Overview
overview
8Static
static
8ͬ�...¼.doc
windows7-x64
4ͬ�...¼.doc
windows10-2004-x64
1ͬ�...��.doc
windows7-x64
4ͬ�...��.doc
windows10-2004-x64
1ͬ�...��.doc
windows7-x64
4ͬ�...��.doc
windows10-2004-x64
1ͬ�...��.doc
windows7-x64
4ͬ�...��.doc
windows10-2004-x64
1windows7-x64
1windows10-2004-x64
1ͬ�...��.doc
windows7-x64
4ͬ�...��.doc
windows10-2004-x64
1ͬ�...һ.doc
windows7-x64
4ͬ�...һ.doc
windows10-2004-x64
1ͬ�...��.doc
windows7-x64
4ͬ�...��.doc
windows10-2004-x64
1ͬ�...¼.pdf
windows7-x64
1ͬ�...¼.pdf
windows10-2004-x64
1ͬ�...ŵ.xls
windows7-x64
1ͬ�...ŵ.xls
windows10-2004-x64
1ͬ�...��.xls
windows7-x64
1ͬ�...��.xls
windows10-2004-x64
1ͬ�...��.doc
windows7-x64
4ͬ�...��.doc
windows10-2004-x64
1ͬ�...¼.xls
windows7-x64
1ͬ�...¼.xls
windows10-2004-x64
1windows7-x64
1windows10-2004-x64
1ͬ�...Χ.doc
windows7-x64
4ͬ�...Χ.doc
windows10-2004-x64
1ͬ�...��.xls
windows7-x64
1ͬ�...��.xls
windows10-2004-x64
1Analysis
-
max time kernel
79s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
27-11-2022 02:57
Behavioral task
behavioral1
Sample
ͬļ/0.ͬļĿ¼.doc
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
ͬļ/0.ͬļĿ¼.doc
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
ͬļ/0.ͬļ.doc
Resource
win7-20221111-en
Behavioral task
behavioral4
Sample
ͬļ/0.ͬļ.doc
Resource
win10v2004-20221111-en
Behavioral task
behavioral5
Sample
ͬļ/1.ְͬЭ.doc
Resource
win7-20221111-en
Behavioral task
behavioral6
Sample
ͬļ/1.ְͬЭ.doc
Resource
win10v2004-20220901-en
Behavioral task
behavioral7
Sample
ͬļ/2.¼1 б֪ͨ.doc
Resource
win7-20221111-en
Behavioral task
behavioral8
Sample
ͬļ/2.¼1 б֪ͨ.doc
Resource
win10v2004-20220812-en
Behavioral task
behavioral9
Sample
ͬļ/2.¼2 ۳ŵ.pdf
Resource
win7-20220812-en
Behavioral task
behavioral10
Sample
ͬļ/2.¼2 ۳ŵ.pdf
Resource
win10v2004-20221111-en
Behavioral task
behavioral11
Sample
ͬļ/2.¼3 ļ.doc
Resource
win7-20220901-en
Behavioral task
behavioral12
Sample
ͬļ/2.¼3 ļ.doc
Resource
win10v2004-20220812-en
Behavioral task
behavioral13
Sample
ͬļ/2.¼4 ļһ.doc
Resource
win7-20220901-en
Behavioral task
behavioral14
Sample
ͬļ/2.¼4 ļһ.doc
Resource
win10v2004-20221111-en
Behavioral task
behavioral15
Sample
ͬļ/2.¼5 ظܱ.doc
Resource
win7-20220901-en
Behavioral task
behavioral16
Sample
ͬļ/2.¼5 ظܱ.doc
Resource
win10v2004-20220901-en
Behavioral task
behavioral17
Sample
ͬļ/3.¼1 ŵ飨1ͬ¼.pdf
Resource
win7-20220812-en
Behavioral task
behavioral18
Sample
ͬļ/3.¼1 ŵ飨1ͬ¼.pdf
Resource
win10v2004-20220901-en
Behavioral task
behavioral19
Sample
ͬļ/3.¼2 ŵ飨2һŵ.xls
Resource
win7-20220812-en
Behavioral task
behavioral20
Sample
ͬļ/3.¼2 ŵ飨2һŵ.xls
Resource
win10v2004-20221111-en
Behavioral task
behavioral21
Sample
ͬļ/3.¼2.0 Ŀ滮ֱ.xls
Resource
win7-20221111-en
Behavioral task
behavioral22
Sample
ͬļ/3.¼2.0 Ŀ滮ֱ.xls
Resource
win10v2004-20220812-en
Behavioral task
behavioral23
Sample
ͬļ/4.ְͬר.doc
Resource
win7-20220812-en
Behavioral task
behavioral24
Sample
ͬļ/4.ְͬר.doc
Resource
win10v2004-20221111-en
Behavioral task
behavioral25
Sample
ͬļ/4.¼1 ͬ¼.xls
Resource
win7-20221111-en
Behavioral task
behavioral26
Sample
ͬļ/4.¼1 ͬ¼.xls
Resource
win10v2004-20221111-en
Behavioral task
behavioral27
Sample
ͬļ/4.¼10 ïͬ㹤.pdf
Resource
win7-20221111-en
Behavioral task
behavioral28
Sample
ͬļ/4.¼10 ïͬ㹤.pdf
Resource
win10v2004-20221111-en
Behavioral task
behavioral29
Sample
ͬļ/4.¼2 ̷Χ.doc
Resource
win7-20221111-en
Behavioral task
behavioral30
Sample
ͬļ/4.¼2 ̷Χ.doc
Resource
win10v2004-20220812-en
Behavioral task
behavioral31
Sample
ͬļ/4.¼3 ŵ飨3ر.xls
Resource
win7-20221111-en
Behavioral task
behavioral32
Sample
ͬļ/4.¼3 ŵ飨3ر.xls
Resource
win10v2004-20220812-en
General
-
Target
ͬļ/3.¼1 ŵ飨1ͬ¼.pdf
-
Size
35KB
-
MD5
383538a3fac5d4ff546876ea6c52149b
-
SHA1
7684222cd6172980c9ec6b6330072b8322ee23b4
-
SHA256
8d63a802684a3b6f5774813655d60de42b58e656834e046120c71f3cdf1fe575
-
SHA512
45a92dbfe0c540b55b20249001c616d8a11ca7bea863f768ad13bb8b570a50931014ac82d11b78573652971dd0a52f4c2394925b7f4ba58cfff925986a3efa0d
-
SSDEEP
768:UlUUmFHBzTnN0j875/Pupvw3qMpvl0on5WHWy3h4n+w:lzNtTnN0g75Hevwato5W2y3Vw
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
AcroRd32.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
Processes:
AcroRd32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious behavior: EnumeratesProcesses 20 IoCs
Processes:
AcroRd32.exepid process 648 AcroRd32.exe 648 AcroRd32.exe 648 AcroRd32.exe 648 AcroRd32.exe 648 AcroRd32.exe 648 AcroRd32.exe 648 AcroRd32.exe 648 AcroRd32.exe 648 AcroRd32.exe 648 AcroRd32.exe 648 AcroRd32.exe 648 AcroRd32.exe 648 AcroRd32.exe 648 AcroRd32.exe 648 AcroRd32.exe 648 AcroRd32.exe 648 AcroRd32.exe 648 AcroRd32.exe 648 AcroRd32.exe 648 AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
AcroRd32.exepid process 648 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
Processes:
AcroRd32.exepid process 648 AcroRd32.exe 648 AcroRd32.exe 648 AcroRd32.exe 648 AcroRd32.exe 648 AcroRd32.exe 648 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
AcroRd32.exeRdrCEF.exedescription pid process target process PID 648 wrote to memory of 1336 648 AcroRd32.exe RdrCEF.exe PID 648 wrote to memory of 1336 648 AcroRd32.exe RdrCEF.exe PID 648 wrote to memory of 1336 648 AcroRd32.exe RdrCEF.exe PID 1336 wrote to memory of 3680 1336 RdrCEF.exe RdrCEF.exe PID 1336 wrote to memory of 3680 1336 RdrCEF.exe RdrCEF.exe PID 1336 wrote to memory of 3680 1336 RdrCEF.exe RdrCEF.exe PID 1336 wrote to memory of 3680 1336 RdrCEF.exe RdrCEF.exe PID 1336 wrote to memory of 3680 1336 RdrCEF.exe RdrCEF.exe PID 1336 wrote to memory of 3680 1336 RdrCEF.exe RdrCEF.exe PID 1336 wrote to memory of 3680 1336 RdrCEF.exe RdrCEF.exe PID 1336 wrote to memory of 3680 1336 RdrCEF.exe RdrCEF.exe PID 1336 wrote to memory of 3680 1336 RdrCEF.exe RdrCEF.exe PID 1336 wrote to memory of 3680 1336 RdrCEF.exe RdrCEF.exe PID 1336 wrote to memory of 3680 1336 RdrCEF.exe RdrCEF.exe PID 1336 wrote to memory of 3680 1336 RdrCEF.exe RdrCEF.exe PID 1336 wrote to memory of 3680 1336 RdrCEF.exe RdrCEF.exe PID 1336 wrote to memory of 3680 1336 RdrCEF.exe RdrCEF.exe PID 1336 wrote to memory of 3680 1336 RdrCEF.exe RdrCEF.exe PID 1336 wrote to memory of 3680 1336 RdrCEF.exe RdrCEF.exe PID 1336 wrote to memory of 3680 1336 RdrCEF.exe RdrCEF.exe PID 1336 wrote to memory of 3680 1336 RdrCEF.exe RdrCEF.exe PID 1336 wrote to memory of 3680 1336 RdrCEF.exe RdrCEF.exe PID 1336 wrote to memory of 3680 1336 RdrCEF.exe RdrCEF.exe PID 1336 wrote to memory of 3680 1336 RdrCEF.exe RdrCEF.exe PID 1336 wrote to memory of 3680 1336 RdrCEF.exe RdrCEF.exe PID 1336 wrote to memory of 3680 1336 RdrCEF.exe RdrCEF.exe PID 1336 wrote to memory of 3680 1336 RdrCEF.exe RdrCEF.exe PID 1336 wrote to memory of 3680 1336 RdrCEF.exe RdrCEF.exe PID 1336 wrote to memory of 3680 1336 RdrCEF.exe RdrCEF.exe PID 1336 wrote to memory of 3680 1336 RdrCEF.exe RdrCEF.exe PID 1336 wrote to memory of 3680 1336 RdrCEF.exe RdrCEF.exe PID 1336 wrote to memory of 3680 1336 RdrCEF.exe RdrCEF.exe PID 1336 wrote to memory of 3680 1336 RdrCEF.exe RdrCEF.exe PID 1336 wrote to memory of 3680 1336 RdrCEF.exe RdrCEF.exe PID 1336 wrote to memory of 3680 1336 RdrCEF.exe RdrCEF.exe PID 1336 wrote to memory of 3680 1336 RdrCEF.exe RdrCEF.exe PID 1336 wrote to memory of 3680 1336 RdrCEF.exe RdrCEF.exe PID 1336 wrote to memory of 3680 1336 RdrCEF.exe RdrCEF.exe PID 1336 wrote to memory of 3680 1336 RdrCEF.exe RdrCEF.exe PID 1336 wrote to memory of 3680 1336 RdrCEF.exe RdrCEF.exe PID 1336 wrote to memory of 3680 1336 RdrCEF.exe RdrCEF.exe PID 1336 wrote to memory of 3680 1336 RdrCEF.exe RdrCEF.exe PID 1336 wrote to memory of 3680 1336 RdrCEF.exe RdrCEF.exe PID 1336 wrote to memory of 3680 1336 RdrCEF.exe RdrCEF.exe PID 1336 wrote to memory of 1772 1336 RdrCEF.exe RdrCEF.exe PID 1336 wrote to memory of 1772 1336 RdrCEF.exe RdrCEF.exe PID 1336 wrote to memory of 1772 1336 RdrCEF.exe RdrCEF.exe PID 1336 wrote to memory of 1772 1336 RdrCEF.exe RdrCEF.exe PID 1336 wrote to memory of 1772 1336 RdrCEF.exe RdrCEF.exe PID 1336 wrote to memory of 1772 1336 RdrCEF.exe RdrCEF.exe PID 1336 wrote to memory of 1772 1336 RdrCEF.exe RdrCEF.exe PID 1336 wrote to memory of 1772 1336 RdrCEF.exe RdrCEF.exe PID 1336 wrote to memory of 1772 1336 RdrCEF.exe RdrCEF.exe PID 1336 wrote to memory of 1772 1336 RdrCEF.exe RdrCEF.exe PID 1336 wrote to memory of 1772 1336 RdrCEF.exe RdrCEF.exe PID 1336 wrote to memory of 1772 1336 RdrCEF.exe RdrCEF.exe PID 1336 wrote to memory of 1772 1336 RdrCEF.exe RdrCEF.exe PID 1336 wrote to memory of 1772 1336 RdrCEF.exe RdrCEF.exe PID 1336 wrote to memory of 1772 1336 RdrCEF.exe RdrCEF.exe PID 1336 wrote to memory of 1772 1336 RdrCEF.exe RdrCEF.exe PID 1336 wrote to memory of 1772 1336 RdrCEF.exe RdrCEF.exe PID 1336 wrote to memory of 1772 1336 RdrCEF.exe RdrCEF.exe PID 1336 wrote to memory of 1772 1336 RdrCEF.exe RdrCEF.exe PID 1336 wrote to memory of 1772 1336 RdrCEF.exe RdrCEF.exe
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\ͬļ\3.¼1 ŵ飨1ͬ¼.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=287D0CAA6708B86B17CB5BB1A96D81D3 --mojo-platform-channel-handle=1756 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=508E1E6062E07DC55A90AA36EACF51F0 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=508E1E6062E07DC55A90AA36EACF51F0 --renderer-client-id=2 --mojo-platform-channel-handle=1768 --allow-no-sandbox-job /prefetch:13⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=A0D689A059871EA5D294BB32EA4A0B82 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=A0D689A059871EA5D294BB32EA4A0B82 --renderer-client-id=4 --mojo-platform-channel-handle=2180 --allow-no-sandbox-job /prefetch:13⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=FB3631590CA9F56E67E7D829F7485C21 --mojo-platform-channel-handle=2548 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D2DCE2D6A0D479422E475E472A8582D3 --mojo-platform-channel-handle=2664 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=08AA67B676867230390ED8B021336FD4 --mojo-platform-channel-handle=2580 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1336-132-0x0000000000000000-mapping.dmp
-
memory/1772-137-0x0000000000000000-mapping.dmp
-
memory/2484-150-0x0000000000000000-mapping.dmp
-
memory/3108-147-0x0000000000000000-mapping.dmp
-
memory/3516-142-0x0000000000000000-mapping.dmp
-
memory/3680-134-0x0000000000000000-mapping.dmp
-
memory/5060-153-0x0000000000000000-mapping.dmp