Overview
overview
7Static
static
7Buff Achie...er.exe
windows10-2004-x64
5$PLUGINSDI...p.html
windows10-2004-x64
1$PLUGINSDI...x.html
windows10-2004-x64
1$PLUGINSDI...app.js
windows10-2004-x64
3$PLUGINSDI...uts.js
windows10-2004-x64
3$PLUGINSDI...dle.js
windows10-2004-x64
3$PLUGINSDI...min.js
windows10-2004-x64
3$PLUGINSDI...ons.js
windows10-2004-x64
3$PLUGINSDI...ics.js
windows10-2004-x64
3$PLUGINSDI...nds.js
windows10-2004-x64
3$PLUGINSDI...ies.js
windows10-2004-x64
3$PLUGINSDI...ate.js
windows10-2004-x64
3$PLUGINSDI...der.js
windows10-2004-x64
3$PLUGINSDI...ils.js
windows10-2004-x64
3$PLUGINSDI...ler.js
windows10-2004-x64
3$PLUGINSDI...ate.js
windows10-2004-x64
3$PLUGINSDI...ler.js
windows10-2004-x64
3$PLUGINSDI...ate.js
windows10-2004-x64
3$PLUGINSDI...ler.js
windows10-2004-x64
3$PLUGINSDI...ate.js
windows10-2004-x64
3$PLUGINSDI...ler.js
windows10-2004-x64
3$PLUGINSDI...ate.js
windows10-2004-x64
3$PLUGINSDI...ler.js
windows10-2004-x64
3$PLUGINSDI...ler.js
windows10-2004-x64
3$PLUGINSDI...ate.js
windows10-2004-x64
3$PLUGINSDI...ler.js
windows10-2004-x64
3$PLUGINSDI...ate.js
windows10-2004-x64
3$PLUGINSDI...ler.js
windows10-2004-x64
3$PLUGINSDI...ate.js
windows10-2004-x64
3$PLUGINSDI...ate.js
windows10-2004-x64
3$PLUGINSDI...ler.js
windows10-2004-x64
3$PLUGINSDI...t.json
windows10-2004-x64
3Analysis
-
max time kernel
108s -
max time network
169s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
07/06/2024, 16:59
Behavioral task
behavioral1
Sample
Buff Achievement Tracker - Installer.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
$PLUGINSDIR/app/cmp.html
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/app/index.html
Resource
win10v2004-20240508-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/app/js/app.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/app/js/block_inputs.js
Resource
win10v2004-20240426-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/app/js/libs/cmp.bundle.js
Resource
win10v2004-20240426-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/app/js/libs/jquery-1.10.2.min.js
Resource
win10v2004-20240426-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/app/js/models/notifications.js
Resource
win10v2004-20240426-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/app/js/utils/analytics.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/app/js/utils/commands.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/app/js/utils/cookies.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/app/js/utils/modal-events-delegate.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/app/js/utils/strings-loader.js
Resource
win10v2004-20240426-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/app/js/utils/utils.js
Resource
win10v2004-20240426-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/app/js/windows/cri/cri-controller.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/app/js/windows/cri/template.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
$PLUGINSDIR/app/js/windows/finish-with-recommended-app/finish-with-recommended-app-controller.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral18
Sample
$PLUGINSDIR/app/js/windows/finish-with-recommended-app/template.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral19
Sample
$PLUGINSDIR/app/js/windows/finish/finish-controller.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral20
Sample
$PLUGINSDIR/app/js/windows/finish/template.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral21
Sample
$PLUGINSDIR/app/js/windows/main/main-controller.js
Resource
win10v2004-20240426-en
Behavioral task
behavioral22
Sample
$PLUGINSDIR/app/js/windows/main/template.js
Resource
win10v2004-20240426-en
Behavioral task
behavioral23
Sample
$PLUGINSDIR/app/js/windows/modal/modal-controller.js
Resource
win10v2004-20240426-en
Behavioral task
behavioral24
Sample
$PLUGINSDIR/app/js/windows/privacy/privacy-controller.js
Resource
win10v2004-20240426-en
Behavioral task
behavioral25
Sample
$PLUGINSDIR/app/js/windows/privacy/template.js
Resource
win10v2004-20240426-en
Behavioral task
behavioral26
Sample
$PLUGINSDIR/app/js/windows/progress/progress-1-controller.js
Resource
win10v2004-20240426-en
Behavioral task
behavioral27
Sample
$PLUGINSDIR/app/js/windows/progress/template.js
Resource
win10v2004-20240226-en
Behavioral task
behavioral28
Sample
$PLUGINSDIR/app/js/windows/settings/settings-controller.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral29
Sample
$PLUGINSDIR/app/js/windows/settings/template.js
Resource
win10v2004-20240426-en
Behavioral task
behavioral30
Sample
$PLUGINSDIR/app/js/windows/welcome/template.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral31
Sample
$PLUGINSDIR/app/js/windows/welcome/welcome-controller.js
Resource
win10v2004-20240508-en
Behavioral task
behavioral32
Sample
$PLUGINSDIR/app/manifest.json
Resource
win10v2004-20240426-en
General
-
Target
$PLUGINSDIR/app/manifest.json
-
Size
691B
-
MD5
b8e8d71fa7a9474c7875284925aaed4e
-
SHA1
0622eaee0daa6f3e36beb71e7a5c8f622ce2870e
-
SHA256
949d178dd878e2e5b5fc71a457503f139f052c54947f233a124ce1a0a6e7fb22
-
SHA512
4ab844d7e120b12600e0600c6b7b948a27e02cec4171ec757da0f2e526318cc627c0d2be1ddf375b2cf3483addb2348305ae0fc8bceb6a527ba92beee20a5d50
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Modifies registry class 11 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\.json\ = "json_auto_file" OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\鰀䆟縀䆁 OpenWith.exe Set value (str) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\鰀䆟縀䆁\ = "json_auto_file" OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\json_auto_file\shell\Read OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\json_auto_file OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\.json OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\json_auto_file\shell\Read\command OpenWith.exe Set value (str) \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\json_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\AcroRd32.exe\" \"%1\"" OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\json_auto_file\shell OpenWith.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 4792 OpenWith.exe -
Suspicious use of SetWindowsHookEx 64 IoCs
pid Process 4792 OpenWith.exe 4792 OpenWith.exe 4792 OpenWith.exe 4792 OpenWith.exe 4792 OpenWith.exe 4792 OpenWith.exe 4792 OpenWith.exe 4792 OpenWith.exe 4792 OpenWith.exe 4792 OpenWith.exe 4792 OpenWith.exe 4792 OpenWith.exe 4792 OpenWith.exe 4792 OpenWith.exe 4792 OpenWith.exe 4792 OpenWith.exe 4792 OpenWith.exe 4792 OpenWith.exe 4792 OpenWith.exe 4792 OpenWith.exe 4792 OpenWith.exe 4792 OpenWith.exe 4792 OpenWith.exe 4792 OpenWith.exe 4792 OpenWith.exe 4792 OpenWith.exe 4792 OpenWith.exe 4792 OpenWith.exe 4792 OpenWith.exe 4792 OpenWith.exe 4792 OpenWith.exe 4792 OpenWith.exe 4792 OpenWith.exe 4792 OpenWith.exe 4792 OpenWith.exe 4792 OpenWith.exe 4792 OpenWith.exe 4792 OpenWith.exe 4792 OpenWith.exe 4792 OpenWith.exe 4792 OpenWith.exe 4792 OpenWith.exe 4792 OpenWith.exe 4792 OpenWith.exe 4792 OpenWith.exe 4792 OpenWith.exe 4792 OpenWith.exe 4792 OpenWith.exe 4792 OpenWith.exe 4792 OpenWith.exe 4792 OpenWith.exe 4792 OpenWith.exe 4792 OpenWith.exe 4792 OpenWith.exe 4792 OpenWith.exe 4792 OpenWith.exe 4792 OpenWith.exe 4792 OpenWith.exe 4792 OpenWith.exe 4792 OpenWith.exe 4792 OpenWith.exe 4792 OpenWith.exe 4792 OpenWith.exe 4792 OpenWith.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4792 wrote to memory of 5108 4792 OpenWith.exe 97 PID 4792 wrote to memory of 5108 4792 OpenWith.exe 97 PID 4792 wrote to memory of 5108 4792 OpenWith.exe 97 PID 5108 wrote to memory of 1732 5108 AcroRd32.exe 100 PID 5108 wrote to memory of 1732 5108 AcroRd32.exe 100 PID 5108 wrote to memory of 1732 5108 AcroRd32.exe 100 PID 1732 wrote to memory of 448 1732 RdrCEF.exe 101 PID 1732 wrote to memory of 448 1732 RdrCEF.exe 101 PID 1732 wrote to memory of 448 1732 RdrCEF.exe 101 PID 1732 wrote to memory of 448 1732 RdrCEF.exe 101 PID 1732 wrote to memory of 448 1732 RdrCEF.exe 101 PID 1732 wrote to memory of 448 1732 RdrCEF.exe 101 PID 1732 wrote to memory of 448 1732 RdrCEF.exe 101 PID 1732 wrote to memory of 448 1732 RdrCEF.exe 101 PID 1732 wrote to memory of 448 1732 RdrCEF.exe 101 PID 1732 wrote to memory of 448 1732 RdrCEF.exe 101 PID 1732 wrote to memory of 448 1732 RdrCEF.exe 101 PID 1732 wrote to memory of 448 1732 RdrCEF.exe 101 PID 1732 wrote to memory of 448 1732 RdrCEF.exe 101 PID 1732 wrote to memory of 448 1732 RdrCEF.exe 101 PID 1732 wrote to memory of 448 1732 RdrCEF.exe 101 PID 1732 wrote to memory of 448 1732 RdrCEF.exe 101 PID 1732 wrote to memory of 448 1732 RdrCEF.exe 101 PID 1732 wrote to memory of 448 1732 RdrCEF.exe 101 PID 1732 wrote to memory of 448 1732 RdrCEF.exe 101 PID 1732 wrote to memory of 448 1732 RdrCEF.exe 101 PID 1732 wrote to memory of 448 1732 RdrCEF.exe 101 PID 1732 wrote to memory of 448 1732 RdrCEF.exe 101 PID 1732 wrote to memory of 448 1732 RdrCEF.exe 101 PID 1732 wrote to memory of 448 1732 RdrCEF.exe 101 PID 1732 wrote to memory of 448 1732 RdrCEF.exe 101 PID 1732 wrote to memory of 448 1732 RdrCEF.exe 101 PID 1732 wrote to memory of 448 1732 RdrCEF.exe 101 PID 1732 wrote to memory of 448 1732 RdrCEF.exe 101 PID 1732 wrote to memory of 448 1732 RdrCEF.exe 101 PID 1732 wrote to memory of 448 1732 RdrCEF.exe 101 PID 1732 wrote to memory of 448 1732 RdrCEF.exe 101 PID 1732 wrote to memory of 448 1732 RdrCEF.exe 101 PID 1732 wrote to memory of 448 1732 RdrCEF.exe 101 PID 1732 wrote to memory of 448 1732 RdrCEF.exe 101 PID 1732 wrote to memory of 448 1732 RdrCEF.exe 101 PID 1732 wrote to memory of 448 1732 RdrCEF.exe 101 PID 1732 wrote to memory of 448 1732 RdrCEF.exe 101 PID 1732 wrote to memory of 448 1732 RdrCEF.exe 101 PID 1732 wrote to memory of 448 1732 RdrCEF.exe 101 PID 1732 wrote to memory of 448 1732 RdrCEF.exe 101 PID 1732 wrote to memory of 448 1732 RdrCEF.exe 101 PID 1732 wrote to memory of 4336 1732 RdrCEF.exe 102 PID 1732 wrote to memory of 4336 1732 RdrCEF.exe 102 PID 1732 wrote to memory of 4336 1732 RdrCEF.exe 102 PID 1732 wrote to memory of 4336 1732 RdrCEF.exe 102 PID 1732 wrote to memory of 4336 1732 RdrCEF.exe 102 PID 1732 wrote to memory of 4336 1732 RdrCEF.exe 102 PID 1732 wrote to memory of 4336 1732 RdrCEF.exe 102 PID 1732 wrote to memory of 4336 1732 RdrCEF.exe 102 PID 1732 wrote to memory of 4336 1732 RdrCEF.exe 102 PID 1732 wrote to memory of 4336 1732 RdrCEF.exe 102 PID 1732 wrote to memory of 4336 1732 RdrCEF.exe 102 PID 1732 wrote to memory of 4336 1732 RdrCEF.exe 102 PID 1732 wrote to memory of 4336 1732 RdrCEF.exe 102 PID 1732 wrote to memory of 4336 1732 RdrCEF.exe 102 PID 1732 wrote to memory of 4336 1732 RdrCEF.exe 102 PID 1732 wrote to memory of 4336 1732 RdrCEF.exe 102 PID 1732 wrote to memory of 4336 1732 RdrCEF.exe 102
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\manifest.json1⤵
- Modifies registry class
PID:3428
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4792 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\app\manifest.json"2⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of WriteProcessMemory
PID:5108 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140433⤵
- Suspicious use of WriteProcessMemory
PID:1732 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=09027FBA38AF410A96385F1293638C9E --mojo-platform-channel-handle=1760 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵PID:448
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=14A4E755A02D602A0E3684C9F3DEDCDB --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=14A4E755A02D602A0E3684C9F3DEDCDB --renderer-client-id=2 --mojo-platform-channel-handle=1768 --allow-no-sandbox-job /prefetch:14⤵PID:4336
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=9460CDEF8AE79688EDFE87A83EC13C38 --mojo-platform-channel-handle=2172 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵PID:4488
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=850800D3BFF38A3574395D1BF45846A8 --mojo-platform-channel-handle=1944 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵PID:4812
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A664A58F7EF8494A329BAE31EF240795 --mojo-platform-channel-handle=2368 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵PID:3936
-
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3428