Analysis
-
max time kernel
168s -
max time network
183s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220113 -
submitted
16-03-2022 14:45
Behavioral task
behavioral1
Sample
b763c38140c20457f42de6251c2777d1.pdf
Resource
win7-20220310-en
Behavioral task
behavioral2
Sample
b763c38140c20457f42de6251c2777d1.pdf
Resource
win10v2004-en-20220113
General
-
Target
b763c38140c20457f42de6251c2777d1.pdf
-
Size
20KB
-
MD5
b763c38140c20457f42de6251c2777d1
-
SHA1
fd2f020e7f56412fcba9dc0dc2a7810b7449dbaf
-
SHA256
e11f93fc4494181222614740f282d172f3a7a2ee48187128090b448a0d6afa33
-
SHA512
6cfad4d109474bbd54f5c328b2433a048e5d1097c233e4b725e7d3f2c6bf1762a378367d44e7ee2ddca9f7409d73d25edeb548ca25d830109e7a33aa44c17f94
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
AcroRd32.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe -
Processes:
AcroRd32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Modifies data under HKEY_USERS 1 IoCs
Processes:
svchost.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections svchost.exe -
Suspicious behavior: EnumeratesProcesses 16 IoCs
Processes:
AcroRd32.exepid process 2280 AcroRd32.exe 2280 AcroRd32.exe 2280 AcroRd32.exe 2280 AcroRd32.exe 2280 AcroRd32.exe 2280 AcroRd32.exe 2280 AcroRd32.exe 2280 AcroRd32.exe 2280 AcroRd32.exe 2280 AcroRd32.exe 2280 AcroRd32.exe 2280 AcroRd32.exe 2280 AcroRd32.exe 2280 AcroRd32.exe 2280 AcroRd32.exe 2280 AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
AcroRd32.exepid process 2280 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 9 IoCs
Processes:
AcroRd32.exeAdobeARM.exepid process 2280 AcroRd32.exe 2280 AcroRd32.exe 2280 AcroRd32.exe 2280 AcroRd32.exe 2280 AcroRd32.exe 2280 AcroRd32.exe 2280 AcroRd32.exe 2280 AcroRd32.exe 2944 AdobeARM.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
AcroRd32.exeRdrCEF.exedescription pid process target process PID 2280 wrote to memory of 1404 2280 AcroRd32.exe RdrCEF.exe PID 2280 wrote to memory of 1404 2280 AcroRd32.exe RdrCEF.exe PID 2280 wrote to memory of 1404 2280 AcroRd32.exe RdrCEF.exe PID 1404 wrote to memory of 3356 1404 RdrCEF.exe RdrCEF.exe PID 1404 wrote to memory of 3356 1404 RdrCEF.exe RdrCEF.exe PID 1404 wrote to memory of 3356 1404 RdrCEF.exe RdrCEF.exe PID 1404 wrote to memory of 3356 1404 RdrCEF.exe RdrCEF.exe PID 1404 wrote to memory of 3356 1404 RdrCEF.exe RdrCEF.exe PID 1404 wrote to memory of 3356 1404 RdrCEF.exe RdrCEF.exe PID 1404 wrote to memory of 3356 1404 RdrCEF.exe RdrCEF.exe PID 1404 wrote to memory of 3356 1404 RdrCEF.exe RdrCEF.exe PID 1404 wrote to memory of 3356 1404 RdrCEF.exe RdrCEF.exe PID 1404 wrote to memory of 3356 1404 RdrCEF.exe RdrCEF.exe PID 1404 wrote to memory of 3356 1404 RdrCEF.exe RdrCEF.exe PID 1404 wrote to memory of 3356 1404 RdrCEF.exe RdrCEF.exe PID 1404 wrote to memory of 3356 1404 RdrCEF.exe RdrCEF.exe PID 1404 wrote to memory of 3356 1404 RdrCEF.exe RdrCEF.exe PID 1404 wrote to memory of 3356 1404 RdrCEF.exe RdrCEF.exe PID 1404 wrote to memory of 3356 1404 RdrCEF.exe RdrCEF.exe PID 1404 wrote to memory of 3356 1404 RdrCEF.exe RdrCEF.exe PID 1404 wrote to memory of 3356 1404 RdrCEF.exe RdrCEF.exe PID 1404 wrote to memory of 3356 1404 RdrCEF.exe RdrCEF.exe PID 1404 wrote to memory of 3356 1404 RdrCEF.exe RdrCEF.exe PID 1404 wrote to memory of 3356 1404 RdrCEF.exe RdrCEF.exe PID 1404 wrote to memory of 3356 1404 RdrCEF.exe RdrCEF.exe PID 1404 wrote to memory of 3356 1404 RdrCEF.exe RdrCEF.exe PID 1404 wrote to memory of 3356 1404 RdrCEF.exe RdrCEF.exe PID 1404 wrote to memory of 3356 1404 RdrCEF.exe RdrCEF.exe PID 1404 wrote to memory of 3356 1404 RdrCEF.exe RdrCEF.exe PID 1404 wrote to memory of 3356 1404 RdrCEF.exe RdrCEF.exe PID 1404 wrote to memory of 3356 1404 RdrCEF.exe RdrCEF.exe PID 1404 wrote to memory of 3356 1404 RdrCEF.exe RdrCEF.exe PID 1404 wrote to memory of 3356 1404 RdrCEF.exe RdrCEF.exe PID 1404 wrote to memory of 3356 1404 RdrCEF.exe RdrCEF.exe PID 1404 wrote to memory of 3356 1404 RdrCEF.exe RdrCEF.exe PID 1404 wrote to memory of 3356 1404 RdrCEF.exe RdrCEF.exe PID 1404 wrote to memory of 3356 1404 RdrCEF.exe RdrCEF.exe PID 1404 wrote to memory of 3356 1404 RdrCEF.exe RdrCEF.exe PID 1404 wrote to memory of 3356 1404 RdrCEF.exe RdrCEF.exe PID 1404 wrote to memory of 3356 1404 RdrCEF.exe RdrCEF.exe PID 1404 wrote to memory of 3356 1404 RdrCEF.exe RdrCEF.exe PID 1404 wrote to memory of 3356 1404 RdrCEF.exe RdrCEF.exe PID 1404 wrote to memory of 3356 1404 RdrCEF.exe RdrCEF.exe PID 1404 wrote to memory of 3356 1404 RdrCEF.exe RdrCEF.exe PID 1404 wrote to memory of 4352 1404 RdrCEF.exe RdrCEF.exe PID 1404 wrote to memory of 4352 1404 RdrCEF.exe RdrCEF.exe PID 1404 wrote to memory of 4352 1404 RdrCEF.exe RdrCEF.exe PID 1404 wrote to memory of 4352 1404 RdrCEF.exe RdrCEF.exe PID 1404 wrote to memory of 4352 1404 RdrCEF.exe RdrCEF.exe PID 1404 wrote to memory of 4352 1404 RdrCEF.exe RdrCEF.exe PID 1404 wrote to memory of 4352 1404 RdrCEF.exe RdrCEF.exe PID 1404 wrote to memory of 4352 1404 RdrCEF.exe RdrCEF.exe PID 1404 wrote to memory of 4352 1404 RdrCEF.exe RdrCEF.exe PID 1404 wrote to memory of 4352 1404 RdrCEF.exe RdrCEF.exe PID 1404 wrote to memory of 4352 1404 RdrCEF.exe RdrCEF.exe PID 1404 wrote to memory of 4352 1404 RdrCEF.exe RdrCEF.exe PID 1404 wrote to memory of 4352 1404 RdrCEF.exe RdrCEF.exe PID 1404 wrote to memory of 4352 1404 RdrCEF.exe RdrCEF.exe PID 1404 wrote to memory of 4352 1404 RdrCEF.exe RdrCEF.exe PID 1404 wrote to memory of 4352 1404 RdrCEF.exe RdrCEF.exe PID 1404 wrote to memory of 4352 1404 RdrCEF.exe RdrCEF.exe PID 1404 wrote to memory of 4352 1404 RdrCEF.exe RdrCEF.exe PID 1404 wrote to memory of 4352 1404 RdrCEF.exe RdrCEF.exe PID 1404 wrote to memory of 4352 1404 RdrCEF.exe RdrCEF.exe
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\b763c38140c20457f42de6251c2777d1.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2280 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
PID:1404 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E3795AD6953E9FD4C9A46F7DA2603418 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:3356
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=6D9927BB4AA98E72110B4367FF0FE913 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=6D9927BB4AA98E72110B4367FF0FE913 --renderer-client-id=2 --mojo-platform-channel-handle=1760 --allow-no-sandbox-job /prefetch:13⤵PID:4352
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=CC115ECB3138B907E610B6331CF56FF7 --mojo-platform-channel-handle=2296 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:1756
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=3CE2D301DEB90521A4D00CFFF001C534 --mojo-platform-channel-handle=2328 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:2316
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=186F33698F7B87D10EAD3A4C9737F1A3 --mojo-platform-channel-handle=2292 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:3928
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=95353DCDCEBEAEBE0E1CD09D979745AC --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=95353DCDCEBEAEBE0E1CD09D979745AC --renderer-client-id=8 --mojo-platform-channel-handle=1876 --allow-no-sandbox-job /prefetch:13⤵PID:4668
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=3CE23140183F8B80D064B1F1DBA4AF79 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=3CE23140183F8B80D064B1F1DBA4AF79 --renderer-client-id=10 --mojo-platform-channel-handle=2544 --allow-no-sandbox-job /prefetch:13⤵PID:5008
-
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" /PRODUCT:Reader /VERSION:19.0 /MODE:32⤵
- Suspicious use of SetWindowsHookEx
PID:2944 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Reader_sl.exe"3⤵PID:3932
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs -p -s BITS1⤵
- Modifies data under HKEY_USERS
PID:2788
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\ProgramData\Adobe\ARM\Reader_19.010.20069\ReaderDCManifest2.msiMD5
6f014505b038aa70695dc6557662df8b
SHA125607777270af2b0a38da97d8d98ab9bc7926980
SHA25652040d7492e91856c658e4779bdc2de38a81f47e5136d9a772f4559178fbe7fc
SHA51225c53e4b7c273b3699be727e5a6688dbfad7b6633d78d29e753bc3446b8e2b5e8c752a8842870264fe10a2b3a0246c335bea7457daa289faec67f7ca7c2aaac0
-
memory/2788-130-0x000001E93B260000-0x000001E93B270000-memory.dmpFilesize
64KB
-
memory/2788-131-0x000001E93B2C0000-0x000001E93B2D0000-memory.dmpFilesize
64KB
-
memory/2788-132-0x000001E93B5E0000-0x000001E93B5E4000-memory.dmpFilesize
16KB