PID 3368 wrote to memory of 996	3368	RdrCEF.exe	RdrCEF.exe
PID 3368 wrote to memory of 996	3368	RdrCEF.exe	RdrCEF.exe
PID 3368 wrote to memory of 996	3368	RdrCEF.exe	RdrCEF.exe
PID 3368 wrote to memory of 996	3368	RdrCEF.exe	RdrCEF.exe
PID 3368 wrote to memory of 996	3368	RdrCEF.exe	RdrCEF.exe
PID 3368 wrote to memory of 996	3368	RdrCEF.exe	RdrCEF.exe
PID 3368 wrote to memory of 996	3368	RdrCEF.exe	RdrCEF.exe
PID 3368 wrote to memory of 996	3368	RdrCEF.exe	RdrCEF.exe
PID 3368 wrote to memory of 996	3368	RdrCEF.exe	RdrCEF.exe
PID 3368 wrote to memory of 996	3368	RdrCEF.exe	RdrCEF.exe
PID 3368 wrote to memory of 996	3368	RdrCEF.exe	RdrCEF.exe
PID 3368 wrote to memory of 996	3368	RdrCEF.exe	RdrCEF.exe
PID 3368 wrote to memory of 996	3368	RdrCEF.exe	RdrCEF.exe
PID 3368 wrote to memory of 996	3368	RdrCEF.exe	RdrCEF.exe
PID 3368 wrote to memory of 996	3368	RdrCEF.exe	RdrCEF.exe
PID 3368 wrote to memory of 996	3368	RdrCEF.exe	RdrCEF.exe
PID 3368 wrote to memory of 996	3368	RdrCEF.exe	RdrCEF.exe
PID 3368 wrote to memory of 996	3368	RdrCEF.exe	RdrCEF.exe
PID 3368 wrote to memory of 996	3368	RdrCEF.exe	RdrCEF.exe
PID 3368 wrote to memory of 996	3368	RdrCEF.exe	RdrCEF.exe
PID 3368 wrote to memory of 996	3368	RdrCEF.exe	RdrCEF.exe
PID 3368 wrote to memory of 996	3368	RdrCEF.exe	RdrCEF.exe
PID 3368 wrote to memory of 996	3368	RdrCEF.exe	RdrCEF.exe
PID 3368 wrote to memory of 996	3368	RdrCEF.exe	RdrCEF.exe
PID 3368 wrote to memory of 996	3368	RdrCEF.exe	RdrCEF.exe
PID 3368 wrote to memory of 996	3368	RdrCEF.exe	RdrCEF.exe
PID 3368 wrote to memory of 996	3368	RdrCEF.exe	RdrCEF.exe
PID 3368 wrote to memory of 996	3368	RdrCEF.exe	RdrCEF.exe
PID 3368 wrote to memory of 996	3368	RdrCEF.exe	RdrCEF.exe
PID 3368 wrote to memory of 996	3368	RdrCEF.exe	RdrCEF.exe
PID 3368 wrote to memory of 996	3368	RdrCEF.exe	RdrCEF.exe
PID 3368 wrote to memory of 996	3368	RdrCEF.exe	RdrCEF.exe
PID 3368 wrote to memory of 996	3368	RdrCEF.exe	RdrCEF.exe
PID 3368 wrote to memory of 1104	3368	RdrCEF.exe	RdrCEF.exe
PID 3368 wrote to memory of 1104	3368	RdrCEF.exe	RdrCEF.exe
PID 3368 wrote to memory of 1104	3368	RdrCEF.exe	RdrCEF.exe
PID 3368 wrote to memory of 1104	3368	RdrCEF.exe	RdrCEF.exe
PID 3368 wrote to memory of 1104	3368	RdrCEF.exe	RdrCEF.exe
PID 3368 wrote to memory of 1104	3368	RdrCEF.exe	RdrCEF.exe
PID 3368 wrote to memory of 1104	3368	RdrCEF.exe	RdrCEF.exe
PID 3368 wrote to memory of 1104	3368	RdrCEF.exe	RdrCEF.exe
PID 3368 wrote to memory of 1104	3368	RdrCEF.exe	RdrCEF.exe
PID 3368 wrote to memory of 1104	3368	RdrCEF.exe	RdrCEF.exe
PID 3368 wrote to memory of 1104	3368	RdrCEF.exe	RdrCEF.exe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\90802988488383124538745008o 21482540965o 7867601104935o 66576450886310325399264013o 4983890292634o 9.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3048

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
PID:2300

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
PID:856

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
- Suspicious use of WriteProcessMemory
PID:3368

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=AFED49FABDA445DAC50FF56F153E0F6E --mojo-platform-channel-handle=1636 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:996

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=5A7BA80A1A0DE703B153865B292223D4 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=5A7BA80A1A0DE703B153865B292223D4 --renderer-client-id=2 --mojo-platform-channel-handle=1648 --allow-no-sandbox-job /prefetch:1
3⤵
PID:1104

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=412CC0D949C2AE037FD9E70481B2FA0E --mojo-platform-channel-handle=2216 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:1068

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A5A0708675C08AC864D742201D777007 --mojo-platform-channel-handle=1652 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:1492

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=25D02E7F9E1695CD1CB53FA008FD8503 --mojo-platform-channel-handle=1792 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:4016

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
PID:1780

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
PID:316

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=25FD1AFE4D48EE6C9E44832F21156A79 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=25FD1AFE4D48EE6C9E44832F21156A79 --renderer-client-id=2 --mojo-platform-channel-handle=1604 --allow-no-sandbox-job /prefetch:1
3⤵
PID:2080

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C7572F9BF21DEAD863D453C87C6753E9 --mojo-platform-channel-handle=1692 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:3580

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=62F6F49FBA12BB623FD161AD53C4EED3 --mojo-platform-channel-handle=2292 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:2004

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=2768352DB7EEB75F3438B32FBEE4CE8F --mojo-platform-channel-handle=1964 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:1016

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=205B06A1EFFDCC12FC3EE14B07F1AD8D --mojo-platform-channel-handle=1796 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:4076

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=665DC62394E18EA1CCF4D065CF155BFF --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=665DC62394E18EA1CCF4D065CF155BFF --renderer-client-id=8 --mojo-platform-channel-handle=1968 --allow-no-sandbox-job /prefetch:1
3⤵
PID:2336

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
PID:2320

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links
MD5
cac6a9cad29b24508d2fbbd87fb9223b

SHA1
948ccf7a981ee828d9da19870c5b819f966d0da7

SHA256
509a3b42739cac6c909b9702e5c3f46ba8c0035561f3355b62099f35dcbcce1d

SHA512
f058921fead83b2f1d5ce1f0181d77208c765de214988ec776c6b1ad5ead80dd4a3610672cd037be7ef05c66c3b8806f2a7c3c1b01711e499a274f5c16f6c6e5

Download Submit
memory/316-141-0x0000000000000000-mapping.dmp

Download
memory/856-116-0x0000000000000000-mapping.dmp

Download
memory/996-122-0x00000000005D0000-0x00000000005D1000-memory.dmp

Filesize
4KB

Download
memory/996-121-0x0000000000000000-mapping.dmp

Download
memory/996-120-0x00000000009A3000-0x00000000009A4000-memory.dmp

Filesize
4KB

Download
memory/996-119-0x0000000077932000-0x0000000077933000-memory.dmp

Filesize
4KB

Download
memory/1016-159-0x0000000000000000-mapping.dmp

Download
memory/1016-157-0x0000000077932000-0x0000000077933000-memory.dmp

Filesize
4KB

Download
memory/1016-158-0x0000000000D71000-0x0000000000D72000-memory.dmp

Filesize
4KB

Download
memory/1068-131-0x0000000000000000-mapping.dmp

Download
memory/1068-129-0x0000000077932000-0x0000000077933000-memory.dmp

Filesize
4KB

Download
memory/1068-130-0x0000000000519000-0x000000000051A000-memory.dmp

Filesize
4KB

Download
memory/1104-127-0x0000000000170000-0x0000000000171000-memory.dmp

Filesize
4KB

Download
memory/1104-128-0x0000000000180000-0x0000000000181000-memory.dmp

Filesize
4KB

Download
memory/1104-125-0x0000000000000000-mapping.dmp

Download
memory/1104-124-0x000000000076C000-0x000000000076D000-memory.dmp

Filesize
4KB

Download
memory/1104-123-0x0000000077932000-0x0000000077933000-memory.dmp

Filesize
4KB

Download
memory/1492-133-0x0000000077932000-0x0000000077933000-memory.dmp

Filesize
4KB

Download
memory/1492-134-0x0000000000E42000-0x0000000000E43000-memory.dmp

Filesize
4KB

Download
memory/1492-135-0x0000000000000000-mapping.dmp

Download
memory/1780-118-0x0000000000000000-mapping.dmp

Download
memory/2004-153-0x0000000077932000-0x0000000077933000-memory.dmp

Filesize
4KB

Download
memory/2004-154-0x00000000008BC000-0x00000000008BD000-memory.dmp

Filesize
4KB

Download
memory/2004-155-0x0000000000000000-mapping.dmp

Download
memory/2080-145-0x0000000000000000-mapping.dmp

Download
memory/2080-144-0x0000000000634000-0x0000000000635000-memory.dmp

Filesize
4KB

Download
memory/2080-143-0x0000000077932000-0x0000000077933000-memory.dmp

Filesize
4KB

Download
memory/2300-115-0x0000000000000000-mapping.dmp

Download
memory/2320-165-0x0000000000000000-mapping.dmp

Download
memory/2336-168-0x0000000000000000-mapping.dmp

Download
memory/2336-167-0x0000000000FB5000-0x0000000000FB6000-memory.dmp

Filesize
4KB

Download
memory/2336-166-0x0000000077932000-0x0000000077933000-memory.dmp

Filesize
4KB

Download
memory/3368-117-0x0000000000000000-mapping.dmp

Download
memory/3580-147-0x0000000077932000-0x0000000077933000-memory.dmp

Filesize
4KB

Download
memory/3580-148-0x0000000000C09000-0x0000000000C0A000-memory.dmp

Filesize
4KB

Download
memory/3580-150-0x0000000000000000-mapping.dmp

Download
memory/4016-139-0x0000000000000000-mapping.dmp

Download
memory/4016-137-0x0000000077932000-0x0000000077933000-memory.dmp

Filesize
4KB

Download
memory/4016-138-0x0000000000BB9000-0x0000000000BBA000-memory.dmp

Filesize
4KB

Download
memory/4076-163-0x0000000000000000-mapping.dmp

Download
memory/4076-162-0x0000000000F94000-0x0000000000F95000-memory.dmp

Filesize
4KB

Download
memory/4076-161-0x0000000077932000-0x0000000077933000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads