f8735c433fa46296f7ee9d27e3d9a62b9f1430430e4ace71ca4d7c367ab16821

General

Target

Trendy prezent z winem '24.pdf
Size

267KB
MD5

6879474480b159972da062820097ea4c
SHA1

52e3cb1e2a41d320c16282fd3d43579fedb43594
SHA256

560818df0e8728ed40cf21e3bcf87e84d77366c4f2746f8a5c4c56d3522f99b7
SHA512

8251c77393dc398478c9545e91fc664d2e17872a2edeb9572aed789dabb53fd1ddfb090b4d5e679fdb7845413c28d76293c3020e73f9458d086612c49dae13b8
SSDEEP

6144:IfmDzmZJ+5JQeztEZ31U3jRSP+Nvg9+9AFbaNj6:Ifm3mT+5qe83GRSPn9NFbaR6

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AcroRd32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

AcroRd32.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-355664440-2199602304-1223909400-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

AcroRd32.exe

pid process

2452 AcroRd32.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

AcroRd32.exe

pid process

2452 AcroRd32.exe
2452 AcroRd32.exe
2452 AcroRd32.exe
2452 AcroRd32.exe
2452 AcroRd32.exe
2452 AcroRd32.exe

pid	process
2452	AcroRd32.exe

pid	process
2452	AcroRd32.exe
2452	AcroRd32.exe
2452	AcroRd32.exe
2452	AcroRd32.exe
2452	AcroRd32.exe
2452	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

AcroRd32.exeRdrCEF.exe

description	pid	process	target process
PID 2452 wrote to memory of 5108	2452	AcroRd32.exe	RdrCEF.exe
PID 2452 wrote to memory of 5108	2452	AcroRd32.exe	RdrCEF.exe
PID 2452 wrote to memory of 5108	2452	AcroRd32.exe	RdrCEF.exe
PID 5108 wrote to memory of 3912	5108	RdrCEF.exe	RdrCEF.exe
PID 5108 wrote to memory of 3912	5108	RdrCEF.exe	RdrCEF.exe
PID 5108 wrote to memory of 3912	5108	RdrCEF.exe	RdrCEF.exe
PID 5108 wrote to memory of 3912	5108	RdrCEF.exe	RdrCEF.exe
PID 5108 wrote to memory of 3912	5108	RdrCEF.exe	RdrCEF.exe
PID 5108 wrote to memory of 3912	5108	RdrCEF.exe	RdrCEF.exe
PID 5108 wrote to memory of 3912	5108	RdrCEF.exe	RdrCEF.exe
PID 5108 wrote to memory of 3912	5108	RdrCEF.exe	RdrCEF.exe
PID 5108 wrote to memory of 3912	5108	RdrCEF.exe	RdrCEF.exe
PID 5108 wrote to memory of 3912	5108	RdrCEF.exe	RdrCEF.exe
PID 5108 wrote to memory of 3912	5108	RdrCEF.exe	RdrCEF.exe
PID 5108 wrote to memory of 3912	5108	RdrCEF.exe	RdrCEF.exe
PID 5108 wrote to memory of 3912	5108	RdrCEF.exe	RdrCEF.exe
PID 5108 wrote to memory of 3912	5108	RdrCEF.exe	RdrCEF.exe
PID 5108 wrote to memory of 3912	5108	RdrCEF.exe	RdrCEF.exe
PID 5108 wrote to memory of 3912	5108	RdrCEF.exe	RdrCEF.exe
PID 5108 wrote to memory of 3912	5108	RdrCEF.exe	RdrCEF.exe
PID 5108 wrote to memory of 3912	5108	RdrCEF.exe	RdrCEF.exe
PID 5108 wrote to memory of 3912	5108	RdrCEF.exe	RdrCEF.exe
PID 5108 wrote to memory of 3912	5108	RdrCEF.exe	RdrCEF.exe
PID 5108 wrote to memory of 3912	5108	RdrCEF.exe	RdrCEF.exe
PID 5108 wrote to memory of 3912	5108	RdrCEF.exe	RdrCEF.exe
PID 5108 wrote to memory of 3912	5108	RdrCEF.exe	RdrCEF.exe
PID 5108 wrote to memory of 3912	5108	RdrCEF.exe	RdrCEF.exe
PID 5108 wrote to memory of 3912	5108	RdrCEF.exe	RdrCEF.exe
PID 5108 wrote to memory of 3912	5108	RdrCEF.exe	RdrCEF.exe
PID 5108 wrote to memory of 3912	5108	RdrCEF.exe	RdrCEF.exe
PID 5108 wrote to memory of 3912	5108	RdrCEF.exe	RdrCEF.exe
PID 5108 wrote to memory of 3912	5108	RdrCEF.exe	RdrCEF.exe
PID 5108 wrote to memory of 3912	5108	RdrCEF.exe	RdrCEF.exe
PID 5108 wrote to memory of 3912	5108	RdrCEF.exe	RdrCEF.exe
PID 5108 wrote to memory of 3912	5108	RdrCEF.exe	RdrCEF.exe
PID 5108 wrote to memory of 3912	5108	RdrCEF.exe	RdrCEF.exe
PID 5108 wrote to memory of 3912	5108	RdrCEF.exe	RdrCEF.exe
PID 5108 wrote to memory of 3912	5108	RdrCEF.exe	RdrCEF.exe
PID 5108 wrote to memory of 3912	5108	RdrCEF.exe	RdrCEF.exe
PID 5108 wrote to memory of 3912	5108	RdrCEF.exe	RdrCEF.exe
PID 5108 wrote to memory of 3912	5108	RdrCEF.exe	RdrCEF.exe
PID 5108 wrote to memory of 3912	5108	RdrCEF.exe	RdrCEF.exe
PID 5108 wrote to memory of 3912	5108	RdrCEF.exe	RdrCEF.exe
PID 5108 wrote to memory of 3912	5108	RdrCEF.exe	RdrCEF.exe
PID 5108 wrote to memory of 5076	5108	RdrCEF.exe	RdrCEF.exe
PID 5108 wrote to memory of 5076	5108	RdrCEF.exe	RdrCEF.exe
PID 5108 wrote to memory of 5076	5108	RdrCEF.exe	RdrCEF.exe
PID 5108 wrote to memory of 5076	5108	RdrCEF.exe	RdrCEF.exe
PID 5108 wrote to memory of 5076	5108	RdrCEF.exe	RdrCEF.exe
PID 5108 wrote to memory of 5076	5108	RdrCEF.exe	RdrCEF.exe
PID 5108 wrote to memory of 5076	5108	RdrCEF.exe	RdrCEF.exe
PID 5108 wrote to memory of 5076	5108	RdrCEF.exe	RdrCEF.exe
PID 5108 wrote to memory of 5076	5108	RdrCEF.exe	RdrCEF.exe
PID 5108 wrote to memory of 5076	5108	RdrCEF.exe	RdrCEF.exe
PID 5108 wrote to memory of 5076	5108	RdrCEF.exe	RdrCEF.exe
PID 5108 wrote to memory of 5076	5108	RdrCEF.exe	RdrCEF.exe
PID 5108 wrote to memory of 5076	5108	RdrCEF.exe	RdrCEF.exe
PID 5108 wrote to memory of 5076	5108	RdrCEF.exe	RdrCEF.exe
PID 5108 wrote to memory of 5076	5108	RdrCEF.exe	RdrCEF.exe
PID 5108 wrote to memory of 5076	5108	RdrCEF.exe	RdrCEF.exe
PID 5108 wrote to memory of 5076	5108	RdrCEF.exe	RdrCEF.exe
PID 5108 wrote to memory of 5076	5108	RdrCEF.exe	RdrCEF.exe
PID 5108 wrote to memory of 5076	5108	RdrCEF.exe	RdrCEF.exe
PID 5108 wrote to memory of 5076	5108	RdrCEF.exe	RdrCEF.exe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Trendy prezent z winem '24.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2452
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:5108
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=CB884978B443E9F2C79CAC1C30A21294 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3912
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=558D3886E7EE932CC06BB9DC75A1325E --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=558D3886E7EE932CC06BB9DC75A1325E --renderer-client-id=2 --mojo-platform-channel-handle=1728 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:5076
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=748982DCD3E35621D36EFC5F5C35E570 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=748982DCD3E35621D36EFC5F5C35E570 --renderer-client-id=4 --mojo-platform-channel-handle=2168 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:952
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=4C6AB90EAAC618C9D372F2987A79A9F8 --mojo-platform-channel-handle=2552 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3056
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=BC5C3A4CB2342565A84E9FBB50CEFD6D --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=BC5C3A4CB2342565A84E9FBB50CEFD6D --renderer-client-id=6 --mojo-platform-channel-handle=2676 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:4208
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=62347C77A470F160E5EB4D99351F2BC4 --mojo-platform-channel-handle=2928 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2912
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=2FE000AF81CB85548C997AEEBAEFB3B4 --mojo-platform-channel-handle=3056 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3856
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe" 300516c9-5281-4508-9b5b-2c84478f6fb0
  2⤵
  PID:3076

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
b91a6272181f2735946d08d9330d466a

SHA1
7b1eae9ce82e2eb4e90c1a60196c3363f095f5e4

SHA256
3222f5a9c30ac9a9b3cb5114d1a550c310aebd8f9005516450cd7d7d6c742a9b

SHA512
f3a4e538c6c3603fa927268ad2152f76f1bca7156f8c381f2e4d9f49763df930de81669513195a2a1c1c33fac86324270f6699fb8df92549acde9685285fdf93

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
d23ae3768a012b71962afab84ba97095

SHA1
f296def92095d5125e0cfdfadda2a62fcc0fe2db

SHA256
6ab218a9b9d9b5541662d4fe8d6c22b16c31964d4d0187734d6fd3799c592aff

SHA512
186a170fe952e30d50f8b858d1f39c81e70d5780841e27090f4cd70c73093db7b8aea53e30f27a2de0ddc67d1d5990e5110147abdacb023c50957e71ea190777

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\LogTransport2\LogTransport2.cfg

Filesize
2KB

MD5
cf2b26a372d31cb3d0b56f2c993489d1

SHA1
13b2d9bb40510265ba479e5a6b5edaa6597e7d32

SHA256
5f00288d5f4fab7440c3819c7ef64d511153b121540266f6b96f65891e47d881

SHA512
2f4fc6b4ab3230d9bd477d0c11550c4b1db941b194908ce41ea056e4efa2422152e1c630279c1e75ebb000a0d3801f197b80b9a867187b44111986852feb3277

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\LogTransport2\LogTransport2.cfg

Filesize
125B

MD5
5ab328ad8bbb152faf682da8d6f09fea

SHA1
f2a08728426b4d8a19294747cde6f680293b0211

SHA256
e50ba417b3c1b1ca8bec6bb81d2dfc24bf20ec580301592b796cb87a8c1603ec

SHA512
cbcd2c7a2290f78febe6c83f7fb5c35828d09c65f825ebeab30eb10e58bc9fd7b876c737fe9c9362e9708649c45f1040e1024f5405a85cd36eabf04eeefcf3fc

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\LogTransport2\Logs\ulog_HeadlightsOptinProductFamily_HeadlightsOptinProduct_00000000-0000-0000-0000-000000000000_8171d1e7-d271-4080-a59a-76617a36a977.rdy

Filesize
1KB

MD5
3d502fa724695486c9090e02a7fb84de

SHA1
e63811bcd07c3a2caf0d83aa6185df9067832f9a

SHA256
edc8bb2c909d0f8440b89a8c389ae25f1d27ff042bf08d8761aa03b4a8a8c528

SHA512
f6582729be8661c48b2742753cbabb5cf53b728542daea727ea0c8c0d6000f00e003a3618833aff1286df91acfb4da3dc9a5594ecbd62e38c6c03503334c3ce1

Download Submit
memory/2452-45-0x00000000075B0000-0x00000000075D1000-memory.dmp

Filesize
132KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads