78c02913c8655b31c69c35d510ea9d925421964b56d225ae9e6704e5cd7b5e6d

General

Target

78c02913c8655b31c69c35d510ea9d925421964b56d225ae9e6704e5cd7b5e6d.pdf
Size

67KB
MD5

f22dd67bcd7aa0c59e841fa912fee583
SHA1

31445505b74163e8581e912ffb5d2783023784fa
SHA256

78c02913c8655b31c69c35d510ea9d925421964b56d225ae9e6704e5cd7b5e6d
SHA512

e521b7dfeb7a9fce8d418736b176ef05f251e2087c0075bc753714e39d080c418d0bcbd4b8fdee28c9d27559995f7cb6789924b95732eb40be3d24b31101e7cb

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AcroRd32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

AcroRd32.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

Processes:

AcroRd32.exe

pid	process
3208	AcroRd32.exe
3208	AcroRd32.exe
3208	AcroRd32.exe
3208	AcroRd32.exe
3208	AcroRd32.exe
3208	AcroRd32.exe
3208	AcroRd32.exe
3208	AcroRd32.exe
3208	AcroRd32.exe
3208	AcroRd32.exe
3208	AcroRd32.exe
3208	AcroRd32.exe
3208	AcroRd32.exe
3208	AcroRd32.exe
3208	AcroRd32.exe
3208	AcroRd32.exe
3208	AcroRd32.exe
3208	AcroRd32.exe
3208	AcroRd32.exe
3208	AcroRd32.exe
3208	AcroRd32.exe
3208	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

AcroRd32.exe

pid process

3208 AcroRd32.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

AcroRd32.exe

pid process

3208 AcroRd32.exe
3208 AcroRd32.exe
3208 AcroRd32.exe
3208 AcroRd32.exe
3208 AcroRd32.exe
3208 AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

AcroRd32.exeRdrCEF.exe

description	pid	process	target process
PID 3208 wrote to memory of 3204	3208	AcroRd32.exe	RdrCEF.exe
PID 3208 wrote to memory of 3204	3208	AcroRd32.exe	RdrCEF.exe
PID 3208 wrote to memory of 3204	3208	AcroRd32.exe	RdrCEF.exe
PID 3208 wrote to memory of 2204	3208	AcroRd32.exe	RdrCEF.exe
PID 3208 wrote to memory of 2204	3208	AcroRd32.exe	RdrCEF.exe
PID 3208 wrote to memory of 2204	3208	AcroRd32.exe	RdrCEF.exe
PID 3208 wrote to memory of 2140	3208	AcroRd32.exe	RdrCEF.exe
PID 3208 wrote to memory of 2140	3208	AcroRd32.exe	RdrCEF.exe
PID 3208 wrote to memory of 2140	3208	AcroRd32.exe	RdrCEF.exe
PID 3208 wrote to memory of 2320	3208	AcroRd32.exe	RdrCEF.exe
PID 3208 wrote to memory of 2320	3208	AcroRd32.exe	RdrCEF.exe
PID 3208 wrote to memory of 2320	3208	AcroRd32.exe	RdrCEF.exe
PID 2140 wrote to memory of 3800	2140	RdrCEF.exe	RdrCEF.exe
PID 2140 wrote to memory of 3800	2140	RdrCEF.exe	RdrCEF.exe
PID 2140 wrote to memory of 3800	2140	RdrCEF.exe	RdrCEF.exe
PID 2140 wrote to memory of 3800	2140	RdrCEF.exe	RdrCEF.exe
PID 2140 wrote to memory of 3800	2140	RdrCEF.exe	RdrCEF.exe
PID 2140 wrote to memory of 3800	2140	RdrCEF.exe	RdrCEF.exe
PID 2140 wrote to memory of 3800	2140	RdrCEF.exe	RdrCEF.exe
PID 2140 wrote to memory of 3800	2140	RdrCEF.exe	RdrCEF.exe
PID 2140 wrote to memory of 3800	2140	RdrCEF.exe	RdrCEF.exe
PID 2140 wrote to memory of 3800	2140	RdrCEF.exe	RdrCEF.exe
PID 2140 wrote to memory of 3800	2140	RdrCEF.exe	RdrCEF.exe
PID 2140 wrote to memory of 3800	2140	RdrCEF.exe	RdrCEF.exe
PID 2140 wrote to memory of 3800	2140	RdrCEF.exe	RdrCEF.exe
PID 2140 wrote to memory of 3800	2140	RdrCEF.exe	RdrCEF.exe
PID 2140 wrote to memory of 3800	2140	RdrCEF.exe	RdrCEF.exe
PID 2140 wrote to memory of 3800	2140	RdrCEF.exe	RdrCEF.exe
PID 2140 wrote to memory of 3800	2140	RdrCEF.exe	RdrCEF.exe
PID 2140 wrote to memory of 3800	2140	RdrCEF.exe	RdrCEF.exe
PID 2140 wrote to memory of 3800	2140	RdrCEF.exe	RdrCEF.exe
PID 2140 wrote to memory of 3800	2140	RdrCEF.exe	RdrCEF.exe
PID 2140 wrote to memory of 3800	2140	RdrCEF.exe	RdrCEF.exe
PID 2140 wrote to memory of 3800	2140	RdrCEF.exe	RdrCEF.exe
PID 2140 wrote to memory of 3800	2140	RdrCEF.exe	RdrCEF.exe
PID 2140 wrote to memory of 3800	2140	RdrCEF.exe	RdrCEF.exe
PID 2140 wrote to memory of 3800	2140	RdrCEF.exe	RdrCEF.exe
PID 2140 wrote to memory of 3800	2140	RdrCEF.exe	RdrCEF.exe
PID 2140 wrote to memory of 3800	2140	RdrCEF.exe	RdrCEF.exe
PID 2140 wrote to memory of 3800	2140	RdrCEF.exe	RdrCEF.exe
PID 2140 wrote to memory of 3800	2140	RdrCEF.exe	RdrCEF.exe
PID 2140 wrote to memory of 3800	2140	RdrCEF.exe	RdrCEF.exe
PID 2140 wrote to memory of 3800	2140	RdrCEF.exe	RdrCEF.exe
PID 2140 wrote to memory of 3800	2140	RdrCEF.exe	RdrCEF.exe
PID 2140 wrote to memory of 3800	2140	RdrCEF.exe	RdrCEF.exe
PID 2140 wrote to memory of 3800	2140	RdrCEF.exe	RdrCEF.exe
PID 2140 wrote to memory of 3800	2140	RdrCEF.exe	RdrCEF.exe
PID 2140 wrote to memory of 3800	2140	RdrCEF.exe	RdrCEF.exe
PID 2140 wrote to memory of 3800	2140	RdrCEF.exe	RdrCEF.exe
PID 2140 wrote to memory of 3800	2140	RdrCEF.exe	RdrCEF.exe
PID 2140 wrote to memory of 3800	2140	RdrCEF.exe	RdrCEF.exe
PID 2140 wrote to memory of 3800	2140	RdrCEF.exe	RdrCEF.exe
PID 2140 wrote to memory of 3800	2140	RdrCEF.exe	RdrCEF.exe
PID 2140 wrote to memory of 1920	2140	RdrCEF.exe	RdrCEF.exe
PID 2140 wrote to memory of 1920	2140	RdrCEF.exe	RdrCEF.exe
PID 2140 wrote to memory of 1920	2140	RdrCEF.exe	RdrCEF.exe
PID 2140 wrote to memory of 1920	2140	RdrCEF.exe	RdrCEF.exe
PID 2140 wrote to memory of 1920	2140	RdrCEF.exe	RdrCEF.exe
PID 2140 wrote to memory of 1920	2140	RdrCEF.exe	RdrCEF.exe
PID 2140 wrote to memory of 1920	2140	RdrCEF.exe	RdrCEF.exe
PID 2140 wrote to memory of 1920	2140	RdrCEF.exe	RdrCEF.exe
PID 2140 wrote to memory of 1920	2140	RdrCEF.exe	RdrCEF.exe
PID 2140 wrote to memory of 1920	2140	RdrCEF.exe	RdrCEF.exe
PID 2140 wrote to memory of 1920	2140	RdrCEF.exe	RdrCEF.exe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\78c02913c8655b31c69c35d510ea9d925421964b56d225ae9e6704e5cd7b5e6d.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3208

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
PID:3204

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
PID:2204

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
- Suspicious use of WriteProcessMemory
PID:2140

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=982FCB1B969BB7D2ECAC089F6DBE1883 --mojo-platform-channel-handle=1632 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:3800

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=0C040D3EE331F184A261E30CF3BF9B03 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=0C040D3EE331F184A261E30CF3BF9B03 --renderer-client-id=2 --mojo-platform-channel-handle=1648 --allow-no-sandbox-job /prefetch:1
3⤵
PID:1920

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D899E3783AC5F5C831660E95AB9D53F6 --mojo-platform-channel-handle=1664 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:3396

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=6AB73977142D423D8746E8C1CCE80892 --mojo-platform-channel-handle=1808 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:2784

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=1493A51F2AA33A8E74E270CBC03733B1 --mojo-platform-channel-handle=1756 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:3156

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
PID:2320

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
PID:3860

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
PID:2268

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E0154D81CC33D91888F5B79E6D99ECC4 --mojo-platform-channel-handle=1620 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:3380

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=1204C01865BE693228B65B87B2F65728 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=1204C01865BE693228B65B87B2F65728 --renderer-client-id=2 --mojo-platform-channel-handle=1612 --allow-no-sandbox-job /prefetch:1
3⤵
PID:872

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=4A6B6DAE85A670724B1D35DA90AB6224 --mojo-platform-channel-handle=2220 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:692

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=15540C0C7BA4AE174647F42AF5D0ED65 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=15540C0C7BA4AE174647F42AF5D0ED65 --renderer-client-id=5 --mojo-platform-channel-handle=1904 --allow-no-sandbox-job /prefetch:1
3⤵
PID:2508

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=01D6463245AC2190206071FDD9A5144A --mojo-platform-channel-handle=2496 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:2580

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=1A66D4AFC2C204BCC05E135799F0253D --mojo-platform-channel-handle=2496 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:1668

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links

MD5
558232619bc7316a7fb2f33c65bbc138

SHA1
670ccbdf0bda1c61247d1684c09d9235eff5ab26

SHA256
7b67a43a8e36e3c0350ea02a31b868e3acae3a34b3354b86082306fc2ee00d4c

SHA512
793125cd9796f42aded9aec7b75cc9b2e629e11ff69b3a4775aa5cf51ed3c634ef0df38b3f5c3d074cee23b696400c2c2465412c08197e933bfa67ed8908d8f4

Download Submit
memory/692-141-0x0000000077E52000-0x0000000077E53000-memory.dmp

Filesize
4KB

Download
memory/872-135-0x0000000077E52000-0x0000000077E53000-memory.dmp

Filesize
4KB

Download
memory/1668-152-0x0000000077E52000-0x0000000077E53000-memory.dmp

Filesize
4KB

Download
memory/1920-118-0x0000000077E52000-0x0000000077E53000-memory.dmp

Filesize
4KB

Download
memory/2508-144-0x0000000077E52000-0x0000000077E53000-memory.dmp

Filesize
4KB

Download
memory/2580-149-0x0000000077E52000-0x0000000077E53000-memory.dmp

Filesize
4KB

Download
memory/2784-126-0x0000000077E52000-0x0000000077E53000-memory.dmp

Filesize
4KB

Download
memory/3156-129-0x0000000077E52000-0x0000000077E53000-memory.dmp

Filesize
4KB

Download
memory/3380-133-0x0000000077E52000-0x0000000077E53000-memory.dmp

Filesize
4KB

Download
memory/3396-123-0x0000000077E52000-0x0000000077E53000-memory.dmp

Filesize
4KB

Download
memory/3800-115-0x0000000077E52000-0x0000000077E53000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads