b868ed51bca1829b52981f77703125c1afd9e240cab67a5c11157ec07934006c

General

Target

visura BV.pdf
Size

88KB
MD5

28e7a42e6a1d48b2a3ecd3ad387acbec
SHA1

92124e1d2b25fc51d5f70d30f1a8b001d289208e
SHA256

b868ed51bca1829b52981f77703125c1afd9e240cab67a5c11157ec07934006c
SHA512

e445ef02fb55e9630e002fe1c40dff0c9df662caaa378622d5fa23590c3ccd42bdf5f37b5cc5926774fdfe0a03d0ca97445015d5f6ed6c65b0b404240a387c66
SSDEEP

1536:qXCJal5jAGHpDOvsTo+gwCVQkp+I8/BURUIA:wCmMGHpSE0w6Q3DYk

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AcroRd32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

AcroRd32.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

Processes:

AcroRd32.exe

pid	process
3380	AcroRd32.exe
3380	AcroRd32.exe
3380	AcroRd32.exe
3380	AcroRd32.exe
3380	AcroRd32.exe
3380	AcroRd32.exe
3380	AcroRd32.exe
3380	AcroRd32.exe
3380	AcroRd32.exe
3380	AcroRd32.exe
3380	AcroRd32.exe
3380	AcroRd32.exe
3380	AcroRd32.exe
3380	AcroRd32.exe
3380	AcroRd32.exe
3380	AcroRd32.exe
3380	AcroRd32.exe
3380	AcroRd32.exe
3380	AcroRd32.exe
3380	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

AcroRd32.exe

pid process

3380 AcroRd32.exe
Suspicious use of SetWindowsHookEx 8 IoCs

Processes:

AcroRd32.exe

pid process

3380 AcroRd32.exe
3380 AcroRd32.exe
3380 AcroRd32.exe
3380 AcroRd32.exe
3380 AcroRd32.exe
3380 AcroRd32.exe
3380 AcroRd32.exe
3380 AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

AcroRd32.exeRdrCEF.exe

description	pid	process	target process
PID 3380 wrote to memory of 3652	3380	AcroRd32.exe	RdrCEF.exe
PID 3380 wrote to memory of 3652	3380	AcroRd32.exe	RdrCEF.exe
PID 3380 wrote to memory of 3652	3380	AcroRd32.exe	RdrCEF.exe
PID 3652 wrote to memory of 2328	3652	RdrCEF.exe	RdrCEF.exe
PID 3652 wrote to memory of 2328	3652	RdrCEF.exe	RdrCEF.exe
PID 3652 wrote to memory of 2328	3652	RdrCEF.exe	RdrCEF.exe
PID 3652 wrote to memory of 2328	3652	RdrCEF.exe	RdrCEF.exe
PID 3652 wrote to memory of 2328	3652	RdrCEF.exe	RdrCEF.exe
PID 3652 wrote to memory of 2328	3652	RdrCEF.exe	RdrCEF.exe
PID 3652 wrote to memory of 2328	3652	RdrCEF.exe	RdrCEF.exe
PID 3652 wrote to memory of 2328	3652	RdrCEF.exe	RdrCEF.exe
PID 3652 wrote to memory of 2328	3652	RdrCEF.exe	RdrCEF.exe
PID 3652 wrote to memory of 2328	3652	RdrCEF.exe	RdrCEF.exe
PID 3652 wrote to memory of 2328	3652	RdrCEF.exe	RdrCEF.exe
PID 3652 wrote to memory of 2328	3652	RdrCEF.exe	RdrCEF.exe
PID 3652 wrote to memory of 2328	3652	RdrCEF.exe	RdrCEF.exe
PID 3652 wrote to memory of 2328	3652	RdrCEF.exe	RdrCEF.exe
PID 3652 wrote to memory of 2328	3652	RdrCEF.exe	RdrCEF.exe
PID 3652 wrote to memory of 2328	3652	RdrCEF.exe	RdrCEF.exe
PID 3652 wrote to memory of 2328	3652	RdrCEF.exe	RdrCEF.exe
PID 3652 wrote to memory of 2328	3652	RdrCEF.exe	RdrCEF.exe
PID 3652 wrote to memory of 2328	3652	RdrCEF.exe	RdrCEF.exe
PID 3652 wrote to memory of 2328	3652	RdrCEF.exe	RdrCEF.exe
PID 3652 wrote to memory of 2328	3652	RdrCEF.exe	RdrCEF.exe
PID 3652 wrote to memory of 2328	3652	RdrCEF.exe	RdrCEF.exe
PID 3652 wrote to memory of 2328	3652	RdrCEF.exe	RdrCEF.exe
PID 3652 wrote to memory of 2328	3652	RdrCEF.exe	RdrCEF.exe
PID 3652 wrote to memory of 2328	3652	RdrCEF.exe	RdrCEF.exe
PID 3652 wrote to memory of 2328	3652	RdrCEF.exe	RdrCEF.exe
PID 3652 wrote to memory of 2328	3652	RdrCEF.exe	RdrCEF.exe
PID 3652 wrote to memory of 2328	3652	RdrCEF.exe	RdrCEF.exe
PID 3652 wrote to memory of 2328	3652	RdrCEF.exe	RdrCEF.exe
PID 3652 wrote to memory of 2328	3652	RdrCEF.exe	RdrCEF.exe
PID 3652 wrote to memory of 2328	3652	RdrCEF.exe	RdrCEF.exe
PID 3652 wrote to memory of 2328	3652	RdrCEF.exe	RdrCEF.exe
PID 3652 wrote to memory of 2328	3652	RdrCEF.exe	RdrCEF.exe
PID 3652 wrote to memory of 2328	3652	RdrCEF.exe	RdrCEF.exe
PID 3652 wrote to memory of 2328	3652	RdrCEF.exe	RdrCEF.exe
PID 3652 wrote to memory of 2328	3652	RdrCEF.exe	RdrCEF.exe
PID 3652 wrote to memory of 2328	3652	RdrCEF.exe	RdrCEF.exe
PID 3652 wrote to memory of 2328	3652	RdrCEF.exe	RdrCEF.exe
PID 3652 wrote to memory of 2328	3652	RdrCEF.exe	RdrCEF.exe
PID 3652 wrote to memory of 2328	3652	RdrCEF.exe	RdrCEF.exe
PID 3652 wrote to memory of 2328	3652	RdrCEF.exe	RdrCEF.exe
PID 3652 wrote to memory of 4420	3652	RdrCEF.exe	RdrCEF.exe
PID 3652 wrote to memory of 4420	3652	RdrCEF.exe	RdrCEF.exe
PID 3652 wrote to memory of 4420	3652	RdrCEF.exe	RdrCEF.exe
PID 3652 wrote to memory of 4420	3652	RdrCEF.exe	RdrCEF.exe
PID 3652 wrote to memory of 4420	3652	RdrCEF.exe	RdrCEF.exe
PID 3652 wrote to memory of 4420	3652	RdrCEF.exe	RdrCEF.exe
PID 3652 wrote to memory of 4420	3652	RdrCEF.exe	RdrCEF.exe
PID 3652 wrote to memory of 4420	3652	RdrCEF.exe	RdrCEF.exe
PID 3652 wrote to memory of 4420	3652	RdrCEF.exe	RdrCEF.exe
PID 3652 wrote to memory of 4420	3652	RdrCEF.exe	RdrCEF.exe
PID 3652 wrote to memory of 4420	3652	RdrCEF.exe	RdrCEF.exe
PID 3652 wrote to memory of 4420	3652	RdrCEF.exe	RdrCEF.exe
PID 3652 wrote to memory of 4420	3652	RdrCEF.exe	RdrCEF.exe
PID 3652 wrote to memory of 4420	3652	RdrCEF.exe	RdrCEF.exe
PID 3652 wrote to memory of 4420	3652	RdrCEF.exe	RdrCEF.exe
PID 3652 wrote to memory of 4420	3652	RdrCEF.exe	RdrCEF.exe
PID 3652 wrote to memory of 4420	3652	RdrCEF.exe	RdrCEF.exe
PID 3652 wrote to memory of 4420	3652	RdrCEF.exe	RdrCEF.exe
PID 3652 wrote to memory of 4420	3652	RdrCEF.exe	RdrCEF.exe
PID 3652 wrote to memory of 4420	3652	RdrCEF.exe	RdrCEF.exe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\visura BV.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3380

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
- Suspicious use of WriteProcessMemory
PID:3652

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B9CC2D8515B41D4896B7D20EE5DC60B5 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:2328

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=47A5DB70B118EA3CDAB1640DD89FA74E --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=47A5DB70B118EA3CDAB1640DD89FA74E --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:1
3⤵
PID:4420

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=101700279457CF59DD2A311C8995E37C --mojo-platform-channel-handle=2288 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:376

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=B5D92A5A7DBA0038EA13C71A199C8DFE --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=B5D92A5A7DBA0038EA13C71A199C8DFE --renderer-client-id=5 --mojo-platform-channel-handle=2416 --allow-no-sandbox-job /prefetch:1
3⤵
PID:1116

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=2AD4A6DD6B07B92832BD3825AD1860EB --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=2AD4A6DD6B07B92832BD3825AD1860EB --renderer-client-id=6 --mojo-platform-channel-handle=1920 --allow-no-sandbox-job /prefetch:1
3⤵
PID:3416

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=9F3919AA2334D53487AA49257A515555 --mojo-platform-channel-handle=2784 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:2892

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=049320DF493FFB25A6B16C297C7E168A --mojo-platform-channel-handle=2360 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:712

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe" 624b8968-f867-4b34-9be5-1d4b8e8a4576
2⤵
PID:640

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
ce4047fa166adeea607eb73c1dd65a0a

SHA1
7e3828319db8a40903761c71435ff90240bab2f5

SHA256
faa63311ee26ec181bbe427504578f5c94ce5b4f08d27f00dd3e1c2b3416ba2c

SHA512
78294772fe1a57c542136556b8dce1a6b8a962ceffad87fe9471e09f9db2c3cef25ef71c13ed138445806f8a971de4ee92d51d00715645378590f1e93f200bf6

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
4c1cad4421593d48634064b1eca4e9de

SHA1
eb07153860d464cee581e77d16ee14e6218f9d64

SHA256
4e3221d1bc40b437679502b34d692a3021cb4e2e40e3d897eeb216145c711d91

SHA512
3254145f5e5f9c32c5a3d57b398b5030e94ee2ff210fda889065b07f50fe38f897979693bce4d75a0bae0939b65306ff7272b071f53ef4a4d7775ff1a55f397b

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\LogTransport2\LogTransport2.cfg

Filesize
2KB

MD5
3156ef80b2479ecc65a4ae60b6d5e19f

SHA1
4981a0c3261ce827c88c67656654072ead8e6007

SHA256
e46317d8bde53c33a3b1e40f50c1f7fb4b270c615b305a5920f6e89cb2e9691a

SHA512
9ff6e1ad9262347f9ce6f9d7bfb6e0c4632b9ee5c0b984fe48ea5b1d369f1bfb7d128d2814e1e76431a5d4b140adee3b4bdd981b071847c91230abf0a210bdd2

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\LogTransport2\LogTransport2.cfg

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\LogTransport2\Logs\ulog_HeadlightsOptinProductFamily_HeadlightsOptinProduct_00000000-0000-0000-0000-000000000000_b1a83697-a0d9-4b61-9098-f12a79c1e861.rdy

Filesize
1KB

MD5
dee8dacea049ce460e36833b649283c3

SHA1
e8d5e99c49e44078e9e5193f543e73794889c6e2

SHA256
36bbf5d9cac9ab75ee7593dea3d2ce896caa86cfa434de59abb01cb3f0a4ae68

SHA512
4abe6c411b00006a4b81c961a5d60967f8c3df68d55fb46a060038adcd9e257d528c0dd9fb8a996beea97cc39f148f4a6b43fb7b69b34738c25082e63bca9168

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads