7eb994f9af5e93572437abe6076564064a2fd54d23faf3a5cc515b86a9494463

General

Target

7eb994f9af5e93572437abe6076564064a2fd54d23faf3a5cc515b86a9494463.pdf
Size

1.2MB
MD5

bb26676ee7bd9f0c28ba68ed87a2b69a
SHA1

85158807fc8a2ab4ec179452bc49a7ffe98d4428
SHA256

7eb994f9af5e93572437abe6076564064a2fd54d23faf3a5cc515b86a9494463
SHA512

4c4a2c3a5e7ed93b89e94f0c6dcca18d4e39db603ca47626af27cdd52ec2d6c2204f5cd6064328cf9054d0e951e1c7907788ab0602169a04516032d959074471
SSDEEP

24576:cKCRzObMW+j4abpR5Tyth86IUQmvlhogBO3E39VNh15sNy/JYoAB9o9IZh1Nsk9d:0O4Zj4xDH6mvlNBO3Ett4Ny/JYlBGyjv

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AcroRd32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

AcroRd32.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

Processes:

AcroRd32.exe

pid	process
764	AcroRd32.exe
764	AcroRd32.exe
764	AcroRd32.exe
764	AcroRd32.exe
764	AcroRd32.exe
764	AcroRd32.exe
764	AcroRd32.exe
764	AcroRd32.exe
764	AcroRd32.exe
764	AcroRd32.exe
764	AcroRd32.exe
764	AcroRd32.exe
764	AcroRd32.exe
764	AcroRd32.exe
764	AcroRd32.exe
764	AcroRd32.exe
764	AcroRd32.exe
764	AcroRd32.exe
764	AcroRd32.exe
764	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

AcroRd32.exe

pid process

764 AcroRd32.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

AcroRd32.exe

pid process

764 AcroRd32.exe
764 AcroRd32.exe
764 AcroRd32.exe
764 AcroRd32.exe
764 AcroRd32.exe
764 AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

AcroRd32.exeRdrCEF.exe

description	pid	process	target process
PID 764 wrote to memory of 1148	764	AcroRd32.exe	RdrCEF.exe
PID 764 wrote to memory of 1148	764	AcroRd32.exe	RdrCEF.exe
PID 764 wrote to memory of 1148	764	AcroRd32.exe	RdrCEF.exe
PID 764 wrote to memory of 3684	764	AcroRd32.exe	RdrCEF.exe
PID 764 wrote to memory of 3684	764	AcroRd32.exe	RdrCEF.exe
PID 764 wrote to memory of 3684	764	AcroRd32.exe	RdrCEF.exe
PID 764 wrote to memory of 1948	764	AcroRd32.exe	RdrCEF.exe
PID 764 wrote to memory of 1948	764	AcroRd32.exe	RdrCEF.exe
PID 764 wrote to memory of 1948	764	AcroRd32.exe	RdrCEF.exe
PID 764 wrote to memory of 3924	764	AcroRd32.exe	RdrCEF.exe
PID 764 wrote to memory of 3924	764	AcroRd32.exe	RdrCEF.exe
PID 764 wrote to memory of 3924	764	AcroRd32.exe	RdrCEF.exe
PID 1948 wrote to memory of 816	1948	RdrCEF.exe	RdrCEF.exe
PID 1948 wrote to memory of 816	1948	RdrCEF.exe	RdrCEF.exe
PID 1948 wrote to memory of 816	1948	RdrCEF.exe	RdrCEF.exe
PID 1948 wrote to memory of 816	1948	RdrCEF.exe	RdrCEF.exe
PID 1948 wrote to memory of 816	1948	RdrCEF.exe	RdrCEF.exe
PID 1948 wrote to memory of 816	1948	RdrCEF.exe	RdrCEF.exe
PID 1948 wrote to memory of 816	1948	RdrCEF.exe	RdrCEF.exe
PID 1948 wrote to memory of 816	1948	RdrCEF.exe	RdrCEF.exe
PID 1948 wrote to memory of 816	1948	RdrCEF.exe	RdrCEF.exe
PID 1948 wrote to memory of 816	1948	RdrCEF.exe	RdrCEF.exe
PID 1948 wrote to memory of 816	1948	RdrCEF.exe	RdrCEF.exe
PID 1948 wrote to memory of 816	1948	RdrCEF.exe	RdrCEF.exe
PID 1948 wrote to memory of 816	1948	RdrCEF.exe	RdrCEF.exe
PID 1948 wrote to memory of 816	1948	RdrCEF.exe	RdrCEF.exe
PID 1948 wrote to memory of 816	1948	RdrCEF.exe	RdrCEF.exe
PID 1948 wrote to memory of 816	1948	RdrCEF.exe	RdrCEF.exe
PID 1948 wrote to memory of 816	1948	RdrCEF.exe	RdrCEF.exe
PID 1948 wrote to memory of 816	1948	RdrCEF.exe	RdrCEF.exe
PID 1948 wrote to memory of 816	1948	RdrCEF.exe	RdrCEF.exe
PID 1948 wrote to memory of 816	1948	RdrCEF.exe	RdrCEF.exe
PID 1948 wrote to memory of 816	1948	RdrCEF.exe	RdrCEF.exe
PID 1948 wrote to memory of 816	1948	RdrCEF.exe	RdrCEF.exe
PID 1948 wrote to memory of 816	1948	RdrCEF.exe	RdrCEF.exe
PID 1948 wrote to memory of 816	1948	RdrCEF.exe	RdrCEF.exe
PID 1948 wrote to memory of 816	1948	RdrCEF.exe	RdrCEF.exe
PID 1948 wrote to memory of 816	1948	RdrCEF.exe	RdrCEF.exe
PID 1948 wrote to memory of 816	1948	RdrCEF.exe	RdrCEF.exe
PID 1948 wrote to memory of 816	1948	RdrCEF.exe	RdrCEF.exe
PID 1948 wrote to memory of 816	1948	RdrCEF.exe	RdrCEF.exe
PID 1948 wrote to memory of 816	1948	RdrCEF.exe	RdrCEF.exe
PID 1948 wrote to memory of 816	1948	RdrCEF.exe	RdrCEF.exe
PID 1948 wrote to memory of 816	1948	RdrCEF.exe	RdrCEF.exe
PID 1948 wrote to memory of 816	1948	RdrCEF.exe	RdrCEF.exe
PID 1948 wrote to memory of 816	1948	RdrCEF.exe	RdrCEF.exe
PID 1948 wrote to memory of 816	1948	RdrCEF.exe	RdrCEF.exe
PID 1948 wrote to memory of 816	1948	RdrCEF.exe	RdrCEF.exe
PID 1948 wrote to memory of 816	1948	RdrCEF.exe	RdrCEF.exe
PID 1948 wrote to memory of 816	1948	RdrCEF.exe	RdrCEF.exe
PID 1948 wrote to memory of 816	1948	RdrCEF.exe	RdrCEF.exe
PID 1948 wrote to memory of 816	1948	RdrCEF.exe	RdrCEF.exe
PID 1948 wrote to memory of 816	1948	RdrCEF.exe	RdrCEF.exe
PID 1948 wrote to memory of 4468	1948	RdrCEF.exe	RdrCEF.exe
PID 1948 wrote to memory of 4468	1948	RdrCEF.exe	RdrCEF.exe
PID 1948 wrote to memory of 4468	1948	RdrCEF.exe	RdrCEF.exe
PID 1948 wrote to memory of 4468	1948	RdrCEF.exe	RdrCEF.exe
PID 1948 wrote to memory of 4468	1948	RdrCEF.exe	RdrCEF.exe
PID 1948 wrote to memory of 4468	1948	RdrCEF.exe	RdrCEF.exe
PID 1948 wrote to memory of 4468	1948	RdrCEF.exe	RdrCEF.exe
PID 1948 wrote to memory of 4468	1948	RdrCEF.exe	RdrCEF.exe
PID 1948 wrote to memory of 4468	1948	RdrCEF.exe	RdrCEF.exe
PID 1948 wrote to memory of 4468	1948	RdrCEF.exe	RdrCEF.exe
PID 1948 wrote to memory of 4468	1948	RdrCEF.exe	RdrCEF.exe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\7eb994f9af5e93572437abe6076564064a2fd54d23faf3a5cc515b86a9494463.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:764

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
PID:1148

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
PID:3684

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
- Suspicious use of WriteProcessMemory
PID:1948

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=8291F938B945B2579A201A9D6A40A995 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:816

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=D7B31A76BA7FB53810CC5959BE877E01 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=D7B31A76BA7FB53810CC5959BE877E01 --renderer-client-id=2 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:1
3⤵
PID:4468

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=5F16475B701EA44D79203B85109E37AC --mojo-platform-channel-handle=1800 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:3296

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=01A2FF016A56BEF4AA1BCE3B8B988371 --mojo-platform-channel-handle=1964 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:2756

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=55A8ACD328D6112E6464DBD415EE8FBA --mojo-platform-channel-handle=1868 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:1844

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
PID:3924

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
PID:4704

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=38FDE76F602DD5674187B9E520E13A6C --mojo-platform-channel-handle=1720 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:2000

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=5F6876B18EAFEFA05D1496EA4BE01E1C --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=5F6876B18EAFEFA05D1496EA4BE01E1C --renderer-client-id=2 --mojo-platform-channel-handle=1712 --allow-no-sandbox-job /prefetch:1
3⤵
PID:2192

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=45B7EFEE8E1C5E40B00F837121E7CA7B --mojo-platform-channel-handle=2164 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:2388

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=406D5B35D57E350F8C65023C361BE9F8 --mojo-platform-channel-handle=2380 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:5080

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=550500E8997F2DB93C50F5008CDDBC77 --mojo-platform-channel-handle=1720 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:3752

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=5E662325F7A00A431C80F2E65E6977D0 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=5E662325F7A00A431C80F2E65E6977D0 --renderer-client-id=8 --mojo-platform-channel-handle=2204 --allow-no-sandbox-job /prefetch:1
3⤵
PID:5084

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
PID:396

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4440

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links
Filesize
128KB

MD5
6b3e40fc8616da38815ea2c28fbabd01

SHA1
6b72ca9994c97277f6afc401d34355a2ba0c9aad

SHA256
016aa1bde1a3263bfd21a00d76e5e46cfa2c77ef82524a444712cb83b9f92a8b

SHA512
70c4ea4863b7ecdfd68db0147a63f2797948bb4a3ef458e045402c71a966e4eefb9e0917148882761a45c5ef3986e12a8348d80f002e6b46230948e4bf1d05ca

Download Submit
memory/396-172-0x0000000000000000-mapping.dmp

Download
memory/816-137-0x0000000000000000-mapping.dmp

Download
memory/1148-132-0x0000000000000000-mapping.dmp

Download
memory/1844-151-0x0000000000000000-mapping.dmp

Download
memory/1948-134-0x0000000000000000-mapping.dmp

Download
memory/2000-156-0x0000000000000000-mapping.dmp

Download
memory/2192-159-0x0000000000000000-mapping.dmp

Download
memory/2388-164-0x0000000000000000-mapping.dmp

Download
memory/2756-148-0x0000000000000000-mapping.dmp

Download
memory/3296-145-0x0000000000000000-mapping.dmp

Download
memory/3684-133-0x0000000000000000-mapping.dmp

Download
memory/3752-170-0x0000000000000000-mapping.dmp

Download
memory/3924-135-0x0000000000000000-mapping.dmp

Download
memory/4468-140-0x0000000000000000-mapping.dmp

Download
memory/4704-153-0x0000000000000000-mapping.dmp

Download
memory/5080-167-0x0000000000000000-mapping.dmp

Download
memory/5084-174-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads