Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220113 -
submitted
04-03-2022 05:27
Behavioral task
behavioral1
Sample
JNT Connect_EN-RU_Plant_CV-1.pdf
Resource
win7-en-20211208
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
JNT Connect_EN-RU_Plant_CV-1.pdf
Resource
win10v2004-en-20220113
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
JNT Connect_EN-RU_Plant_CV-1.pdf
-
Size
104KB
-
MD5
b5e8caae672566f10e90f9c216ce68cd
-
SHA1
dcca86f4711e23054e4722266c09bbdd1e5e0108
-
SHA256
bc06175ebbf0017569ad0015cbf1e44531674f2008b14e684bf4128a9797e8ed
-
SHA512
111079588a224bc92ff4cba001d81b957b7207a5aea4220c97fade1106cca5a8450d5707822537c2a0c9e58923190433ed3ca9c2f591b85c155ae47ac72456f5
Score
1/10
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
AcroRd32.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
Processes:
AcroRd32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious behavior: EnumeratesProcesses 24 IoCs
Processes:
AcroRd32.exeAdobeARM.exepid process 1596 AcroRd32.exe 1596 AcroRd32.exe 1596 AcroRd32.exe 1596 AcroRd32.exe 1596 AcroRd32.exe 1596 AcroRd32.exe 1596 AcroRd32.exe 1596 AcroRd32.exe 1596 AcroRd32.exe 1596 AcroRd32.exe 1596 AcroRd32.exe 1596 AcroRd32.exe 1596 AcroRd32.exe 1596 AcroRd32.exe 1596 AcroRd32.exe 1596 AcroRd32.exe 1596 AcroRd32.exe 1596 AcroRd32.exe 1596 AcroRd32.exe 1596 AcroRd32.exe 1256 AdobeARM.exe 1256 AdobeARM.exe 1256 AdobeARM.exe 1256 AdobeARM.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
AcroRd32.exepid process 1596 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 8 IoCs
Processes:
AcroRd32.exeAdobeARM.exepid process 1596 AcroRd32.exe 1596 AcroRd32.exe 1596 AcroRd32.exe 1596 AcroRd32.exe 1596 AcroRd32.exe 1596 AcroRd32.exe 1596 AcroRd32.exe 1256 AdobeARM.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
AcroRd32.exeRdrCEF.exedescription pid process target process PID 1596 wrote to memory of 1264 1596 AcroRd32.exe RdrCEF.exe PID 1596 wrote to memory of 1264 1596 AcroRd32.exe RdrCEF.exe PID 1596 wrote to memory of 1264 1596 AcroRd32.exe RdrCEF.exe PID 1264 wrote to memory of 2376 1264 RdrCEF.exe RdrCEF.exe PID 1264 wrote to memory of 2376 1264 RdrCEF.exe RdrCEF.exe PID 1264 wrote to memory of 2376 1264 RdrCEF.exe RdrCEF.exe PID 1264 wrote to memory of 2376 1264 RdrCEF.exe RdrCEF.exe PID 1264 wrote to memory of 2376 1264 RdrCEF.exe RdrCEF.exe PID 1264 wrote to memory of 2376 1264 RdrCEF.exe RdrCEF.exe PID 1264 wrote to memory of 2376 1264 RdrCEF.exe RdrCEF.exe PID 1264 wrote to memory of 2376 1264 RdrCEF.exe RdrCEF.exe PID 1264 wrote to memory of 2376 1264 RdrCEF.exe RdrCEF.exe PID 1264 wrote to memory of 2376 1264 RdrCEF.exe RdrCEF.exe PID 1264 wrote to memory of 2376 1264 RdrCEF.exe RdrCEF.exe PID 1264 wrote to memory of 2376 1264 RdrCEF.exe RdrCEF.exe PID 1264 wrote to memory of 2376 1264 RdrCEF.exe RdrCEF.exe PID 1264 wrote to memory of 2376 1264 RdrCEF.exe RdrCEF.exe PID 1264 wrote to memory of 2376 1264 RdrCEF.exe RdrCEF.exe PID 1264 wrote to memory of 2376 1264 RdrCEF.exe RdrCEF.exe PID 1264 wrote to memory of 2376 1264 RdrCEF.exe RdrCEF.exe PID 1264 wrote to memory of 2376 1264 RdrCEF.exe RdrCEF.exe PID 1264 wrote to memory of 2376 1264 RdrCEF.exe RdrCEF.exe PID 1264 wrote to memory of 2376 1264 RdrCEF.exe RdrCEF.exe PID 1264 wrote to memory of 2376 1264 RdrCEF.exe RdrCEF.exe PID 1264 wrote to memory of 2376 1264 RdrCEF.exe RdrCEF.exe PID 1264 wrote to memory of 2376 1264 RdrCEF.exe RdrCEF.exe PID 1264 wrote to memory of 2376 1264 RdrCEF.exe RdrCEF.exe PID 1264 wrote to memory of 2376 1264 RdrCEF.exe RdrCEF.exe PID 1264 wrote to memory of 2376 1264 RdrCEF.exe RdrCEF.exe PID 1264 wrote to memory of 2376 1264 RdrCEF.exe RdrCEF.exe PID 1264 wrote to memory of 2376 1264 RdrCEF.exe RdrCEF.exe PID 1264 wrote to memory of 2376 1264 RdrCEF.exe RdrCEF.exe PID 1264 wrote to memory of 2376 1264 RdrCEF.exe RdrCEF.exe PID 1264 wrote to memory of 2376 1264 RdrCEF.exe RdrCEF.exe PID 1264 wrote to memory of 2376 1264 RdrCEF.exe RdrCEF.exe PID 1264 wrote to memory of 2376 1264 RdrCEF.exe RdrCEF.exe PID 1264 wrote to memory of 2376 1264 RdrCEF.exe RdrCEF.exe PID 1264 wrote to memory of 2376 1264 RdrCEF.exe RdrCEF.exe PID 1264 wrote to memory of 2376 1264 RdrCEF.exe RdrCEF.exe PID 1264 wrote to memory of 2376 1264 RdrCEF.exe RdrCEF.exe PID 1264 wrote to memory of 2376 1264 RdrCEF.exe RdrCEF.exe PID 1264 wrote to memory of 2376 1264 RdrCEF.exe RdrCEF.exe PID 1264 wrote to memory of 2376 1264 RdrCEF.exe RdrCEF.exe PID 1264 wrote to memory of 2376 1264 RdrCEF.exe RdrCEF.exe PID 1264 wrote to memory of 4300 1264 RdrCEF.exe RdrCEF.exe PID 1264 wrote to memory of 4300 1264 RdrCEF.exe RdrCEF.exe PID 1264 wrote to memory of 4300 1264 RdrCEF.exe RdrCEF.exe PID 1264 wrote to memory of 4300 1264 RdrCEF.exe RdrCEF.exe PID 1264 wrote to memory of 4300 1264 RdrCEF.exe RdrCEF.exe PID 1264 wrote to memory of 4300 1264 RdrCEF.exe RdrCEF.exe PID 1264 wrote to memory of 4300 1264 RdrCEF.exe RdrCEF.exe PID 1264 wrote to memory of 4300 1264 RdrCEF.exe RdrCEF.exe PID 1264 wrote to memory of 4300 1264 RdrCEF.exe RdrCEF.exe PID 1264 wrote to memory of 4300 1264 RdrCEF.exe RdrCEF.exe PID 1264 wrote to memory of 4300 1264 RdrCEF.exe RdrCEF.exe PID 1264 wrote to memory of 4300 1264 RdrCEF.exe RdrCEF.exe PID 1264 wrote to memory of 4300 1264 RdrCEF.exe RdrCEF.exe PID 1264 wrote to memory of 4300 1264 RdrCEF.exe RdrCEF.exe PID 1264 wrote to memory of 4300 1264 RdrCEF.exe RdrCEF.exe PID 1264 wrote to memory of 4300 1264 RdrCEF.exe RdrCEF.exe PID 1264 wrote to memory of 4300 1264 RdrCEF.exe RdrCEF.exe PID 1264 wrote to memory of 4300 1264 RdrCEF.exe RdrCEF.exe PID 1264 wrote to memory of 4300 1264 RdrCEF.exe RdrCEF.exe PID 1264 wrote to memory of 4300 1264 RdrCEF.exe RdrCEF.exe
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\JNT Connect_EN-RU_Plant_CV-1.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1596 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
PID:1264 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B44FB2E2A50ED697DB84DBF4D0FA1D99 --mojo-platform-channel-handle=1756 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:2376
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=CEA89B59F717466B0E22292458F0955B --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=CEA89B59F717466B0E22292458F0955B --renderer-client-id=2 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:13⤵PID:4300
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=7576F54BFFD036625F75A2DE113065D8 --mojo-platform-channel-handle=2192 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:2428
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=D5B00482DFD383A40DED478CE7A88D3E --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=D5B00482DFD383A40DED478CE7A88D3E --renderer-client-id=5 --mojo-platform-channel-handle=2440 --allow-no-sandbox-job /prefetch:13⤵PID:1952
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=04E2302516D9A2330DF71FD56AD733B3 --mojo-platform-channel-handle=2464 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:3868
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=54C5E48AEDD0C12002A3D5490A096BE2 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:812
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=131567E6821EB870BFA08B0B0F37BF43 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=131567E6821EB870BFA08B0B0F37BF43 --renderer-client-id=10 --mojo-platform-channel-handle=2376 --allow-no-sandbox-job /prefetch:13⤵PID:2220
-
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" /PRODUCT:Reader /VERSION:19.0 /MODE:32⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1256 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe"3⤵PID:1168
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4740