6e4228951dad4bfb026ab7cf36ffdcb7169c98b074c281609960de2c3ff661f2

General

Target

68a220754313027bc5aef1cc421d3752_JaffaCakes118.pdf
Size

42KB
MD5

68a220754313027bc5aef1cc421d3752
SHA1

c9388dfb40625c41d58c55cd2aa52b448ab4b8e8
SHA256

6e4228951dad4bfb026ab7cf36ffdcb7169c98b074c281609960de2c3ff661f2
SHA512

3fe43b5c995c0701783f44ef0362a3b04cb13c53999f35cf64555a910e7f442ee8bfe0c6121261e9ae3c8a0cc0bb29a04b970f863e4fec0a324a8709d6f6464b
SSDEEP

768:B8gGzpDsMv9wYqTOicuqVoF7pDHaLbhq5vsfBGzou10qEXl:TGFAUJixLvsfocTqEXl

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

AcroRd32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

AcroRd32.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

AcroRd32.exe

pid process

4668 AcroRd32.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

AcroRd32.exe

pid process

4668 AcroRd32.exe
4668 AcroRd32.exe
4668 AcroRd32.exe
4668 AcroRd32.exe
4668 AcroRd32.exe
4668 AcroRd32.exe

pid	process
4668	AcroRd32.exe

pid	process
4668	AcroRd32.exe
4668	AcroRd32.exe
4668	AcroRd32.exe
4668	AcroRd32.exe
4668	AcroRd32.exe
4668	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

AcroRd32.exeRdrCEF.exe

description	pid	process	target process
PID 4668 wrote to memory of 4952	4668	AcroRd32.exe	RdrCEF.exe
PID 4668 wrote to memory of 4952	4668	AcroRd32.exe	RdrCEF.exe
PID 4668 wrote to memory of 4952	4668	AcroRd32.exe	RdrCEF.exe
PID 4952 wrote to memory of 1616	4952	RdrCEF.exe	RdrCEF.exe
PID 4952 wrote to memory of 1616	4952	RdrCEF.exe	RdrCEF.exe
PID 4952 wrote to memory of 1616	4952	RdrCEF.exe	RdrCEF.exe
PID 4952 wrote to memory of 1616	4952	RdrCEF.exe	RdrCEF.exe
PID 4952 wrote to memory of 1616	4952	RdrCEF.exe	RdrCEF.exe
PID 4952 wrote to memory of 1616	4952	RdrCEF.exe	RdrCEF.exe
PID 4952 wrote to memory of 1616	4952	RdrCEF.exe	RdrCEF.exe
PID 4952 wrote to memory of 1616	4952	RdrCEF.exe	RdrCEF.exe
PID 4952 wrote to memory of 1616	4952	RdrCEF.exe	RdrCEF.exe
PID 4952 wrote to memory of 1616	4952	RdrCEF.exe	RdrCEF.exe
PID 4952 wrote to memory of 1616	4952	RdrCEF.exe	RdrCEF.exe
PID 4952 wrote to memory of 1616	4952	RdrCEF.exe	RdrCEF.exe
PID 4952 wrote to memory of 1616	4952	RdrCEF.exe	RdrCEF.exe
PID 4952 wrote to memory of 1616	4952	RdrCEF.exe	RdrCEF.exe
PID 4952 wrote to memory of 1616	4952	RdrCEF.exe	RdrCEF.exe
PID 4952 wrote to memory of 1616	4952	RdrCEF.exe	RdrCEF.exe
PID 4952 wrote to memory of 1616	4952	RdrCEF.exe	RdrCEF.exe
PID 4952 wrote to memory of 1616	4952	RdrCEF.exe	RdrCEF.exe
PID 4952 wrote to memory of 1616	4952	RdrCEF.exe	RdrCEF.exe
PID 4952 wrote to memory of 1616	4952	RdrCEF.exe	RdrCEF.exe
PID 4952 wrote to memory of 1616	4952	RdrCEF.exe	RdrCEF.exe
PID 4952 wrote to memory of 1616	4952	RdrCEF.exe	RdrCEF.exe
PID 4952 wrote to memory of 1616	4952	RdrCEF.exe	RdrCEF.exe
PID 4952 wrote to memory of 1616	4952	RdrCEF.exe	RdrCEF.exe
PID 4952 wrote to memory of 1616	4952	RdrCEF.exe	RdrCEF.exe
PID 4952 wrote to memory of 1616	4952	RdrCEF.exe	RdrCEF.exe
PID 4952 wrote to memory of 1616	4952	RdrCEF.exe	RdrCEF.exe
PID 4952 wrote to memory of 1616	4952	RdrCEF.exe	RdrCEF.exe
PID 4952 wrote to memory of 1616	4952	RdrCEF.exe	RdrCEF.exe
PID 4952 wrote to memory of 1616	4952	RdrCEF.exe	RdrCEF.exe
PID 4952 wrote to memory of 1616	4952	RdrCEF.exe	RdrCEF.exe
PID 4952 wrote to memory of 1616	4952	RdrCEF.exe	RdrCEF.exe
PID 4952 wrote to memory of 1616	4952	RdrCEF.exe	RdrCEF.exe
PID 4952 wrote to memory of 1616	4952	RdrCEF.exe	RdrCEF.exe
PID 4952 wrote to memory of 1616	4952	RdrCEF.exe	RdrCEF.exe
PID 4952 wrote to memory of 1616	4952	RdrCEF.exe	RdrCEF.exe
PID 4952 wrote to memory of 1616	4952	RdrCEF.exe	RdrCEF.exe
PID 4952 wrote to memory of 1616	4952	RdrCEF.exe	RdrCEF.exe
PID 4952 wrote to memory of 1616	4952	RdrCEF.exe	RdrCEF.exe
PID 4952 wrote to memory of 1616	4952	RdrCEF.exe	RdrCEF.exe
PID 4952 wrote to memory of 1616	4952	RdrCEF.exe	RdrCEF.exe
PID 4952 wrote to memory of 1960	4952	RdrCEF.exe	RdrCEF.exe
PID 4952 wrote to memory of 1960	4952	RdrCEF.exe	RdrCEF.exe
PID 4952 wrote to memory of 1960	4952	RdrCEF.exe	RdrCEF.exe
PID 4952 wrote to memory of 1960	4952	RdrCEF.exe	RdrCEF.exe
PID 4952 wrote to memory of 1960	4952	RdrCEF.exe	RdrCEF.exe
PID 4952 wrote to memory of 1960	4952	RdrCEF.exe	RdrCEF.exe
PID 4952 wrote to memory of 1960	4952	RdrCEF.exe	RdrCEF.exe
PID 4952 wrote to memory of 1960	4952	RdrCEF.exe	RdrCEF.exe
PID 4952 wrote to memory of 1960	4952	RdrCEF.exe	RdrCEF.exe
PID 4952 wrote to memory of 1960	4952	RdrCEF.exe	RdrCEF.exe
PID 4952 wrote to memory of 1960	4952	RdrCEF.exe	RdrCEF.exe
PID 4952 wrote to memory of 1960	4952	RdrCEF.exe	RdrCEF.exe
PID 4952 wrote to memory of 1960	4952	RdrCEF.exe	RdrCEF.exe
PID 4952 wrote to memory of 1960	4952	RdrCEF.exe	RdrCEF.exe
PID 4952 wrote to memory of 1960	4952	RdrCEF.exe	RdrCEF.exe
PID 4952 wrote to memory of 1960	4952	RdrCEF.exe	RdrCEF.exe
PID 4952 wrote to memory of 1960	4952	RdrCEF.exe	RdrCEF.exe
PID 4952 wrote to memory of 1960	4952	RdrCEF.exe	RdrCEF.exe
PID 4952 wrote to memory of 1960	4952	RdrCEF.exe	RdrCEF.exe
PID 4952 wrote to memory of 1960	4952	RdrCEF.exe	RdrCEF.exe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\68a220754313027bc5aef1cc421d3752_JaffaCakes118.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4668
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4952
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=7A574D0A8A35C04733A8AB9B673DEF59 --mojo-platform-channel-handle=1740 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1616
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=BDE3FEBB9581CA440DF7964081ED4C14 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=BDE3FEBB9581CA440DF7964081ED4C14 --renderer-client-id=2 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1960
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=9486D6D9B45238766B3F18F9409260B0 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=9486D6D9B45238766B3F18F9409260B0 --renderer-client-id=4 --mojo-platform-channel-handle=2184 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:1424
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=3CAE03D5CF985CA6CA052F88BB40281A --mojo-platform-channel-handle=2564 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2128
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=CE7B59E7055C17FFE80F1FF71E53E193 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=CE7B59E7055C17FFE80F1FF71E53E193 --renderer-client-id=6 --mojo-platform-channel-handle=1768 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:3360
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=7CADDBB988507C6EE60188F975D73763 --mojo-platform-channel-handle=3012 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3652
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=92503ECAE8DAB561042713A657E84A4A --mojo-platform-channel-handle=1808 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
70979c85b23eafe9309171d7cdbbefb0

SHA1
d5ad75ee292df918a7aeddf4700236d376f1d628

SHA256
bcd9fe6b0fd6e172589fdc17fadcedfdf378742617d02c3a040ffd2e3f8381c5

SHA512
6a260314053791056078684936b0d61d5dd87ea29acf69a5642e46c567ed3ffd0b12dd453d7c351c5b90a31d313a4ddbf13798fabeba1cff4b6c3aaffc879d9b

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

Filesize
64KB

MD5
4627ed52f6bd876d4a7b7982202c7602

SHA1
405ccea33d17ed5bef810c759329023a9b0d5265

SHA256
210df421cfa699b7479835b6ca245024c4ad59244b7bdfdec5521058efdb6f77

SHA512
b3a7ec237a4ec775a7b12e965b16a526727758306877f4f86c9f3129089e2d6844cfbf4a56f2c84f02bb40fe3198ceb3b9952f90127e87ca1d23f95e24ff1d9c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads